3 Owasp Security Jobs

Role: * Design and implement security solutions using OWASP principles. Expertise in OWASP, SAST/DAST, OAuth2, SAML, and GDPR compliance is essential. Prior experience in banking or fintech domains preferred. cc: recruitment@fortitudecareer.com Flexi working Work from home

Job Summary : The Cloud Network Security Administrator shall have strong technical knowledge of perimeter, networking and security practices of key public cloud offerings such as Microsoft Azure and Amazon Web Services to build and administer cloud infrastructure platform. The Cloud Network Security Admin is expected to individually solve problems of higher complexity. The Cloud Network Security Admin shall also participate in the development and enhancement of the information security solutions and to ensure it maintains relevancy with prevalent threats and industry changes. Work Location: Mumbai. Roles and Responsibilities : Must understand various types of attacks like Cross site scripting, SQL Injection, Cookie Poisoning, DDoS attacks, Web scraping, brute force, etc. Must define, administer and manage policies accordingly. Creates WAF rules/signatures to mitigate threats and implements best practices Creation and implementation of custom alerting dashboards in SIEM for investigations Works extensively with different stakeholders for tuning WAF policies or creating custom signatures Design and Develop Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Access Management (PAM), Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development. Orchestrate & Automate security control (guardrails) in Azure and AWS compute &/or Container services. Follows automate-first automate-everything philosophy with use of technologies like Terraform. Focus on Platform Governance & Security and automating operational tasks wherever possible. Requirements : Bachelor's Degree in Computer Science, Software Development or related field. Working knowledge of AWS WAF administration and management, associated policy management, Ingress Egress rules, VPC setup and administration. Must understand and have working knowledge of AWS Landing Zone and Control Tower. Experience with Container technologies (Docker, Kubernetes) Experience with Vulnerability Management and Privilege Account management Strong understanding of TCP/IP, web protocols and networking concepts Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms Experience with Web Application Firewall management and rules Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.) Excellent understanding of DDoS techniques and mitigation mechanisms Ability to manage and prioritize tasks efficiently Solid resource planning and problem-solving skills Readiness to demonstrate a proactive attitude Excellent verbal and written communication skills Technologies : AWS WAF, VPC, related.

We are seeking a skilled and passionate Security Professional to join our team. The ideal candidate will be responsible for conducting vulnerability assessments, performing penetration testing, and driving the implementation of secure development practices and management of Web Application Firewalls to protect web applications from cyber threats. This role requires a strong understanding of security frameworks, emerging threats, and the ability to collaborate with cross-functional teams to ensure a robust security posture. About you Experience & Qualification Strong expertise in vulnerability assessment, penetration testing, and security tools. Proficiency with WAF solutions such as AWS WAF, Cloudflare, F5, Imperva, etc. Ability to configure and customize WAF rulesets. Strong understanding of HTTP/HTTPS protocols. Proficiency in frameworks like MITRE ATT&CK, OWASP Top 10, and secure SDLC principles. Knowledge of automation tools for static and dynamic code analysis. Excellent threat modeling and risk assessment capabilities. Familiarity with SCA and SBOM controls. Strong documentation and reporting skills for both technical and non-technical audiences. Up-to-date knowledge of emerging threats, vulnerabilities, and security technologies. Bachelors degree in computer science, Information Security, or a related field (or equivalent experience). 4-5 + years of experience in cybersecurity, vulnerability management, penetration testing and WAF security. Hands-on experience with security standards such as OWASP, NIST, ISO 27001. It would be great if you also have Certifications like OSCP, CEH, or equivalent are highly desirable. Experience in incident response and post-breach analysis is a plus. What will you be doing in this role. Conduct comprehensive vulnerability assessments on infrastructure, applications, and networks. Perform manual and automated penetration tests on web applications, APIs, mobile apps, and networks. Integrate security controls into CI/CD pipelines to ensure secure software development practices. Conduct in-depth security reviews of applications, including source code reviews and architecture analysis. Engage in threat modelling and risk assessment for critical assets. Support the development and implementation of secure coding practices and frameworks. Review and implement controls such as SCA (Software Composition Analysis) and SBOM (Software Bill of Materials). Deploy and configure WAF solutions such as AWS WAF, Cloudflare, F5 and Imperva. Customize WAF rulesets to meet the specific security needs of web applications. Monitor WAF security logs and alerts to detect and respond to potential threats. Conduct forensic analysis and respond to security incidents involving WAF. Document findings, write detailed reports, and present results to technical and non-technical stakeholders. Ensure compliance with industry security standards (e.g., OWASP, NIST, ISO 27001). Collaborate with cross-functional teams, including IT, DevOps, and compliance.