79 Owasp Top Jobs

Key Responsibilities: Conduct comprehensive application security assessments, focusing on the OWASP Top 10 for web and mobile applications. Utilize vulnerability assessment tools to identify and analyze security risks within applications and systems. Collaborate with development teams to integrate security practices into the software development lifecycle (SDLC). Provide recommendations and guidance for remediating vulnerabilities and improving application security posture. Monitor security alerts and take appropriate action to mitigate potential threats. Assist in developing and implementing security policies, procedures, and best practices. Stay up-to-date with the latest security trends, tools, and technologies to ensure the organizations security measures remain adequate and relevant. Communicate technical security issues and solutions effectively to both technical and non-technical stakeholders. Qualifications: 2-5 years of experience in application security, focusing on identifying and mitigating security vulnerabilities. Strong knowledge of OWASP's Top 10 security risks for web and mobile applications. Familiarity with vulnerability assessment tools like Nessus, Burp Suite, Fortify, etc. Prior programming experience (e.g., Python, Java, JavaScript, etc.) is an added advantage and will be highly beneficial. Excellent problem-solving skills and attention to detail. Strong communication skills, with the ability to explain complex security issues clearly and concisely. Ability to work independently and as part of a team in a fast-paced environment. Relevant certifications (such as CEH, OSCP, CISSP) are a plus but not required. Knowledge of CSPM and DSPM Mandatory Key SkillsSecOps,Security Testing,OWASP,Java,JavaScript,CEH,OSCP,CISSP,Nessus*,Burp Suite*,Python*

4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications such as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: Bangalore or Chennai or Dubai

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Web Application Firewall (WAF) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled and detail-oriented Akamai WAF Engineer to manage and enhance our web application security posture. The ideal candidate will have hands-on experience with Akamai Kona Site Defender, web application firewall policies, bot management, and CDN performance optimization. Youll work closely with cross-functional teams to design, deploy, and monitor security controls to defend against evolving web threats.Roles & Responsibilities:-Design, configure, and maintain Akamai WAF policies and rulesets.- Monitor and analyze WAF logs and alerts to detect and respond to threats.-Tune and optimize WAF policies to reduce false positives and enhance performance.-Collaborate with DevOps, AppSec, and infrastructure teams to integrate security controls into CI/CD pipelines.-Implement bot management and API protection strategies using Akamai tools.-Conduct regular security assessments and assist in incident response and forensic analysis.-Stay current on emerging web threats and contribute to proactive defense strategies.-Provide guidance on Akamai platform best practices, including cache policies, rate limiting, and traffic routing. Professional & Technical Skills: -Experience in web application security, with a focus on WAF technologies.-In-depth knowledge of Akamai Kona Site Defender and Akamai Control Center.-Strong understanding of HTTP/S protocols, OWASP Top 10, and common web attacks.-Experience with log analysis tools such as Splunk, ELK, or Akamai SIEM integrations.-Familiarity with CDN concepts, caching strategies, and traffic routing.- Ability to troubleshoot complex application delivery and security issues.-Scripting skills (Python, Shell, or JavaScript) are a plus.-Strong communication and documentation Additional Information:- The candidate should have minimum 7.5 years of experience in Web application firewall- This position is based at our Delhi/NCR, Bengaluru, Hyderabad, Mumbai, Pune only No other location would be prefered- A 15 years full time education is required. Qualification 15 years full time education

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

4-9 years of experience in Application Security assessments Manual & Automated DAST for Web, API & Thick Clients (OWASP Top 10) Manual Code Review expertise Mobile VAPT (Static & Dynamic) Infra VAPT / VA / Configuration Review knowledge Bonus: Container/Docker Security & Cloud Audit experience Preferred Certifications: CEH, CRTP, OSCP Strong communication skills to explain vulnerabilities to business users Mandate Skills: Web App, Mobile App, API/Thick Clients, Source/Secure Code Review, Network/Infra PT.

Understand product vision and business needs to define product requirements and product architectural solutions. Use tools and methodologies to create representations for functions and user interface of desired product Develop high-level product specifications with attention to system integration and feasibility Define all aspects of development from appropriate technology and workflow to coding standards Communicate successfully all concepts and guidelines to development team Ensure software meets all requirements of quality, security, modifiability, extensibility etc. Collaborate with other professionals to determine functional and non-functional requirements for new software or applications Provide support for production escalations and problem resolution for customers. Analyse requirements, design develop & maintain software products in alignment with the technology strategy of the organization Participate in technical reviews of requirements, specifications, designs, code and other artifacts. Ensure commitments are agreed, reviewed and met. Learn new skills and adopt new practices readily in order to develop innovative and cutting-edge software products that maintain Company's technical leadership position. Plan, develop and manage the infrastructure to enable strategic and effective use of tools. Lead the evaluation/evolution of tools/technologies/programs with input from internal teams, external developers. Proactively identifying issues and improvement opportunities. Directing resources to diagnose and resolve complex system, application software, security and related problems that impact system and availability. Required education Bachelor's Degree Required technical and professional expertise 15+ years of experience in network protocol development, with a strong focus on security. Deep knowledge of networking layers (OSI model), TCP/IP stack, and common transport/application protocols. Proficiency in C/C++ or Go for low-level development. Hands-on experience with Web Application Firewall (WAF) , OWASP Strong experience managing WAF technologies (any ofAWS WAF, Cloudflare, Akamai). Solid understanding of HTTP/HTTPS, DNS, web servers, load balancers, and CDN integrations. In-depth knowledge of OWASP Top 10 vulnerabilities and mitigation techniques. DDoS mitigation, bot management, or CDN security features. Preferred technical and professional experience Strong problem-solving and debugging skills Excellent written and verbal communication and ability to work in cross-functional and global teams

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices Roles & Responsibilities:- Service Delivery & Technical Leadership Lead the delivery of application and infrastructure security services including:Dynamic Application Security Testing (DAST)Static Application Security Testing (SAST/SCA)Web & API Penetration TestingMobile Application Security TestingInfrastructure Vulnerability Management (IVM)Oversee scan scheduling, execution, validation, and reporting.Drive the reduction of false positives and enhance detection accuracy.Ensure timely delivery of security testing activities aligned with client SLAs.- Security Testing & AnalysisPerform automated and manual security scans for applications and infrastructure.Validate findings, analyze root causes, and prioritize remediation based on risk.Provide technical recommendations to development, DevOps, and infrastructure teams.Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).- Tool Ownership & OptimizationAdminister and optimize usage of security tools including but not limited to:WebInspect, Veracode, Burp Suite, Custom Scripting ToolsGitLab, ServiceNow Security ModulesDatadog Security Explorer, OpenShift ACSTune and maintain tool configurations, scan profiles, and dashboards.- Governance & ReportingTrack scan volumes, issue lifecycle, and performance KPIs.Deliver dashboards and executive-level reports on security posture.Support audit, compliance, and client reporting needs.- Team Collaboration & Stakeholder ManagementProvide technical direction and mentorship to the delivery team.Liaise with client teams, application owners, and platform SMEs.Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: - 8+ years of experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.- Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).- Hands-on experience in penetration testing of web, mobile, and API-based applications.- Familiarity with infrastructure scanning and vulnerability remediation practices.- Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).- Experience working in global delivery teams, preferably in a client-facing role- CEH / OSCP / GWAPT / CISSP / CSSLP- Veracode Certified Specialist or equivalent- Vendor certifications on WebInspect, Burp Suite, GitLab Security Additional Information:- The candidate should have minimum 7.5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required.- Knowledge of cloud security principles (Azure/AWS/GCP)- Familiarity with container security and DevSecOps tooling- Exposure to automated CI/CD security integrations- Strong communication and documentation skills- Proactive problem-solving and analytical thinking- Ability to balance security risk with operational practicality Qualification 15 years full time education

About The Role Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Performed Application Security Testing, Cloud Security Testing. Review Reports. Stakeholder management.

Perform Web Penetration Testing, Secure Code Review, API Security Assessment, Mobile Application Security Assessment etc. Report preparation.

Breach & Attack Simulation, Cloud Security Assessment & Red Teaming

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or you can apply in below post Mandatory roles: Perform Internal and External Red Teaming. Report Preparation with proof of concepts. Provide recommendations to remediate the findings. Excellent communication skill is important. Additional skills: Cyber Security Assessment & Consulting,Cyber Threat Hunting,Manual Penetration Testing using OWASP checklists,OWASP Top 10,OWASP ZAP,Penetration Testing,Static Code analysis,Static/dynamic testing of mobile applications Exp range:7 + years Who can by Immediate or 15 days max Thanks and Regards, Ankita Ghosh

Job Title: Senior Security Engineer Role Overview: The Senior Security Engineer is responsible for the secure design, development, and operation of Skyhigh products and services. This role involves a mix of proactive security design, vulnerability management, and incident response, with a strong focus on maintaining and enforcing compliance standards. You will be a key contributor to our security posture, working closely with cross-functional teams to embed security best practices throughout the entire development lifecycle. Responsibilities: As our Senior Security Engineer you'll play a pivotal role in architecting and securing our entire software ecosystem. You'll partner with engineering teams across the organization, influencing the design and development of our products to ensure they are secure by default. You'll be a key driver in maintaining our coveted security certifications, ensuring our platform adheres to stringent standards like FedRAMP and SOC 2. This is a high-impact, proactive role that goes beyond just finding flaws. You'll be instrumental in building security into our development process, from threat modeling and secure design to managing our vulnerability remediation lifecycle. You'll serve as a trusted advisor and subject matter expert, working collaboratively with all engineering teams to cultivate a robust security culture and empower them with the knowledge and tools to write secure code. Qualifications: 5 to 8 years of expertise in application security principles, methodologies, and common attack vectors (e.g., OWASP Top 10). You have hands-on experience with a variety of security tools for static and dynamic analysis (SAST/DAST) and vulnerability management. Passionate about DevSecOps and skilled in automating security tasks, integrating tools into CI/CD pipelines, and developing security policies for Infrastructure as Code (IaC). Natural problem-solver with a knack for incident detection, triage, and root cause analysis. You can provide practical, effective remediation plans for security issues across the stack. Excellent communicator who can influence and guide engineers and leadership without direct authority. You enjoy educating others and serving as a subject matter expert to build a strong security culture.

Skills: Web, Mobile, Network & Cloud Security Assessments, Vulnerability Assessment, Pen Testing, Threat Modelling, OWASP Top 10, ASVS, Source Code Reviews. Tools: Burp Suite, Kali Linux, Metasploit, NMAP, Nessus, Nexpose, Wireshark, sqlmap. Languages: Java, Python, Golang. Threat Detection and Analysis: Monitor network traffic, system logs, and security alerts to detect and analyze potential security threats, such as malware, intrusions, and unauthorized access.Incident Response: Develop and execute incident response plans to address and mitigate security incidents and breaches.Vulnerability Assessment: Identify vulnerabilities in software, hardware, and network configurations, and recommend patches and security updates.Security Monitoring: Continuously monitor and analyze security events, assess system vulnerabilities, and recommend security enhancements.Security Policies and Procedures: Develop and enforce security policies, standards, and procedures to ensure a consistent and secure computing environment.Access Control: Implement and manage access control systems, including user authentication, authorization, and password policies.Security Tools: Utilize a range of security tools, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, and data encryption.

Job Summary: We are seeking a skilled and motivated Assistant Manager – VAPT with expertise in Cloud Security to support the organization’s cybersecurity initiatives through comprehensive vulnerability assessments and penetration testing. The ideal candidate will have hands-on experience in identifying security weaknesses in systems, applications, networks, and cloud environments, and provide actionable recommendations to mitigate risks. Key Responsibilities: Conduct regular Vulnerability Assessments and Penetration Tests on web applications, mobile applications, networks, cloud infrastructure (AWS, Azure, GCP), and APIs. Identify, analyze, and document security flaws and vulnerabilities using manual techniques, custom scripts, and automated tools. Perform cloud security assessments to identify misconfigurations, vulnerabilities, and risks associated with cloud services (AWS, Azure, GCP). Work closely with IT, cloud infrastructure, and development teams to validate findings, suggest remediation steps, and verify the implementation of fixes. Collaborate with third-party vendors for external testing and audits. Prepare detailed technical reports and executive summaries of findings and recommendations. Ensure compliance with internal policies and external regulatory requirements (e.g., ISO 27001, PCI-DSS, GDPR, SOC2). Stay updated with the latest vulnerabilities, exploits, and security news, particularly in the cloud security domain, through continuous learning and threat intelligence feeds. Assist in security incident response efforts related to vulnerabilities discovered in cloud environments and on-prem systems. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or a related field. 4+ years of experience in VAPT or a similar cybersecurity role, with hands-on experience in cloud security . Proficiency in tools such as Nessus, Burp Suite, Nmap, Metasploit, Wireshark, Kali Linux , and cloud security tools (e.g., AWS Inspector, Azure Security Center, GCP Security Command Center ). Strong knowledge of OWASP Top 10 , SANS 25 , and secure coding practices. Hands-on experience in securing cloud environments (AWS, Azure, GCP), including network security, identity and access management (IAM), and infrastructure-as-code (IaC) security. Familiarity with scripting languages (Python, Bash, PowerShell) for automation and custom testing is a plus. Industry certifications such as OSCP, CEH, GPEN, or eJPT and cloud security certifications like AWS Certified Security Specialty , Azure Security Engineer are highly desirable. Strong analytical, problem-solving, and communication skills.

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology->Security Testing->Security Testing - ALL

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

We are not looking for someone who checks every single box - were looking for lifelong learners and people who can make us better with their unique experiences. Join our team! Were building a world where Identity belongs to you. Oktas Workforce Identity Cloud Security Engineering group is looking for an experienced and passionate software security engineer to join a team focused on designing and developing Security solutions to harden our frameworks & infrastructure. We embrace innovation and pave the way to transform bright ideas into excellent security software solutions that help run large-scale, mission-critical software. We encourage you to prescribe defense-in-depth measures, industry security standards, enforce the principle of least privilege to help take our Security posture to the next level. Our Security engineering team has a niche skill-set that combines Security domain expertise with the ability to design, implement and rollout security features and functionalities without adding friction to product functionality or performance. We are responsible for the ever-growing need to improve our customer safety and privacy by providing security services that are coupled with the core Okta product. This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success. You will act as a liaison between the Security org and the engineering org to build technical leverage and influence the security roadmap and direction. You will focus on engineering security and privacy aspects of the systems used across our services while working on a weekly release cadence. You will be empowered to propose stimulating new projects for our roadmap and rewarded with projects using emerging technologies. Join us and be part of a company that is about to change the cloud computing landscape forever. Bring all the passion and dedication along and theres no telling what you could accomplish! Preferred qualification and abilities: 7+ years of development experience in designing and implementing software systems in Java, building highly reliable and mission-critical software. 3+ years of work experience in designing and implementing security solutions for applications and distributed systems. Work experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, Application Security, Cryptography, Authentication, Authorization using Role-Based and Attribute-Based access controls. Strong understanding of concepts such as Test-Driven development, Secure SDLC, Secure code reviews and the ability to identify and mitigate threat vectors and vulnerabilities in code and infrastructure. Good understanding and experience in using cloud service providers such as AWS and GCP. Developing and maintaining technical documentation such as cookbooks, design and architecture docs. Troubleshooting and fixing production issues to ensure reliability, security and performance. Work experience in using RDBMS like MySQL, good grasp of concepts such as replication and clustering along with familiarity in data stores such as Redis and Elasticsearch. Excellent grasp of software engineering principles coupled with strong written and verbal communication skills. B.S or M.S in Computer Science or related fields. Responsibilities : Act as a liaison between the engineering and security org to develop innovative requirements for the security roadmap. Evangelize security best practices across the engineering org. Research, design, implement and own security oriented frameworks and features with the common goal of protecting Oktas customers. Routinely participate in cross-vertical code reviews with emphasis on Security. Break down complex problems into sub-tasks while prototyping rapidly and iteratively contributing to security initiatives using agile practices. Coach and mentor junior engineers in the team.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or you can apply in below post Mandatory roles: Perform Internal and External Red Teaming. Report Preparation with proof of concepts. Provide recommendations to remediate the findings. Excellent communication skill is important. Additional skills: Cyber Security Assessment & Consulting,Cyber Threat Hunting,Manual Penetration Testing using OWASP checklists,OWASP Top 10,OWASP ZAP,Penetration Testing,Static Code analysis,Static/dynamic testing of mobile applications Exp range:8 + years Who can by Immediate or 15 days max Thanks and Regards, Ankita Ghosh

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

Technical/Solutions architect is responsible to create and execute ways to improve an organization's technological framework, focus on developing best practices, integrations patterns and oversee architecture domains like application, data, and technology and ensure they align with an organization's standards. Responsibilities Technical/Solutions Architect Must have 12+ years of relevant IT experience in Architecture, Application Design and Development using both backend and frontend preferred .net with angular. MUST have hands on experience on building & architecting medium to large applications. Ability to produce POCs that can be used by project teams. Ability to produce architecture diagrams, technical write-up associated and to map business requirements to solution components Skills to translate complex requirements into functional architecture. Have hands-on experience on software development able to help team and manage complex programs. Experience in handling big projects using latest technologies like SOA, Webservices, Cloud Services( Azure or AWS) Knowledge of core coding languages (e.g. JavaScript, .NET) and experience in various Front-End technologies like Angular, React Good DB knowledge specially MSSQL Excellent communication skills Problem-solving capability - identify issues with the existing solution and come up with better solutions Good leadership skills Managing application development teams during the design and construction phases Providing training and mentoring to junior personnel Collaborating with application developers on achieving business goals Overseeing strategic relationships in a technology environment Required Technical Qualifications .NET Technologies Angular 2 and above ASP. NET C# .NET SQL Server - SSIS & SSRS WCF/Web Services ASP. NET /.NET Core Web API EF code first, EF query optimization and profiling, transaction scope SQL server database: tables, stored procs, functions, views, triggers Performance Tuning Proficiency with OWASP top 10 vulnerabilities. Good Communication skills JavaScript , JQuery , CSS , HTML5(added advantage) Mandatory Skills: .Net, Angular, SQL, Architecture Good to have: Microservices, Power BI, TOGAF certification Preferred Qualifications Minimum overall 12+ years of experience with above skills Minimum 4+ years in an Architect position

SF ID: 2508-61254 Minimum 4+ years' experience in Java selenium with cucumber, .Net, micro-service testing, and API testing Solid understanding of Cucumber testing for behavior-driven development (BDD) Shown experience of 3 or more years with databases (Postgres/MySQL/Oracle/NoSQL DB), persistence frameworks, and SQL Hands on experience with Testing Suites like Test Complete/ Selenium Exposure to development environments like GitHub, Version Control, Jira, Git Hub/ SVN, GitLab, Confluence and DevOps etc. Professional documentation of test results/ test setups etc Experience with SCADA/MES implementations. Ignition SCADA experience is preferable. Experience with Linux & Windows platform. Experience with defining and implementing Non-Functional Requirements (NFR – Security, Performance, Cost etc.) Testing awareness for cybersecurity threats (OWASP top 10) Excellent teamwork and collaboration skills. Minimum Qualifications / Experience / Required Skills: Bachelor’s degree in engineering (Computer Science / Electronics or its equivalent)