41 Owasp Top Jobs

Your Role Perform static application security testing on source code using Fortify. Perform software composition analysis using Sonatype IQ Assist with scan onboarding and troubleshooting Integrate tools into Jenkins pipelines Collaborate with teams to remediate high/critical findings Generate and analyse SCA scan result Automate reporting and dashboards Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Your Profile Deep understanding of Source code review, SCA and SBOM Hands-on experience with SAST and SCA tool Fortify SCA, Sonatype IQ. Good understanding of secure coding practices for languages such as Java, .NET ,JavaScript,Python,etc. Strong knowledge of OWASP Top 10, CWE, and secure software development lifecycle (SSDLC). Familiarity with CI/CD pipelines and integrating security tools in DevOps. (Jenkins, GitHub) Security certifications such as OSCP, GWAPT, eWPTX, CEH, CRTP will be an added advantage. What will you love working at Capgemini Every Monday, kick off the week with a musical performance by our in-house band - The Rubber Band. Also get to participate in internal sports events, yoga challenges, or marathons. At Capgemini, you can work oncutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. You will have the opportunity to learn on one of the industry"s largest digital learning platforms, with access to 250,000+ courses and numerous certifications.

Job Title: Application Security Expert - Red Team / Ethical Hacker Department: Information Security / Cybersecurity Reports To: Group CISO Job Summary: The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture. Responsibilities: Red Teaming & Attack Simulation: Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls. Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors. Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities. Advanced Penetration Testing: Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques. Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling. Develop detailed penetration test reports with clear and actionable recommendations for remediation. Secure Code Review (Offensive Perspective): Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers. Provide developers with guidance on secure coding practices and vulnerability remediation techniques. Develop and maintain secure coding guidelines and checklists. Vulnerability Research & Exploit Development: Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques. Conduct vulnerability research to identify new and emerging threats. Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities. SDLC Integration & Security Advocacy: Collaborate with development teams to integrate security testing and red teaming activities into the SDLC. Participate in design reviews and provide security guidance on application architecture and design. Promote a security-conscious culture within the development organization. Vulnerability Management (Validation & Verification): Validate and verify the effectiveness of vulnerability remediation efforts. Retest remediated vulnerabilities to ensure they have been properly addressed. Security Tooling & Automation (Offensive Tools): Evaluate, recommend, and customize offensive security tools and technologies. Automate red teaming and penetration testing processes to improve efficiency and coverage. Required Skills and Qualifications: Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Experience: 8+ years of experience in application security, penetration testing, red teaming, or a related field. Demonstrable experience conducting advanced penetration tests and red team engagements. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux). Experience with exploit development and reverse engineering. Technical Skills: Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++). Strong understanding of web application architectures and technologies. Deep understanding of network protocols and security concepts. Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP). Understanding of authentication and authorization mechanisms. Certifications (Required/Preferred): Offensive Security Certified Professional (OSCP) - Required Certified Ethical Hacker (CEH) - Preferred GIAC Web Application Penetration Tester (GWAPT) - Preferred Offensive Security Certified Expert (OSCE) - Highly Preferred Offensive Security Web Expert (OSWE) - Highly Preferred

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology-Security Testing-Security Testing - ALL

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like youThen it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development - Stay updated on the latest security trends, vulnerabilities, and technology advancements. - Provide training and guidance to the team and other departments on security best practices. Strategy and Planning - Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. - Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: - Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) - Internal/external network penetration, privilege escalation, and lateral movement - Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) - Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels - Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing - Working knowledge of Kali Linux and frameworks like MITRE ATT&CK - Basic understanding of AI/ML securityadversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: - OffensiveBurp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver - ReconnaissanceNmap, Amass, Shodan, OSINT frameworks/tools - Vulnerability ScannersNessus, Qualys, Nexpose Programming/Scripting: - Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills - Excellent written and verbal communication skills - Strong analytical and problem-solving capabilities - Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): - Highly DesirableOSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE - Other ConsideredEWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at

About The Role Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Web Application Firewall (WAF) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and technically strong Web Application Firewall (WAF) Subject Matter Expert (SME) to join our Security Delivery team. The ideal candidate will possess deep expertise in WAF technologies, strong experience in decoding web traffic and malicious scripts, and a solid development background to assess and close security gaps. This role is pivotal in safeguarding enterprise applications from web-based threats across on-prem, cloud, and hybrid environments. Roles & Responsibilities:-WAF Strategy, Operations & Governance-Lead the deployment, configuration, and management of enterprise-grade WAF solutions such as F5 Silverline, F5 ASM, Imperva CWAF, Akamai WAF, AWS WAF, and Azure WAF.-Develop and fine-tune advanced WAF policies and signatures to accurately detect sophisticated attack vectors including SQL Injection, XSS, RCE, and business logic abuse, while minimizing false positives.-Analyze complex WAF logs and payloads using custom decoding and script analysis techniques to identify stealthy threats and misconfigurations.-Maintain consistent security controls in line with OWASP Top 10, PCI-DSS, NIST, and ISO 27001 standards.-Security Integration & Threat Response-Integrate WAF protections into DevSecOps pipelines, embedding security into the SDLC with automated deployment and testing.-Collaborate with AppSec, DevOps, Cloud, and Infrastructure teams to secure applications across microservices, APIs, and multi-cloud environments.-Act as a senior advisor during security incidents involving web-layer attacks, providing in-depth payload analysis and mitigation guidance.-Scripting & Secure Development Expertise-Leverage development and scripting skills (Python, Bash, PowerShell, Regex) to analyze obfuscated scripts and automate WAF rule generation, traffic simulation, and threat validation.-Contribute to secure coding reviews and help developers understand WAF behavior in relation to application logic and vulnerabilities.-Documentation, Reporting & Continuous Improvement-Own and update detailed documentation including architecture diagrams, rule sets, exception handling, and change management logs.-Produce regular dashboards and executive-level reports summarizing WAF effectiveness, threat intelligence trends, and incident analysis.-Evaluate new WAF features and third-party integrations to improve detection efficacy and operational efficiency. Professional & Technical Skills: -Experience with multiple WAF platforms across enterprise environments.-Deep understanding of HTTP/S protocols, SSL/TLS encryption, CDN behaviors, load balancing, and reverse proxy technologies.-Proven expertise in decoding, analyzing, and reverse engineering malicious JavaScript or encoded payloads to uncover evasion techniques.-Strong understanding of web application architecture, OWASP Top 10 risks, and real-world threat scenarios.-Experience with Bot Mitigation, API Security, and Advanced Threat Protection mechanisms.-Familiarity with CI/CD tools (e.g., Jenkins, GitLab), IaC (e.g., Terraform), and security automation frameworks.-Certifications such as AWS Certified Security Specialty, Akamai WAF Certified, GIAC GWAPT/GWEB, CEH, or equivalent.-Exposure to Big Data analytics platforms or SIEM solutions for advanced WAF telemetry analysis. Additional Information:- The candidate should have minimum 5 years of experience in Web Application Firewall (WAF).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

Role Overview: Java + Adobe, Salesforce, and Oracle. All resources should be L3 or L4 level, as L1/L2 engineers lack knowledge on code fixes. Highly skilled and security-focused Code Remediation Engineer with deep expertise in Java Full Stack development, cloud security tools, and enterprise platforms. This role is central to identifying, fixing, and preventing security vulnerabilities across complex application ecosystems. The ideal candidate will be hands-on in writing secure code, remediating legacy issues, and collaborating across teams to uplift the security posture of enterprise applications. Responsibilities: Analyze and remediate security vulnerabilities in Java-based full stack applications. Refactor insecure or deprecated code patterns to align with secure coding standards. Develop and deploy secure code fixes while maintaining application functionality and performance. Utilize tools such as Azure Defender , PRISMA Compute , AWS Inspector , and GCP Security Command Center to detect and respond to security threats. Integrate cloud-native security controls into application development and deployment pipelines. Embed security checks into CI/CD workflows using GitHub Advanced Security , CodeQL , and other tools. Automate remediation pipelines and enforce policy-as-code for consistent security enforcement. Apply remediation strategies across niche platforms such as Salesforce , Adobe , Oracle , Viva , Pega , IBA , and others. Collaborate with platform-specific teams to ensure secure integration and data handling. Work closely with application owners, architects, and security teams to prioritize and implement fixes. Document remediation efforts, root cause analysis, and secure development guidelines. Qualifications: 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular). Proven experience in code remediation and secure development practices . Hands-on experience with cloud security tools across Azure, AWS, and GCP. Familiarity with GitHub Advanced Security , CodeQL , and CI/CD pipelines . Exposure to one or more enterprise platforms (e.g., Salesforce, Adobe, Oracle, Pega). Strong understanding of OWASP Top 10 , secure coding principles , and threat modeling . Excellent problem-solving, debugging, and communication skills. Experience with containerized environments (Docker, Kubernetes). Optional: Certifications in cloud security (e.g., AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer). Knowledge of infrastructure-as-code (Terraform, ARM, CloudFormation). Preferred candidate profile

Role Overview Were hiring an experienced L2 Web Application Firewall (WAF) Administrator to take ownership of WAF security across large-scale enterprise environments. Youll be responsible for configuring, maintaining, and monitoring WAF platforms (primarily F5, Citrix, or similar) to protect business-critical web applications from cyber threats. This is a hands-on operational role with a focus on real-time threat prevention, incident troubleshooting, and continuous tuning of WAF policies. Key Responsibilities Operate and manage Web Application Firewalls (WAF) in 24x7 production environments. Configure security policies, enforce rulesets, and tune signatures to defend against web-based threats (SQLi, XSS, CSRF, etc.). Respond to and troubleshoot WAF-related incidents, traffic anomalies, and false positives. Perform regular health checks, system upgrades, patching, and SSL certificate management. Monitor WAF dashboards, threat logs, and alerts to proactively mitigate application-level attacks. Coordinate with security, application, and network teams to implement protection for new or updated web apps. Maintain technical documentation, including WAF policies, traffic flows, and change logs. Ensure compliance with OWASP Top 10, PCI-DSS, and internal security standards. Required Skills & Experience Minimum 5 years of hands-on experience in Web Application Firewall administration . Expertise in F5 ASM , Citrix WAF , Imperva , or other enterprise-grade WAF platforms. Deep understanding of web protocols (HTTP/S) and Layer 7 traffic behavior . Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC Application Centric Infrastructure (ACI) deployment and data center experience Strong knowledge of OWASP Top 10 vulnerabilities and common web attack patterns. Ability to write and tune custom WAF rules , manage exceptions, and interpret log data for root cause analysis. Familiarity with SSL offloading , certificate renewal, and encryption standards. Experience in coordinating with SOC/NOC teams and participating in incident response. Certifications (Mandatory) F5-201/Other Industry leading OEM Professional level Nice to have Experience in WAF policy automation or scripting (Python, Bash, Ansible). Exposure to multi-vendor WAF environments. Experience with design and implementing Software Defined Network (SDN) and large complex networks Basic understanding of load balancing, but primary expertise must be WAF-centric. Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC

Role Overview We are hiring a highly experienced L3 Web Application Firewall (WAF) Specialist to lead the planning, implementation, and optimization of WAF solutions across enterprise environments. This is a technical leadership role requiring deep understanding of application-layer security, strong hands-on experience with WAF technologies (especially F5 ASM or equivalent), and the ability to handle complex security incidents independently. You will act as the subject matter expert (SME) for WAF in client-facing and internal security engagements, guiding application protection strategies, overseeing advanced threat prevention, and mentoring L1/L2 engineers. Key Responsibilities Lead WAF Design & Deployment : Architect, configure, and deploy enterprise-grade WAF solutions across multi-tenant, multi-region environments using technologies like F5 ASM, Citrix, or Imperva. Incident Management & Escalation (L3 Level) : Handle high-priority WAF incidents, perform root cause analysis (RCA), implement custom mitigations, and ensure resolution within defined SLAs. Policy Tuning & Custom Rules : Develop and optimize custom WAF rules (iRules, regex, JSON filters) based on traffic analysis, threat signatures, and business use cases to minimize false positives and ensure maximum protection. Threat Intelligence Integration : Analyze logs and correlate WAF events with threat intelligence feeds and SIEM tools to proactively detect and respond to Layer 7 attacks (e.g., SQLi, XSS, RFI, LFI, bot traffic). Pre-Production Application Review : Collaborate with DevSecOps and App teams to assess applications prior to production rollout, ensuring adequate WAF protection is in place through rigorous policy simulations and tuning. Patch & Upgrade Planning : Plan and execute firmware upgrades, policy migrations, and security patching aligned with vendor lifecycle and enterprise security policies. Compliance & Audit Support : Align WAF posture with OWASP Top 10, PCI-DSS, GDPR, and internal compliance frameworks; prepare documentation and reports for audits and security assessments. Mentoring & Process Improvement : Mentor L1/L2 WAF engineers, define SOPs, standardize response playbooks, and drive automation initiatives where possible. Required Skills & Experience Minimum 7 years of hands-on experience managing Web Application Firewalls in enterprise or service provider environments. Deep expertise in WAF platforms such as F5 BIG-IP ASM , Citrix AppFirewall , Imperva , or Fortinet WAF. Strong knowledge of Layer 7 protocols , HTTP/HTTPS traffic analysis , TLS/SSL decryption , and web server architectures . Familiarity with protocols and technologies such as BGP, OSPF, VXLAN, or MP-BGP EVPN is a plus. Advanced understanding of application-layer threats , bot mitigation , credential stuffing , zero-day exploit patterns , and custom rule writing . Proven ability to manage complex security incidents independently and interface with customers, stakeholders, and internal security teams. Experience with configuration backup/recovery , version control , and multi-tenant policy management . Excellent documentation, troubleshooting, and stakeholder communication skills. Certifications (Mandatory) F5-301/F5-303/Other Industry leading OEM Professional level Certification Nice to Have Exposure to cloud-native WAFs (e.g., AWS WAF, Azure WAF, Cloudflare). Experience in ACI (Application Centric Infrastructure) and Software Defined Networking (SDN) for securing microservices or hybrid apps. Scripting or automation knowledge (Python, Bash, Ansible) to streamline monitoring and deployment tasks.

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

You will join the Jenkins Security team which has the mission to enhance the security of the open source project Jenkins, and the CloudBees product based on it (CloudBees CI). What You?ll Do Dig into the internals of Jenkins and its plugin system from the perspective of web application security. Work on the lifecycle of vulnerabilities. Improve our security tooling/process/automation. Provide security education, increase awareness in the department and in the community. What The Role Requires Bachelor?s or Master?s degree in Computer Science or related field. 1-3 years of professional experience in Java web application development (JavaScript is a plus) with Bachelor?s degree or 0 year with a Master?s degree Knowledge & passion for web application security (e.g., OWASP Top 10). Hacker mindset. Willingness to learn. Desire to break things for the good. Solving problems. Knowledge on using CI/CD tools (Jenkins is a plus). Experience in scripting is a plus (Groovy, Shell). Familiar with Maven, Git, Docker.

Role & responsibilities 1. Ability to conduct Vulnerability Assessments on systems, web applications, mobile applications and network devices. 2. Have basic knowledge of Penetration Testing & Exploitation. 3. Have Good Knowledge and experience of working on Application Level and Network Level Audit. 4. Should have the understanding of OWASP Top 10, SANS Top 25, NIST and other relevant framework. 5. Should have knowledge of server-side languages (any programming language). 6. Must be Familiar with Kali, Metasploit etc. 7. Should have good knowledge of Vulnerability Assessment tools - Application (Rational Appscan, Acunetix, Netsparker, Qualys, BurpSuit etc), Network (Nessus, Nexpose, NMap, OpenVAS etc.). Preferred candidate profile 1. B. Tech (CS/IT)/BCA/MCA/BSC/Diploma (No bar for deserving candidates). 2. CEH is mandatory. CHFI, OSCP, ECSA, ISO27k LA, etc. will be an added advantage. 3. Must have Good Communication skills. 4. Must be Passionate about information security.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Firewalls Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Looking for a detail-oriented and experienced Network Security Senior Analyst to manage, monitor, and optimize the security of our network perimeter. You will be responsible for implementing and maintaining firewall rules, ensuring compliance with security policies, and helping to defend against unauthorized access and threats. The role requires strong analytical skills, hands-on experience with Palo Alto, Cisco ASA, Global Protect VPN and Akamai WAF, and a solid understanding of networking and security principles. Roles & Responsibilities:- Configure, manage, and troubleshoot enterprise firewalls (e.g., Palo Alto, Cisco ASA/Firepower).- Create and maintain firewall policies/rules based on business and security requirements.- Work with stakeholders to review, approve, and implement firewall change requests.- Manage and configure Akamai Kona Site Defender and Web Application Firewall policies- Tune and optimize WAF rules to minimize false positives and maximize threat detection.- Monitor and respond to bot activity using Akamai Bot Manager- Implement and maintain rate-limiting, geo-blocking, and IP reputation settings in Akamai WAF as needed.- Support incident response and forensic investigations related to web application attacks.- Conduct regular audits and rule base reviews to ensure optimal performance and policy compliance.- Participate in incident response activities related to network security.- Collaborate with network engineers and SOC teams to ensure seamless and secure connectivity.- Provide support during network migrations, segmentation projects, or security enhancements.- Document all firewall changes, configurations, and security exceptions. Professional & Technical Skills: - Bachelors degree in Computer Science, Information Security, or related field.- 35 years of hands-on experience managing enterprise firewalls.- Solid understanding of TCP/IP, routing, NAT, VPNs, and access control mechanisms.- Hands-on experience with Akamai WAF (Kona Site Defender) and Akamai Control Center.- Solid understanding of HTTP/HTTPS, DNS, CDN behavior, and OWASP Top 10 threats.- Experience with firewall rule creation, optimization, and troubleshooting.- Familiarity with change management processes and ITIL practices.- Strong problem-solving and analytical skills. Additional Information:- Need to work in rotational shifts 24X7 model - Good verbal and written communication skill- Experience working in a diversified, virtual environment- A 15 years full time education is required.- This position is based at our Bengaluru office. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Firewalls Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary Looking for a detail-oriented and experienced Network Security Analyst to manage, monitor, and optimize the security of our network perimeter. You will be responsible for implementing and maintaining firewall rules, ensuring compliance with security policies, and helping to defend against unauthorized access and threats. The role requires strong analytical skills, hands-on experience with Palo Alto, Cisco ASA, Global Protect VPN and Akamai WAF, and a solid understanding of networking and security principles. Roles & Responsibilities:- Configure, manage, and troubleshoot enterprise firewalls (e.g., Palo Alto, Cisco ASA/Firepower).- Create and maintain firewall policies/rules based on business and security requirements.- Work with stakeholders to review, approve, and implement firewall change requests.- Manage and configure Akamai Kona Site Defender and Web Application Firewall policies- Tune and optimize WAF rules to minimize false positives and maximize threat detection.- Monitor and respond to bot activity using Akamai Bot Manager- Implement and maintain rate-limiting, geo-blocking, and IP reputation settings in Akamai WAF as needed.- Support incident response and forensic investigations related to web application attacks.- Conduct regular audits and rule base reviews to ensure optimal performance and policy compliance.- Participate in incident response activities related to network security.- Collaborate with network engineers and SOC teams to ensure seamless and secure connectivity.- Provide support during network migrations, segmentation projects, or security enhancements.- Document all firewall changes, configurations, and security exceptions. Professional & Technical Skills: - Bachelors degree in Computer Science, Information Security, or related field.- Hands-on experience managing enterprise firewalls.- Solid understanding of TCP/IP, routing, NAT, VPNs, and access control mechanisms.- Hands-on experience with Akamai WAF (Kona Site Defender) and Akamai Control Center.- Solid understanding of HTTP/HTTPS, DNS, CDN behavior, and OWASP Top 10 threats.- Experience with firewall rule creation, optimization, and troubleshooting.- Familiarity with change management processes and ITIL practices.- Strong problem-solving and analytical skills. Additional Information:- The candidate should have minimum experience in Pal Alto Network Firewall- This position is based at our Bengaluru office.- A 15 years full time education is required. Need to work in rotational shifts 24X7 model Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Firewalls Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Looking for a detail-oriented and experienced Network Security Team Lead to manage, monitor, and optimize the security of our network perimeter. You will be responsible for implementing and maintaining firewall rules, ensuring compliance with security policies, and helping to defend against unauthorized access and threats. The role requires strong analytical skills, hands-on experience with Palo Alto, Cisco ASA, Global Protect VPN and Akamai WAF, and a solid understanding of networking and security principles. Roles & Responsibilities:- Configure, manage, and troubleshoot enterprise firewalls (e.g., Palo Alto, Cisco ASA/Firepower).- Create and maintain firewall policies/rules based on business and security requirements.- Work with stakeholders to review, approve, and implement firewall change requests.- Manage and configure Akamai Kona Site Defender and Web Application Firewall policies- Tune and optimize WAF rules to minimize false positives and maximize threat detection.- Monitor and respond to bot activity using Akamai Bot Manager- Implement and maintain rate-limiting, geo-blocking, and IP reputation settings in Akamai WAF as needed.- Support incident response and forensic investigations related to web application attacks.- Conduct regular audits and rule base reviews to ensure optimal performance and policy compliance.- Participate in incident response activities related to network security.- Collaborate with network engineers and SOC teams to ensure seamless and secure connectivity.- Provide support during network migrations, segmentation projects, or security enhancements.- Supervise, mentor, and guide team members to ensure high performance and career growth- Assign tasks, monitor progress, and manage team workloads effectively.- Promote automation and tooling to enhance team productivity.- Support audit activities by providing documentation, reports, and evidence as needed. Professional & Technical Skills: - Bachelors degree in Computer Science, Information Security, or related field.- 7 to 9 years of hands-on experience managing enterprise firewalls.- Solid understanding of TCP/IP, routing, NAT, VPNs, and access control mechanisms.- Hands-on experience with Akamai WAF (Kona Site Defender) and Akamai Control Center.- Solid understanding of HTTP/HTTPS, DNS, CDN behavior, and OWASP Top 10 threats.- Experience with firewall rule creation, optimization, and troubleshooting.- Familiarity with change management processes and ITIL practices.- Strong problem-solving and analytical skills. Additional Information:- Need to work in rotational shifts 24X7 model - Good verbal and written communication skill- Experience working in a diversified, virtual environment- A 15 years full time education is required.- This position is based at our Bengaluru office. Qualification 15 years full time education

Job Summary Seeking a WAF Management and Governance Lead to oversee the security, operational integrity, and compliance of Web Application Firewall (WAF) systems. The ideal candidate will be responsible for ensuring robust protection against web-based threats, optimizing security policies, and governing WAF implementations across enterprise environments. WAF Administration Lead the deployment, configuration, and ongoing management of Web Application Firewall solutions. Security Policy Development Define, implement, and refine WAF rulesets to mitigate risks such as SQL injection, cross-site scripting (XSS), and other web threats. Governance & Compliance Ensure WAF policies align with regulatory and industry security frameworks (e.g., OWASP, PCI-DSS, GDPR). Threat Monitoring & Mitigation Collaborate with cybersecurity and internal teams to analyse threat patterns and adjust WAF settings for optimal protection. Performance Optimization Evaluate WAF impact on application performance and optimize configurations without compromising security. Incident Response Support investigation and response to security incidents related to web applications. Stakeholder Collaboration Work with IT, security, and application development teams to integrate WAF security seamlessly. Reporting & Metrics Establish key security performance indicators and provide regular governance reports. Experience 9+ years in web security, including WAF deployment and governance. Technical Expertise Hands-on experience with leading WAF platforms (e.g., AWS WAF, F5, Cloudflare WAF, Akamai Kona Security). Security Knowledge Strong understanding of OWASP top 10 threats, secure coding practices, and web security protocols. Knowledge of DevSecOps practices and security automation. Compliance Awareness Familiarity with regulatory requirements impacting web security governance. Communication Ability to convey security risks and technical details to non-security stakeholders effectively. Certifications such as CISSP, CEH, CCSP, AWS Security Specialty or equivalent. Experience in DevSecOps, automation, and integrating WAF into CI/CD pipelines. Knowledge of cloud security architectures and API security governance. Reinvent your world.We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Job Summary Experienced Vulnerability Management and penetration testing Governance lead will manage a team to oversee the identification, assessment, and remediation of security vulnerabilities across enterprise systems. This role will focus on establishing a proactive security posture, ensuring compliance with industry standards, and driving governance initiatives to mitigate risks effectively along with strong leadership and project management skills. Vulnerability Assessment: Lead regular vulnerability scans and penetration testing across infrastructure, cloud environments and outside-In. Security Baseline: Lead development and implementation of Security Baseline using CIS Benchmarks by determining the systems, applications, and network devices to be secured (e.g., Windows, Linux, Cloud, Docker, Kubernetes). Risk Analysis & Prioritization: Evaluate identified vulnerabilities based on severity, exploitability, and potential business impact. Remediation Planning: Collaborate with IT, security, engineering and entity teams to ensure timely remediation of high-risk vulnerabilities. Governance & Compliance: Develop and enforce security governance frameworks in line with industry standards (e.g., NIST, CIS, ISO 27001, PCI-DSS). Threat Intelligence Integration Leverage global threat intelligence feeds to stay ahead of emerging security threats and vulnerabilities. Security Policy Development: Define policies and best practices for vulnerability management, reporting, and remediation. Automation & Continuous Monitoring: Implement automated vulnerability scanning tools and ensure ongoing security assessments. Incident Response Support: Provide technical guidance in vulnerability-related security incidents and audits. Reporting & Metrics: Establish key risk indicators and provide executive reports on vulnerability trends and remediation progress. Experience: 12+ years in cybersecurity, vulnerability management, or Penetration testing roles. Technical Expertise: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, OpenVAS), penetration testing and threat intelligence platforms. Penetration Testing & Ethical Hacking Experience with tools like Metasploit, Burp Suite, Nmap, and Wireshark for real-world security assessments. Security Framework Knowledge: Strong understanding of NIST, CIS benchmarks, OWASP Top 10, and CVSS scoring models. Compliance Awareness: Familiarity with regulatory standards affecting security risk management. Leadership & Communication: Ability to coordinate with multiple stakeholders, drive security improvements, and articulate risks effectively. Certifications such as CISSP, CISM, CEH, OSCP or equivalent. Experience in cloud vulnerability management (AWS, Azure, GCP). Knowledge of DevSecOps practices and security automation. Reinvent your world.We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing). NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at?www.netspi.com/careers.. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.. Responsibilities. Conduct in-depth penetration testing and secure code review assessments on web applications. Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities. Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Train and assist developers in writing secure software and remediating existing vulnerabilities. Provide oversight to peers on service lines through QA process. Mentor and assist team members in effectively delivering assessments and enhancing skillsets. Present detailed penetration test findings to clients and assist in remediation planning. Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques. Contribute to the cybersecurity community through tools, presentations, white papers, and blogging. Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.). Minimum Qualifications. Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing. Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred. Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code. Ability to explain risk and business impact of security vulnerabilities to variety of audience. Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.. Preferred Qualifications. Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++. Experience in software development in at least one server-side programming language. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.. Show more Show less