27 Owasp Top Jobs

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 810 years of Overall experience in IT . 56 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelors degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

As a Security Consultant, you play a pivotal role as a key advisor for IBM's clients. Your primary responsibility is to analyze business requirements and leverage your expertise to design and implement optimal security solutions tailored to meet the unique needs of our clients. Your technical skills will be crucial in finding the delicate balance between enabling and securing our client's organization, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally. - Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure - Plan and perform red team exercises against various cloud offerings - Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team - Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization - Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises - Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans - Research and continuously improve skills in attacker tools, methods, and techniques - Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Technical/Solutions architect is responsible to create and execute ways to improve an organization's technological framework, focus on developing best practices, integrations patterns and oversee architecture domains like application, data, and technology and ensure they align with an organization's standards. Responsibilities Technical/Solutions Architect Must have 12+ years of relevant IT experience in Architecture, Application Design and Development using both backend and frontend preferred .net with angular. MUST have hands on experience on building & architecting medium to large applications. Ability to produce POCs that can be used by project teams. Ability to produce architecture diagrams, technical write-up associated and to map business requirements to solution components Skills to translate complex requirements into functional architecture. Have hands-on experience on software development able to help team and manage complex programs. Experience in handling big projects using latest technologies like SOA, Webservices, Cloud Services( Azure or AWS) Knowledge of core coding languages (e.g. JavaScript, .NET) and experience in various Front-End technologies like Angular, React Good DB knowledge specially MSSQL Excellent communication skills Problem-solving capability - identify issues with the existing solution and come up with better solutions Good leadership skills Managing application development teams during the design and construction phases Providing training and mentoring to junior personnel Collaborating with application developers on achieving business goals Overseeing strategic relationships in a technology environment Required Technical Qualifications .NET Technologies Angular 2 and above ASP. NET C# .NET SQL Server - SSIS & SSRS WCF/Web Services ASP. NET /.NET Core Web API EF code first, EF query optimization and profiling, transaction scope SQL server databasetables, stored procs, functions, views, triggers Performance Tuning Proficiency with OWASP top 10 vulnerabilities. Good Communication skills JavaScript,JQuery,CSS,HTML5(added advantage) Mandatory Skills: .Net, Angular, SQL, Architecture Good to haveMicroservices, Power BI, TOGAF certification Preferred Qualifications Minimum overall 12+ years of experience with above skills Minimum 4+ years in an Architect position

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a highly skilled Lead Application Security & Vulnerability Management to take charge of identifying, assessing, and mitigating security risks across applications and IT infrastructure. As a key security leader, you will oversee vulnerability management operations, lead security assessments, and collaborate with cross-functional teams to ensure robust security posture and compliance with industry standards. This role demands expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to protect critical software assets. Roles & Responsibilities:Leadership & StrategyLead vulnerability management operations and security assessments. Develop and implement strategic security initiatives for application protection. Collaborate with leadership to define security roadmaps and policies. Act as a mentor for junior security analysts, fostering skill development.Vulnerability Management & Security OperationsConduct regular vulnerability scans across applications and infrastructure. Analyze security vulnerabilities, assess impact, and prioritize mitigation strategies. Oversee penetration testing and security assessments to identify weaknesses. Provide detailed reports on security findings, risk levels, and remediation efforts. Ensure compliance with industry security frameworks and standards. Develop and maintain security policies, procedures, and playbooks.Application Security & Secure DevelopmentPerform SAST scans to detect vulnerabilities in source code before deployment. Conduct DAST assessments to identify runtime security issues in web applications. Utilize SCA tools to analyze third-party dependencies for known vulnerabilities. Integrate security testing into CI/CD pipelines for proactive protection. Define secure coding guidelines and conduct training for development teams.Incident Management & Vendor CoordinationInvestigate and resolve false positives and critical vulnerabilities in risk management tools. Manage vendor relationships, escalating and resolving security issues efficiently. Generate monthly security reports and dashboards for leadership insights. Qualifications & Skills: Experience:7+ years in Application Security, Vulnerability Management, and Cybersecurity. Education:Bachelors/Masters degree in Computer Science, Information Technology, or Cybersecurity. Certifications:Preferred CISSP, CEH, CompTIA Security+. Technical Expertise:Strong knowledge of network protocols, operating systems, security testing. Leadership & Communication:Excellent problem-solving, analytical, and collaboration skills. Compliance & Frameworks:Deep understanding of ISO 27001, NIST, OWASP, PCI DSS. Professional & Technical Skills: Vulnerability Management:Brinqa, Qualys VMDR, Qualys WAS, Rapid7 InsightVM, NessusApplication Security:Fortify, Snyk, Trufflehog, SnaffpointSecurity Frameworks:OWASP Top 10, NIST, ISO 27001, PCI DSS Additional Information:- The candidate should have minimum 5 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at Bengaluru, Gurgram, Hyderabad, Mumbai, Noida only- A 15 years full time education is required. Qualification 15 years full time education

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

-Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure -Plan and perform red team exercises against various cloud offerings -Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team -Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization -Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises -Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans -Research and continuously improve skills in attacker tools, methods, and techniques -Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together Primary Responsibility Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Undergraduate degree or equivalent experience 2+ years of IT experience Experience in event-driven, micro-services software development Mobile-first web/UI development experience with Angular or React Additional LanguagesTypescript/Javascript Frameworks / TechnologiesNode, .NET, Azure Services, Material UI, SignalR, Bootstrap, SQL 2+ years RESTful Web API Development 2+ years of .NET Framework, .NET Core, .NET development using C#, Entity Frameworks 2+ years of experiences managing source code with Git, Azure DevOps (TFS), or similar 2+ years of Test-Driven development and Unit Testing 2+ years working with MS SQL databases and SQL Stored Procedures 2+ years creating engineering diagrams including sequence, software, system, and architectural diagrams 2+ years working in Agile Scrum and/or Kanban teams. Experience story/work breakdowns and story estimation 2+ years of Azure services development including Azure Security and Identity Management Services (Application Gateway, WAF, Azure AD, API Management, Key Vault), Azure Storage Services (Table storage, Blob Storage, Queues, Azure SQL), Azure App and Cloud Services, Azure Development Services (ARM Temples) 2+ years of software development using design patterns 2+ years responsive, mobile-friendly web application and UI Development 2+ years of HTML, TypeScript/Javascript, and either Angular or ReactJS Demonstratable knowledge of secure programming techniques and OWASP Top 10 Demonstrated ability to work independently as well as collaboratively within and across teams Solid written and verbal communication skills showing an ability to interface with business stakeholders and engineers At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

About The Role We are looking for a skilled Application Security Engineer to strengthen our security posture by proactively identifying and mitigating vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities(What will you do): -Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. -Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript. -Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. -Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. -Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. -Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders. What Makes You a Great Fit -1-5 years of experience in application security, penetration testing, or related fields. -Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks. -Experience integrating security into SDLC and familiarity with DevSecOps tools. -Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. -Strong scripting skills (Python preferred) for security automation. -Excellent communication and stakeholder management abilities. -Passion for continuous learning and staying updated on security trends. -Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Job ID/Reference Code INFSYS-NAUKRI-210551 Work Experience 3-6 Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Job ID/Reference Code INFSYS-NAUKRI-210555 Work Experience 5-9 Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

? Duties and Responsibilities A strong and thorough understanding of Application Security with a passion to innovate Strong knowledge experience with Vulnerability Assessment and Penetration Testing Strong knowledge to automate DAST/SAST solutions scanning and reporting Performing Manual Secure Code Review and Secure Design Review Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams Good understanding of Java, Python, etc. Hands-on experience of Web Application Scanning Tools (both Open Source and Commercial) Knowledge of performing Threat Modeling and Application Design Reviews Good understanding of SSDLC and Secure Software Delivery Frameworks Provide guidance to development teams for remediating application security vulnerabilities Should have at least one professional certification but not limited to CEH/Security+/eJPT or equivalent Good to have certifications like OSCP/eWAPTX/OSCE/CRTE/eCPTX or equivalent Leading the functions as an individual, performing below assignments Responsible for performing and overseeing Penetration testing, SAST, DAST, Manual Secure Code Review and Secure Design Review Make suggestions for security improvements. Enhance existing methodology material Mentoring Junior Resources Good to have working experience on: Good understanding of Cloud Security Concepts AWS/Azure Should have Project Management Skills (using Jira / Confluence / SNOW

Akmai waf fitting for Cequence Defender Engineer 2 positionsWe are seeking a skilled and motivated Cequence Defender Engineer to join our growing security team. As a Cequence Defender Engineer, you will play a crucial role in protecting our organizations web applications and APIs from sophisticated cyber threats. You will be responsible for the implementation, configuration, and ongoing management of the Cequence Security Platform, ensuring its optimal performance and effectiveness in mitigating bot attacks, DDoS attacks, and API abuse. Responsibilities:Design, implement, and maintain the Cequence Security Platform, including Defender (WADC/WAAP), Unified API Protection, and Bot Defense. Integrate Cequence Defender with existing security infrastructure, including Imperva, Datapower/APIC, and threat intelligence platforms. Develop and maintain comprehensive security policies and rules within Cequence Defender to effectively mitigate threats. Analyze security events and incidents detected by Cequence Defender, conducting thorough investigations and implementing appropriate remediation actions. Proactively monitor the threat landscape for emerging threats and vulnerabilities, adapting Cequence Defender configurations accordingly. Create and maintain detailed documentation for Cequence Defender configurations, policies, and incident response procedures. Collaborate with other security team members to ensure the overall security posture of the organization is maintained. Stay up to date on the latest security best practices and industry trends, particularly in application security and API protection. Qualifications:Proven experience working with Cequence Security Platform, specifically Cequence Defender. Strong understanding of web application security principles, common vulnerabilities (OWASP Top 10), and attack methodologies. Hands on experience with security tools and technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and web application firewalls (WAFs). Familiarity with scripting languages (e.g., Python, Bash) for automation and integration purposes. Excellent analytical and problem solving skills, with the ability to troubleshoot complex technical issues. Strong communication and collaboration skills, with the ability to effectively communicate technical concepts to both technical and non technical audiences.Preferred Qualifications:Industry certifications in cybersecurity, such as CISSP, CEH, or CCNP Security. Experience with cloud security platforms (e.g., AWS, Azure, GCP). Knowledge of API security best practices and standards (e.g., OpenAPI Specification, OAuth 2.0).

Educational QualificationBE/BTech/MCA Experience6 to 9 years JD Details Required Skills Deep knowledge of web Application and mobile applications security testing Suggest mitigation for identified vulnerabilities SOC incidents and threat analysis A clear conceptual understanding of the SDLC Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools Strong knowledge on network penetration testing. Security knowledge capturing and consolidation Collaboration on product conceptualization for security by design Knowledge on web appsec, ethical hacking, DFRA, CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Knowledge static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. 8. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats Desirable Skills Working knowledge of web and mobile application security Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security Knowledge on kali linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH)

Job Title Cyber Security Responsibilities Detailed insights of a variety of attack patterns, threats, malicious actors, exploits and common vulnerabilities, monitor threat intelligence and analyze CWEs and CVEs.? Commendable knowledge of current and emerging threats, Cloud Security and Application Security Concepts, and Enterprise Security Architecture.? Deep insights of Application Security S-SDLC Lifecyle framework with OWASP TOP 10, SANS 25, Public Cloud Security and tooling (Axure, AWS, Prisma Cloud, Twistlock etc).? Application Security (AppSec,VA/PT,DevSecOps, DevOps) and DevOps security and related software such as Blackduck, AquaSec, Synk, Coverity, etc.? Familiarity with cybersecurity frameworks and standards - NIST, MITRE ATT&CK, ISO, CMMC 2.0, PCI DSS etc Preferred Skills: Foundational->Cybersecurity Competency Management->Cyber Competency Strategy Planning Educational Requirements Bachelor of Engineering Service Line Quality * Location of posting is subject to business requirements

Educational Qualification: BE/BTech/MCA Experience: 6 to 9 years JD Details Required Skills Deep knowledge of web Application and mobile applications security testing Suggest mitigation for identified vulnerabilities SOC incidents and threat analysis A clear conceptual understanding of the SDLC Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools Strong knowledge on network penetration testing. Security knowledge capturing and consolidation Collaboration on product conceptualization for security by design Knowledge on web appsec, ethical hacking, DFRA, CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Knowledge static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. 8. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats Desirable Skills Working knowledge of web and mobile application security Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security Knowledge on kali linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH)

Job Purpose This position is open with Bajaj finserv ltd. Duties and Responsibilities Discover and Mitigate Cyber Risks and exploitable vulnerabilities on the internet facing apps/assets Conduct Regular Vulnerability Assessment and Penetration Testing of the applications Experience with latest technologies and security standards such as OWASP, CVSS, Mitre etc. Mobile App Reversing and pen testing as Android and iOS applications security standards Familiarity with malicious code identification and common hacker attack techniques Conduct regular Secure Code and Architecture Review, SAST and DAST Latest technology security- API, Microservices, RPA, IOT etc. Ethical Hacking and Red Teaming Activity (Addon preferred) Assess Third Party Partner vulnerabilities and security risk Remediations, Closures Tracking, Reporting and Management of all Cyber Risks Engage with technology Teams and partners and business units to resolve identified vulnerabilities within acceptable timelines Design and deliver actionable Information Security dashboards and scorecards Work with partners in carrying out comprehensive VAPT assessment Advanced understanding with working experience collecting and tracking threat intelligence Experience working with tracking, communicating, and prioritizing vulnerabilities and cyber threats to an enterprise-wide organization Required Qualifications and Experience Engineering / Computer Graduate with 3-5 years of Information / Cyber Security Experience Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred Prior experience of Security Testing, OWASP Top 10 and application security Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing Sound in latest application technologies and network attacks execution Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management Threat Modelling, Cloud Security and WAF basics clarity DevOps / DevSecOps and Source Code security review experience is added boon Well versed with related tools and techniques of all the above

Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Job Purpose This position is open with Bajaj finserv ltd. Duties and Responsibilities Ethical Hacking and Red Teaming Activity Discover and Mitigate Cyber Risks and exploitable vulnerabilities in the internet facing apps/assets Conduct Regular Vulnerability Assessment and Pen Testing of the applications Experience with latest web technologies, Android and iOS applications security Conduct regular Secure Code and Architecture Review Familiarity with malicious code identification and common hacker attack techniques Latest technology security- API, Microservices, RPA, IOT etc. Ensure Application Security Standard Assess Third Party Partner vulnerabilities and security risk Remediations, Closures Tracking, Reporting and Management of all Cyber Risks Engage with technology Teams and partners and business units in order to resolve identified vulnerabilities within acceptable timelines Design and deliver actionable Information Security dashboards and scorecards Work with partners in carrying out comprehensive VAPT assessment Advanced understanding with working experience collecting and tracking threat intelligence Experience working with tracking, communicating and prioritizing vulnerabilities and cyber threats to an enterprise wide organization Required Qualifications and Experience Engineering Graduate with 4-5 years of Information/Cyber Security Experience Relevant Security Certifications like CEH, ECSA etc. preferred Prior experience of Security Testing, OWASP Top 10 and application security Prior experience of Payment Testing, Mobile Applications and API Security testing Sound in latest application technologies and network attacks execution Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management Threat Modelling, Cloud Security and WAF basics clarity DevOps/DevSecOps and Source Code security review experience is added boon Well versed with related tools and techniques of all the above

Project Role : Technology OpS Support Practitioner Project Role Description : Own the integrity and governance of systems, including best practices for delivering services. Develop, deploy and support infrastructures, applications and technology initiatives from an architectural and operational perspective in conjunction with existing standards and methods of delivery. Must have skills : Governance Risk Compliance (GRC) Good to have skills : Service Delivery Minimum 2 year(s) of experience is required Educational Qualification : 15 years full time education As the Delivery Assurance Manager, lead and collaborate with service delivery and interlock functions to manage risk in Application service delivery to an acceptable level. Ensure implementation of Delivery Assurance related activities across the different business entities in the Accenture Technology Delivery Center Increase the level of awareness and compliance with policy and process related matters. Manage various certification programs and apply lessons learnt from matters requiring interventions.Duties and Responsibilities Manage audits/reviews to assess the Application service control environment and evaluate adherence to client identified contractual requirements, Accenture policies and standards. Driving development of a holistic application security audit program Provide subject matter expertise to service delivery on risk, compliance, control and information security throughout the delivery. Lead implementation and maintenance of risk self-assessment programs across service delivery. Manage to ensure that the identified findings and actions are tracked to closure and reported to leadership. Facilitate sharing of learning from matters requiring interventions, such as incidents, initiate process improvements and updates to policies and standards. Liaise with other Accenture functions, including Internal Audit, Global Asset Protection/CIRT, Information Security, and Risk and Quality Management/Quality Assurance, Legal/Contract Management, Policy teams, delivery centers, sales teams, and Accenture clients to ensure the risk management process is efficient and effective Lead and coordinate preparation of service delivery for certification programs across contracts, such as SSAE16_ISAE3402/ SOC 2 audits. As per requirement, support service delivery in preparation for client or industry specific certification and compliance programs, Sarbanes Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Medicines and healthcare products regulatory agency (MHRA), Utilization Review Accreditation Commission (URAC), Payment Card Industry (PCI). Responsible for People Management such as but not limited to the following: Provides team members with a clear sense of direction and understanding of one another's responsibilities Structures activities/projects to enable reasonable workload and work/life balance Provides individuals with positive and developmental feedback, promptly and openly Maintains positive and effective work relationships with peers and clients/customersIII.Career Level ExpectationsComplexity Requires identifying and assessing complex problems for area of responsibility. To draw a causal meaningful relationship for delivery and internal management insight. Requires adherence to strategic direction set by senior management when establishing near-term goals. Interaction with senior management at a client and/or within Accenture, involving matters that may require acceptance of an alternate approach.Authority Some latitude in decision-making. Acts independently to determine methods and procedures on new assignmentsImpact or Decision Impact Decisions have a major day to day impact on area of responsibilityScope Manages medium sized teams of reviewers within AccentureIV.Skills and Proficiency ExpectationsBelow are the skills and minimum levels of proficiency (or depth of skill) that employees in this role are expected to possess. . Must-Have Skills/ Qualifications (list in order of priority): Minimum of 8-10 year experience in Auditing principles and practices (sample qualifications:CISA, ISO 27001 Lead Auditor) Minimum of 5-year experience in Application security/audit roles in Application development and maintenance service industry(sample qualifications:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development Experience in secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption Knowledge of Cloud services and security in cloud ( sample qualifications:Microsoft Azure/AWS/Google certifications) Minimum of 5-year experience in Operational compliance requirementsContract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements) Risk management or assessment (sample qualification:CRISC) Team and stakeholder managementNice-to-Have Skills/ Qualifications: Data privacy and protection (sample qualifications:CIPM, CIPT, CIPP) CISSP, CISM, CCSP, CCSK SOC1 and SOC2 (SSAE16 / ISAE3402) awareness Business Continuity and Disaster Recovery awareness (ISO 22301)VI.Working Conditions General Day Shift Single Home base but requires travel within delivery locations Overtime and On-Call required Coordination with other departments and deals across various levels of the organization, local and onshore.VII.Security Roles and Responsibilities Shall protect confidential information that is entrusted to them or to which they are otherwise exposed. Should not disclose any confidential Company, client, or third-party information to anyone outside the Company, except as authorized. Should not ever use confidential client, third-party or Company information for personal gain or advantage. Under no circumstances discuss with clients matters that concern other clients or engagements without the express authorization of such other clients. Must immediately open and act upon security communications from Protecting Accenture. Qualifications 15 years full time education