27 Owasp Top Jobs - Page 2

1.Application Security Engineer Mandatory skills: 8"“10-years of manual penetration testing experience( Mobile, Web application , Web services, API ) Manual pen test experience on mobile application at least 20+ apps. T he ability to notice "odd" behavior and able to take the initiative to investigate it. Manual Web application and Web Services, API experience more then 300+ Applications. Very good in reporting as per the best practices. Person should know the vulnerability and the remediation in depth so that he can suggest the same to all the stakeholders. Expert in Burp Suite tool. Technical Skills: Knowledge of how to put into practice the OWASP Security Testing Standard. Fair understanding of testing the applications behind the Web Application Firewall and the evasion techniques. Good pen testers have the drive to keep digging and enjoy solving puzzles. Tools and procedures can be learned, but the "knack" or "hacker gene" is something that the person must have developed on their own or they will never be a top-level tester. As far as tools, the baseline is the same as web app pen testing, e.g., Kali, Burp, Python, Wireshark, radar, etc. For mobile app specific tools, theres Frida, MARA, Cydia, and others- there are multiple platforms that can accomplish the same thing, so to an extent its the testers preferences. In addition to the basic scripting skills necessary for most pen testing, a mobile pen tester should have experience with Java and Objective-C as those are the main languages for app development, as well as JavaScript since thats how Frida interactions are done (as mini-JS scripts to control the app and hook function calls). Ideally a tester will have experience as a mobile app developer, since its easier to understand the disassembly of an app if you understand how it was put together in the first place. A good understanding of jailbreaking, certificate management, and MITM operations are also necessary since natively the mobile application and the device will not allow MITM. Banking and financial domain experience would be addon to the existing skillsets. Last but not the least the person should have the excellent soft skill and a good team player. 2. DevSecops Engineer: Role Overview The Application DevSecOps Program is seeking a DevSecOps Security Engineer who will be responsible for executing comprehensive security scans, including but not limited to SAST, DAST, IAST, and ad-hoc penetration testing. The candidate will play a critical role in advancing the "Shift Left and Secure Early" initiative, ensuring security vulnerabilities are identified and mitigated early in the development lifecycle. This role involves analyzing security vulnerabilities and providing remediation solutions by writing secure code, offering guidance to development teams, and coordinating with cross-functional teams across the platform. Key Responsibilities Hands-on experience in creating and implementing DevSecOps pipelines using CI/CD automation tools such as Jenkins, GitHub Actions, CheckmarxOne, BurpSuite, and other open-source security tools. Implement and enforce Application Cyber Security Controls/Policies developed by the DevSecOps Program. Perform security vulnerability demonstrations for application teams to help them understand the impact and remediation strategies. Drive resolution of application security issues, collaborating with development and operations teams. Provide clear, actionable guidance to application teams for effective vulnerability mitigation and secure coding practices. Conduct comprehensive application security assessments using industry-standard security tools (SAST, SCA, DAST, PT, etc.). Automate repetitive tasks using tools such as Postman, PowerShell, and Python scripting. Create and maintain executive-level dashboards to track security metrics and assessments using PowerBI or similar reporting tools. Categorize and recommend security assessment strategies for both existing and new application development projects. Provide training and coaching to development and supplier teams on application security best practices and secure coding techniques. Develop training material and conduct training sessions to improve security awareness across teams. Skill-set Required Hands-on experience in writing secure code in languages such as Java, JavaScript, Python, and .NET. Proven experience running security scans, including SAST, SCA, DAST, and penetration testing (PT). Deep understanding of the OWASP Top 10 vulnerabilities and mitigation strategies for each. Solid background in application development, including working with compiled code, mobile applications, website design, and web services. Proficient in programming, scripting, and query languages such as Java, SQL, HTML, JavaScript, Python, and PowerShell. Familiarity with cloud security practices (AWS, Azure, or GCP) and container security (Docker, Kubernetes) is a plus. At least 3-5 years of DevSecOps experience focused on application testing, security integration, and automation. Preferred:Candidates with scripting experience in Python, Shell scripting, or other automation tools. 3.Vulnerability Assessment and Penetration Testing: This role is responsible for providing strong security testing services to meet project requirements. Solid competencies in information security processes, framework, and technologies, such as:Application Vulnerability Assessment, Penetration Testing, Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc. Good understanding of core security mechanisms, crypto libraries, and server-side security. Good understanding of supported frameworks and cleansers functions. Ability to understand vulnerabilities, interact and explain security risks/ impact to teams. Document vulnerabilities and collaborate with application team to help provide remediation. Experience in tools Appscan, Burp Suite, Insomnia REST and opensource tools like kali Linux. Adopt risk-based approach to translate technology risk into actual business impacts and prioritized actions. Prepare and propose any security tools to facilitate qualitative security testing. Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact. Any security certifications are a plus. OSCP preferred. Exposure to banking/ financial services domain is a plus.

"Seeking 8 contract resources in Hyderabad and Bangalore for performing SAST (Static application security testing), SCA (Software Composition Analysis) and DAST (Dynamic application security testing) to perform identification and remediation of vulnerabilities in Applications. About the Job:This position is a Contractor at Senior Specialist Cyber Security role for performing Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by performing remediation validation of vulnerabilities identified during the testing process. While doing so they will also be identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers. Experience Level:8 years Location:Hyderabad or Bengaluru Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWEs as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. This person will be primarily tasked to execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities. Tester must ensure results from scanner are present in Vulnerability reporting platforms and visible to approved app users. Perform manual validation and false positive analysis on the automated scan results. Provide remediation support will analyze the top rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Primary / Mandatory skills:Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front end and back end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team oriented thinking with demonstrated ability to produce high quality work as part of a fast paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills:SAST, DAST, SCA Additional information (if any):Flexible to provide coverage in US morning hours upon need."