79 Owasp Top Jobs - Page 2

Overview The Application Security Developer IV will work closely with both engineering (development) teams and the Information Security group to make sure that RealPage applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role. Responsibilities Shift-Left security in Software Development Life Cycle (SDLC) for various applications. Provide guidelines, tooling, best practices and implement for: SAST Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) Runtime Application Self-Protection (RASP) Provide guidance and coaching to teams regarding security remediation efforts Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines Work with teams to ensure dependency scans are also part of their development process and pipelines Provide ongoing improvements and awareness training on new application threats and remediation techniques Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk Provide guidance to teams on proper storage and retrieval of application secrets Qualifications Bachelor's degree required; equivalent experience equal to 4 years software development may be considered in lieu of degree Minimum 6 years’ experience developing commercial SaaS solutions Deep familiarity with the OWASP Top 10 and other security concerns for web applications Familiarity with OWASP Application Security Verification Standards (ASVS) Familiarity with SAST, DAST, SCA Scans Familiarity and deep understanding of OWASP ASVS. Advanced understanding of OpenID Connect (OIDC) and OAuth2 and recommended practices for web and mobile applications Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) as found by scanning tools Understanding of SAST tools and dependency scanning tools Experience working/integrating with secret management systems such as HashiCorp Vault or AWS Secrets Manager Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas #LI-CP1 #LI-REMOTE

Hi, We are looking to expand our network security testing team. Below is the requirement Job Title: Security Testing Engineer (WFO) Report To: Test Lead Location: Faridabad 5 Days/Week Qualifications and Experiences Qualification: B.tech (Computer Science)/ Information Technology/ Electronics & Communication or MCA (2022 or before passout) Certification Required: CCNA/CCNP/OSCP/CEH Years of Experience Minimum 2 years of relevant experience post qualification Skills Certified highly skilled and motivated with Strong knowledge of network protocols, operating systems, Routing, Switching, Configuration and security technologies. Experience with security tools such as Metasploit, Nessus, burp Suite and Wireshark. Also, OWASP top 10. Excellent analytical, problem-solving, and communication skills. Teamwork and management Willingness to travel if required. Responsibilities and Duties Manage Cyber security and network security testing including operation of test equipment in accordance with Regulatory Standards and requirements. Provide technical Knowledge and use expertise for security testing lab and hands on experience in planning and excellent time management. Responsible for planning, directing, and organizing operational resource to accomplish department goals and objectives. Full ownership of strategy, test planning, resource planning and timely delivery of project. collaborate with cross-Functional teams. development, writing, review, and validation of test methods, laboratory SOPs, and other department-level operating and quality documents. Stay up to date with emerging threats, vulnerabilities, testing tools, guidelines. Recommend best practices and train the team of testing engineers. Conduct multiple projects within tight deadlines. Testing report preparation and review. Provide technical guidance and training to other team members as needed. Participate in incident response activities as needed. Salary and Benefits Monthly Salary: As per the competency Benefits Health Insurance Transport facility (Nearest Metro station) 5 days/week Interested candidate can share updated CV to "nikita.singh@nemko.com" or apply on naukri.com

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Web Application Firewall (WAF) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time educationJob Title:Senior Web Application Firewall (WAF) SMEJob Summary :We are looking for an experienced and technically strong Web Application Firewall (WAF) Subject Matter Expert (SME) to join our Security Delivery team. The ideal candidate will possess deep expertise in WAF technologies, strong experience in decoding web traffic and malicious scripts, and a solid development background to assess and close security gaps. This role is pivotal in safeguarding enterprise applications from web-based threats across on-prem, cloud, and hybrid environments.Key Responsibilities:WAF Strategy, Operations & GovernanceLead the deployment, configuration, and management of enterprise-grade WAF solutions such as Fastly, Yottaa, Human Bot Protection, Human Code Defender, F5 Silverline, F5 ASM, Imperva CWAF, Akamai WAF, AWS WAF, and Azure WAF.Develop and fine-tune advanced WAF policies and signatures to accurately detect sophisticated attack vectors including SQL Injection, XSS, RCE, and business logic abuse, while minimizing false positives.Analyze complex WAF logs and payloads using custom decoding and script analysis techniques to identify stealthy threats and misconfigurations.Maintain consistent security controls in line with OWASP Top 10, PCI-DSS, NIST, and ISO 27001 standards.Security Integration & Threat ResponseIntegrate WAF protections into DevSecOps pipelines, embedding security into the SDLC with automated deployment and testing.Collaborate with AppSec, DevOps, Cloud, and Infrastructure teams to secure applications across microservices, APIs, and multi-cloud environments.Act as a senior advisor during security incidents involving web-layer attacks, providing in-depth payload analysis and mitigation guidance.Scripting & Secure Development ExpertiseLeverage development and scripting skills (Python, Bash, PowerShell, Regex) to analyze obfuscated scripts and automate WAF rule generation, traffic simulation, and threat validation.Contribute to secure coding reviews and help developers understand WAF behavior in relation to application logic and vulnerabilities.Documentation, Reporting & Continuous ImprovementOwn and update detailed documentation including architecture diagrams, rule sets, exception handling, and change management logs.Produce regular dashboards and executive-level reports summarizing WAF effectiveness, threat intelligence trends, and incident analysis.Evaluate new WAF features and third-party integrations to improve detection efficacy and operational efficiency.Required Qualifications:Bachelors degree in Computer Science, Cybersecurity, or related field (Masters preferred).5+ years of hands-on experience with multiple WAF platforms across enterprise environments.Deep understanding of HTTP/S protocols, SSL/TLS encryption, CDN behaviors, load balancing, and reverse proxy technologies.Proven expertise in decoding, analyzing, and reverse engineering malicious JavaScript or encoded payloads to uncover evasion techniques.Strong understanding of web application architecture, OWASP Top 10 risks, and real-world threat scenarios.Preferred Skills & Certifications:Experience with Bot Mitigation, API Security, and Advanced Threat Protection mechanisms.Familiarity with CI/CD tools (e.g., Jenkins, GitLab), IaC (e.g., Terraform), and security automation frameworks.Certifications such as AWS Certified Security Specialty, Akamai WAF Certified, GIAC GWAPT/GWEB, CEH, or equivalent.Exposure to Big Data analytics platforms or SIEM solutions for advanced WAF telemetry analysis. JD need to update like this doing can you please share me the screen shot sure Summary :We are looking for an experienced and technically strong Web Application Firewall (WAF) Subject Matter Expert (SME) to join our Security Delivery team. The ideal candidate will possess deep expertise in WAF technologies, strong experience in decoding web traffic and malicious scripts, and a solid development background to assess and close security gaps. This role is pivotal in safeguarding enterprise applications from web-based threats across on-prem, cloud, and hybrid environments. Roles & Responsibilities:-Lead the deployment, configuration, and management of enterprise-grade WAF solutions such as F5 Silverline, F5 ASM, Imperva CWAF, Akamai WAF, AWS WAF, and Azure WAF.-Develop and fine-tune advanced WAF policies and signatures to accurately detect sophisticated attack vectors including SQL Injection, XSS, RCE, and business logic abuse, while minimizing false positives.-Analyze complex WAF logs and payloads using custom decoding and script analysis techniques to identify stealthy threats and misconfigurations.-Maintain consistent security controls in line with OWASP Top 10, PCI-DSS, NIST, and ISO 27001 standards.Security Integration & Threat Response-integrate WAF protections into DevSecOps pipelines, embedding security into the SDLC with automated deployment and testing.-Collaborate with AppSec, DevOps, Cloud, and Infrastructure teams to secure applications across microservices, APIs, and multi-cloud environments.-Act as a senior advisor during security incidents involving web-layer attacks, providing in-depth payload analysis and mitigation guidance.Scripting & Secure Development Expertise-Leverage development and scripting skills (Python, Bash, PowerShell, Regex) to analyze obfuscated scripts and automate WAF rule generation, traffic simulation, and threat validation.-Contribute to secure coding reviews and help developers understand WAF behavior in relation to application logic and vulnerabilities.Documentation, Reporting & Continuous Improvement-Own and update detailed documentation including architecture diagrams, rule sets, exception handling, and change management logs.-Produce regular dashboards and executive-level reports summarizing WAF effectiveness, threat intelligence trends, and incident analysis.-Evaluate new WAF features and third-party integrations to improve detection efficacy and operational efficiency. Professional & Technical Skills: -Hands-on experience with multiple WAF platforms across enterprise environments.-Deep understanding of HTTP/S protocols, SSL/TLS encryption, CDN behaviors, load balancing, and reverse proxy technologies.-Proven expertise in decoding, analyzing, and reverse engineering malicious JavaScript or encoded payloads to uncover evasion techniques.-Strong understanding of web application architecture, OWASP Top 10 risks, and real-world threat scenarios-Experience with Bot Mitigation, API Security, and Advanced Threat Protection mechanisms.-Familiarity with CI/CD tools (e.g., Jenkins, GitLab), IaC (e.g., Terraform), and security automation frameworks.-Certifications such as AWS Certified Security Specialty, Akamai WAF Certified, GIAC GWAPT/GWEB, CEH, or equivalent.-Exposure to Big Data analytics platforms or SIEM solutions for advanced WAF telemetry analysis. Additional Information:- The candidate should have minimum 5 years of experience in Web Application Firewall (WAF).- This position is based at our Bengaluru, Gurgaon and pune only- A 15 years full time education is required. Qualification 15 years full time education

Job Title: Java developer - API Security At a Glance: In your role, you will work in a cross-functional project team dedicated to enhancing the security of our API services within the bank's IT infrastructure. You will join a dynamic environment where you as a developer will be involved with designing and creating patterns, integrations and tools that benefit our API Security capabilities. Working Environment: The team is a newly created team where the departments of IT Infrastructure and IT Security jointly work to deliver a secure API capability. The team will work in an Agile fashion, promoting collaboration and iterative development. Your Profile: As a candidate, • You have extensive experience with Java (8+ years) and have knowledge of Python (should have). • You have strong awareness for IT Security and have experience with the developing secure API back-ends (OWASP top 10). • You have hands-on experience with Azure cloud services, including deployment and Security. • You have experience with coaching and mentoring developers. • You are proactive, learn by doing, and take ownership of your work. • You have strong English communication skills, both verbal and written, and are not afraid to speak up. • You have a team-player mindset and can collaborate effectively across teams. Join us to safeguard our API infrastructure and contribute to building a secure digital ecosystem. Apply now to become a key player in our API security team! Technology : Java, Azure, Integration/API, API Security, OWASP TOP 10

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices. Roles & Responsibilities:-Lead the delivery of application and infrastructure security services including:-Dynamic Application Security Testing (DAST)-Static Application Security Testing (SAST/SCA)-Web & API Penetration Testing-Mobile Application Security Testing-Infrastructure Vulnerability Management (IVM)-Oversee scan scheduling, execution, validation, and reporting.-Drive the reduction of false positives and enhance detection accuracy.-Ensure timely delivery of security testing activities aligned with client SLAs.-Perform automated and manual security scans for applications and infrastructure.-Validate findings, analyze root causes, and prioritize remediation based on risk.-Provide technical recommendations to development, DevOps, and infrastructure teams.-Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).-Administer and optimize usage of security tools including but not limited to:-WebInspect, Veracode, Burp Suite, Custom Scripting Tools-GitLab, ServiceNow Security Modules-Datadog Security Explorer, OpenShift ACS-Tune and maintain tool configurations, scan profiles, and dashboards.-Track scan volumes, issue lifecycle, and performance KPIs.-Deliver dashboards and executive-level reports on security posture.--Support audit, compliance, and client reporting needs.-Team Collaboration & Stakeholder Management-Provide technical direction and mentorship to the delivery team.-Liaise with client teams, application owners, and platform SMEs.-Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: -Experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.-Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).-Hands-on experience in penetration testing of web, mobile, and API-based applications.-Familiarity with infrastructure scanning and vulnerability remediation practices.-Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).-Experience working in global delivery teams, preferably in a client-facing role.Preferred Certifications-CEH / OSCP / GWAPT / CISSP / CSSLP,Veracode Certified Specialist or equivalent,Vendor certifications on WebInspect, Burp Suite, GitLab Security-Knowledge of cloud security principles (Azure/AWS/GCP)-Familiarity with container security and DevSecOps tooling-Exposure to automated CI/CD security integrations Additional Information:- The candidate should have minimum 5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Overview We are seeking a skilled and experienced security professional to manage and enhance our web application security infrastructure. The ideal candidate will bring expertise in application and network security, with a strong foundation in managing WAF platforms such as Imperva. This role requires a deep understanding of modern security frameworks, cloud environments, and incident response practices to ensure robust protection across systems. Role Manage and optimize the Imperva Web Application Firewall (WAF) or similar platforms. Conduct application security assessments aligned with OWASP Top 10 and other industry standards. Administer and review AWS IAM policies, roles, and access controls. Support and maintain firewall infrastructure, with an emphasis on Palo Alto Networks. Collaborate with IT and security teams to manage secure network architecture including load balancers, routers, and virtualized environments. Drive incident response efforts, including root cause analysis, documentation, and mitigation strategies. Participate in infrastructure design reviews to enforce security best practices. Engage in security governance and compliance activities, contributing to a secure SaaS and cloud-based operational environment. All About You Experience Proven experience managing Imperva WAF or similar web security platforms. In-depth knowledge of OWASP Top 10, NVD databases, and CVSS scoring systems. Strong background in application security testing and assessments. Hands-on experience with AWS IAM, including creation of security policies and role-based access control. Proficiency in core networking protocols and technologies: TCP/IP, HTTP, DNS, SSL/TLS, APIs, HTML, and JavaScript. Familiarity with firewall systems, especially Palo Alto Networks. Working knowledge of load balancing, network routing and switching, and virtualization platforms. Demonstrated experience in security incident response, problem tracking, and reporting. Understanding of IT infrastructure design with a security-first approach. Exposure to AWS security controls and SaaS platforms is highly desirable. Relevant certifications such as CISSP, AWS Security Specialist, or equivalent are preferred.

PN: who are relevant & interested candidates can come for F2F interviews on Wednesday,20th Aug 25 btw 10:30am to 6:00pm, Venue details: Happiest Minds- SMILES 1,3rd & 4th Floor, SJR Equinox,Sy.No.47/8,Doddathogur Village,Begur Hobli,E- City Phase1,Hosur Road, Opposite to Velankani tech park,B-560100. . POC:-Sreenivas Please find below the JD for your reference, experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms.

Your Role Perform static application security testing on source code using Fortify. Perform software composition analysis using Sonatype IQ Assist with scan onboarding and troubleshooting Integrate tools into Jenkins pipelines Collaborate with teams to remediate high/critical findings Generate and analyse SCA scan result Automate reporting and dashboards Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Your Profile Deep understanding of Source code review, SCA and SBOM Hands-on experience with SAST and SCA tool Fortify SCA, Sonatype IQ. Good understanding of secure coding practices for languages such as Java, .NET ,JavaScript,Python,etc. Strong knowledge of OWASP Top 10, CWE, and secure software development lifecycle (SSDLC). Familiarity with CI/CD pipelines and integrating security tools in DevOps. (Jenkins, GitHub) Security certifications such as OSCP, GWAPT, eWPTX, CEH, CRTP will be an added advantage. What will you love working at Capgemini Every Monday, kick off the week with a musical performance by our in-house band - The Rubber Band. Also get to participate in internal sports events, yoga challenges, or marathons. At Capgemini, you can work oncutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. You will have the opportunity to learn on one of the industry"s largest digital learning platforms, with access to 250,000+ courses and numerous certifications.

Job Title: Application Security Expert - Red Team / Ethical Hacker Department: Information Security / Cybersecurity Reports To: Group CISO Job Summary: The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture. Responsibilities: Red Teaming & Attack Simulation: Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls. Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors. Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities. Advanced Penetration Testing: Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques. Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling. Develop detailed penetration test reports with clear and actionable recommendations for remediation. Secure Code Review (Offensive Perspective): Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers. Provide developers with guidance on secure coding practices and vulnerability remediation techniques. Develop and maintain secure coding guidelines and checklists. Vulnerability Research & Exploit Development: Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques. Conduct vulnerability research to identify new and emerging threats. Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities. SDLC Integration & Security Advocacy: Collaborate with development teams to integrate security testing and red teaming activities into the SDLC. Participate in design reviews and provide security guidance on application architecture and design. Promote a security-conscious culture within the development organization. Vulnerability Management (Validation & Verification): Validate and verify the effectiveness of vulnerability remediation efforts. Retest remediated vulnerabilities to ensure they have been properly addressed. Security Tooling & Automation (Offensive Tools): Evaluate, recommend, and customize offensive security tools and technologies. Automate red teaming and penetration testing processes to improve efficiency and coverage. Required Skills and Qualifications: Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Experience: 8+ years of experience in application security, penetration testing, red teaming, or a related field. Demonstrable experience conducting advanced penetration tests and red team engagements. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux). Experience with exploit development and reverse engineering. Technical Skills: Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++). Strong understanding of web application architectures and technologies. Deep understanding of network protocols and security concepts. Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP). Understanding of authentication and authorization mechanisms. Certifications (Required/Preferred): Offensive Security Certified Professional (OSCP) - Required Certified Ethical Hacker (CEH) - Preferred GIAC Web Application Penetration Tester (GWAPT) - Preferred Offensive Security Certified Expert (OSCE) - Highly Preferred Offensive Security Web Expert (OSWE) - Highly Preferred

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology-Security Testing-Security Testing - ALL

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like youThen it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development - Stay updated on the latest security trends, vulnerabilities, and technology advancements. - Provide training and guidance to the team and other departments on security best practices. Strategy and Planning - Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. - Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: - Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) - Internal/external network penetration, privilege escalation, and lateral movement - Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) - Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels - Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing - Working knowledge of Kali Linux and frameworks like MITRE ATT&CK - Basic understanding of AI/ML securityadversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: - OffensiveBurp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver - ReconnaissanceNmap, Amass, Shodan, OSINT frameworks/tools - Vulnerability ScannersNessus, Qualys, Nexpose Programming/Scripting: - Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills - Excellent written and verbal communication skills - Strong analytical and problem-solving capabilities - Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): - Highly DesirableOSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE - Other ConsideredEWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at

About The Role Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Web Application Firewall (WAF) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and technically strong Web Application Firewall (WAF) Subject Matter Expert (SME) to join our Security Delivery team. The ideal candidate will possess deep expertise in WAF technologies, strong experience in decoding web traffic and malicious scripts, and a solid development background to assess and close security gaps. This role is pivotal in safeguarding enterprise applications from web-based threats across on-prem, cloud, and hybrid environments. Roles & Responsibilities:-WAF Strategy, Operations & Governance-Lead the deployment, configuration, and management of enterprise-grade WAF solutions such as F5 Silverline, F5 ASM, Imperva CWAF, Akamai WAF, AWS WAF, and Azure WAF.-Develop and fine-tune advanced WAF policies and signatures to accurately detect sophisticated attack vectors including SQL Injection, XSS, RCE, and business logic abuse, while minimizing false positives.-Analyze complex WAF logs and payloads using custom decoding and script analysis techniques to identify stealthy threats and misconfigurations.-Maintain consistent security controls in line with OWASP Top 10, PCI-DSS, NIST, and ISO 27001 standards.-Security Integration & Threat Response-Integrate WAF protections into DevSecOps pipelines, embedding security into the SDLC with automated deployment and testing.-Collaborate with AppSec, DevOps, Cloud, and Infrastructure teams to secure applications across microservices, APIs, and multi-cloud environments.-Act as a senior advisor during security incidents involving web-layer attacks, providing in-depth payload analysis and mitigation guidance.-Scripting & Secure Development Expertise-Leverage development and scripting skills (Python, Bash, PowerShell, Regex) to analyze obfuscated scripts and automate WAF rule generation, traffic simulation, and threat validation.-Contribute to secure coding reviews and help developers understand WAF behavior in relation to application logic and vulnerabilities.-Documentation, Reporting & Continuous Improvement-Own and update detailed documentation including architecture diagrams, rule sets, exception handling, and change management logs.-Produce regular dashboards and executive-level reports summarizing WAF effectiveness, threat intelligence trends, and incident analysis.-Evaluate new WAF features and third-party integrations to improve detection efficacy and operational efficiency. Professional & Technical Skills: -Experience with multiple WAF platforms across enterprise environments.-Deep understanding of HTTP/S protocols, SSL/TLS encryption, CDN behaviors, load balancing, and reverse proxy technologies.-Proven expertise in decoding, analyzing, and reverse engineering malicious JavaScript or encoded payloads to uncover evasion techniques.-Strong understanding of web application architecture, OWASP Top 10 risks, and real-world threat scenarios.-Experience with Bot Mitigation, API Security, and Advanced Threat Protection mechanisms.-Familiarity with CI/CD tools (e.g., Jenkins, GitLab), IaC (e.g., Terraform), and security automation frameworks.-Certifications such as AWS Certified Security Specialty, Akamai WAF Certified, GIAC GWAPT/GWEB, CEH, or equivalent.-Exposure to Big Data analytics platforms or SIEM solutions for advanced WAF telemetry analysis. Additional Information:- The candidate should have minimum 5 years of experience in Web Application Firewall (WAF).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

Role Overview: Java + Adobe, Salesforce, and Oracle. All resources should be L3 or L4 level, as L1/L2 engineers lack knowledge on code fixes. Highly skilled and security-focused Code Remediation Engineer with deep expertise in Java Full Stack development, cloud security tools, and enterprise platforms. This role is central to identifying, fixing, and preventing security vulnerabilities across complex application ecosystems. The ideal candidate will be hands-on in writing secure code, remediating legacy issues, and collaborating across teams to uplift the security posture of enterprise applications. Responsibilities: Analyze and remediate security vulnerabilities in Java-based full stack applications. Refactor insecure or deprecated code patterns to align with secure coding standards. Develop and deploy secure code fixes while maintaining application functionality and performance. Utilize tools such as Azure Defender , PRISMA Compute , AWS Inspector , and GCP Security Command Center to detect and respond to security threats. Integrate cloud-native security controls into application development and deployment pipelines. Embed security checks into CI/CD workflows using GitHub Advanced Security , CodeQL , and other tools. Automate remediation pipelines and enforce policy-as-code for consistent security enforcement. Apply remediation strategies across niche platforms such as Salesforce , Adobe , Oracle , Viva , Pega , IBA , and others. Collaborate with platform-specific teams to ensure secure integration and data handling. Work closely with application owners, architects, and security teams to prioritize and implement fixes. Document remediation efforts, root cause analysis, and secure development guidelines. Qualifications: 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular). Proven experience in code remediation and secure development practices . Hands-on experience with cloud security tools across Azure, AWS, and GCP. Familiarity with GitHub Advanced Security , CodeQL , and CI/CD pipelines . Exposure to one or more enterprise platforms (e.g., Salesforce, Adobe, Oracle, Pega). Strong understanding of OWASP Top 10 , secure coding principles , and threat modeling . Excellent problem-solving, debugging, and communication skills. Experience with containerized environments (Docker, Kubernetes). Optional: Certifications in cloud security (e.g., AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer). Knowledge of infrastructure-as-code (Terraform, ARM, CloudFormation). Preferred candidate profile

Role Overview Were hiring an experienced L2 Web Application Firewall (WAF) Administrator to take ownership of WAF security across large-scale enterprise environments. Youll be responsible for configuring, maintaining, and monitoring WAF platforms (primarily F5, Citrix, or similar) to protect business-critical web applications from cyber threats. This is a hands-on operational role with a focus on real-time threat prevention, incident troubleshooting, and continuous tuning of WAF policies. Key Responsibilities Operate and manage Web Application Firewalls (WAF) in 24x7 production environments. Configure security policies, enforce rulesets, and tune signatures to defend against web-based threats (SQLi, XSS, CSRF, etc.). Respond to and troubleshoot WAF-related incidents, traffic anomalies, and false positives. Perform regular health checks, system upgrades, patching, and SSL certificate management. Monitor WAF dashboards, threat logs, and alerts to proactively mitigate application-level attacks. Coordinate with security, application, and network teams to implement protection for new or updated web apps. Maintain technical documentation, including WAF policies, traffic flows, and change logs. Ensure compliance with OWASP Top 10, PCI-DSS, and internal security standards. Required Skills & Experience Minimum 5 years of hands-on experience in Web Application Firewall administration . Expertise in F5 ASM , Citrix WAF , Imperva , or other enterprise-grade WAF platforms. Deep understanding of web protocols (HTTP/S) and Layer 7 traffic behavior . Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC Application Centric Infrastructure (ACI) deployment and data center experience Strong knowledge of OWASP Top 10 vulnerabilities and common web attack patterns. Ability to write and tune custom WAF rules , manage exceptions, and interpret log data for root cause analysis. Familiarity with SSL offloading , certificate renewal, and encryption standards. Experience in coordinating with SOC/NOC teams and participating in incident response. Certifications (Mandatory) F5-201/Other Industry leading OEM Professional level Nice to have Experience in WAF policy automation or scripting (Python, Bash, Ansible). Exposure to multi-vendor WAF environments. Experience with design and implementing Software Defined Network (SDN) and large complex networks Basic understanding of load balancing, but primary expertise must be WAF-centric. Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC

Role Overview We are hiring a highly experienced L3 Web Application Firewall (WAF) Specialist to lead the planning, implementation, and optimization of WAF solutions across enterprise environments. This is a technical leadership role requiring deep understanding of application-layer security, strong hands-on experience with WAF technologies (especially F5 ASM or equivalent), and the ability to handle complex security incidents independently. You will act as the subject matter expert (SME) for WAF in client-facing and internal security engagements, guiding application protection strategies, overseeing advanced threat prevention, and mentoring L1/L2 engineers. Key Responsibilities Lead WAF Design & Deployment : Architect, configure, and deploy enterprise-grade WAF solutions across multi-tenant, multi-region environments using technologies like F5 ASM, Citrix, or Imperva. Incident Management & Escalation (L3 Level) : Handle high-priority WAF incidents, perform root cause analysis (RCA), implement custom mitigations, and ensure resolution within defined SLAs. Policy Tuning & Custom Rules : Develop and optimize custom WAF rules (iRules, regex, JSON filters) based on traffic analysis, threat signatures, and business use cases to minimize false positives and ensure maximum protection. Threat Intelligence Integration : Analyze logs and correlate WAF events with threat intelligence feeds and SIEM tools to proactively detect and respond to Layer 7 attacks (e.g., SQLi, XSS, RFI, LFI, bot traffic). Pre-Production Application Review : Collaborate with DevSecOps and App teams to assess applications prior to production rollout, ensuring adequate WAF protection is in place through rigorous policy simulations and tuning. Patch & Upgrade Planning : Plan and execute firmware upgrades, policy migrations, and security patching aligned with vendor lifecycle and enterprise security policies. Compliance & Audit Support : Align WAF posture with OWASP Top 10, PCI-DSS, GDPR, and internal compliance frameworks; prepare documentation and reports for audits and security assessments. Mentoring & Process Improvement : Mentor L1/L2 WAF engineers, define SOPs, standardize response playbooks, and drive automation initiatives where possible. Required Skills & Experience Minimum 7 years of hands-on experience managing Web Application Firewalls in enterprise or service provider environments. Deep expertise in WAF platforms such as F5 BIG-IP ASM , Citrix AppFirewall , Imperva , or Fortinet WAF. Strong knowledge of Layer 7 protocols , HTTP/HTTPS traffic analysis , TLS/SSL decryption , and web server architectures . Familiarity with protocols and technologies such as BGP, OSPF, VXLAN, or MP-BGP EVPN is a plus. Advanced understanding of application-layer threats , bot mitigation , credential stuffing , zero-day exploit patterns , and custom rule writing . Proven ability to manage complex security incidents independently and interface with customers, stakeholders, and internal security teams. Experience with configuration backup/recovery , version control , and multi-tenant policy management . Excellent documentation, troubleshooting, and stakeholder communication skills. Certifications (Mandatory) F5-301/F5-303/Other Industry leading OEM Professional level Certification Nice to Have Exposure to cloud-native WAFs (e.g., AWS WAF, Azure WAF, Cloudflare). Experience in ACI (Application Centric Infrastructure) and Software Defined Networking (SDN) for securing microservices or hybrid apps. Scripting or automation knowledge (Python, Bash, Ansible) to streamline monitoring and deployment tasks.

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

You will join the Jenkins Security team which has the mission to enhance the security of the open source project Jenkins, and the CloudBees product based on it (CloudBees CI). What You?ll Do Dig into the internals of Jenkins and its plugin system from the perspective of web application security. Work on the lifecycle of vulnerabilities. Improve our security tooling/process/automation. Provide security education, increase awareness in the department and in the community. What The Role Requires Bachelor?s or Master?s degree in Computer Science or related field. 1-3 years of professional experience in Java web application development (JavaScript is a plus) with Bachelor?s degree or 0 year with a Master?s degree Knowledge & passion for web application security (e.g., OWASP Top 10). Hacker mindset. Willingness to learn. Desire to break things for the good. Solving problems. Knowledge on using CI/CD tools (Jenkins is a plus). Experience in scripting is a plus (Groovy, Shell). Familiar with Maven, Git, Docker.