53 Owasp Zap Jobs

Organization: At CommBank, we never lose sight of the role we play in other peoples financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things. Job Title: : Staff Security Engineer Location: Bangalore Business & Team: We&aposre building tomorrows bank today, which means we need creative and diverse engineers to help us redefine what customers expect from a bank. Envisioning new technologies that are still waiting to be invented and reimagining products that support our customers and help build Australias future economy. CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk. The CBA technology unit delivers the best digital banking services to Commonwealth Bank customers and to do so is responsible for digital delivery, group data and analytics, technology and technology infrastructure, cyber, fraud, physical security and business resilience for all divisions across CBA. It is also dedicated to delivering the best workplace technology experience for our over 53.000 people across CBA and focused on providing the latest tools, technology, and resources to enhance the way we work together and empower our people to achieve more for our customers. The Security Engineering team protects the group and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk. Impact & Contribution: Designing and implementing secure solutions that align with group security policies, standards, and reference architecture. Work on threat modelling and can interpret and understand key cyber controls across the Group. Identify security requirements, qualify threats to design the IT systems and build countermeasures to minimise cyber risks. Collaborating with cross-functional teams to drive security outcomes throughout the design, build, and run phases of product development Supporting the adoption of modern scalable and high-velocity security practices, including Secure By Design, DevSecOps, and Automation Contributing to the continuous innovation and re-engineering of existing security engineering practices, including the development of practice strategies, patterns, and processes Staying up-to-date with the evolving technology landscape and providing expert guidance on security engineering best practices Supporting the response to high-profile security incidents, technology strategy and selection, and automation of security services Roles & Responsibilities: Provide deep technical hands-on Experience in security engineering, with a focus on design, strategy and implementation of secure solutions. Have strong understanding of security policies, standards, and reference architecture, and expertise in threat modelling, threat detection, control mapping, vulnerability analysis and control engineering risk identification. Are experienced in designing and building reusable security patterns and or solutions. Essential Skills: 8-12 years of experience in security engineering. Have experience with secure by design, DevSecOps, and Security automation (SAST, DAST, IAST) practices. Are experienced in designing and implementing enterprise Security Guidelines and Practices should have hands on experience in developing code , doing secure code Review , Threat modelling. Should have hands on experience securing Docker , Container and kubernitess. Experience with penetration testing and vulnerability assessment , and tool like OWASP ZAP or Burp Suite Familiarity with compliance frameworks, such as PCI-DSS or HIPAA Experience with AI/ML frameworks, libraries, and tools, such as TensorFlow, PyTorch, or Keras . Familiarity with Australian financial industry regulations and standards, such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) Education Qualification: Bachelors degree or masters degree in engineering in Computer Science/Information Technology If you&aposre already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you&aposll need to apply through Sidekick to submit a valid application. Were keen to support you with the next step in your career. We&aposre aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 30/08/2025 Show more Show less

You are looking for an experienced Java Team Lead who can demonstrate strong technical expertise and leadership skills. In this role, you will be responsible for overseeing the design, development, and deployment of Java-based applications while providing guidance and mentorship to a growing development team. With a minimum of 5 years of overall experience in Java development, including at least 2 years in a leadership role, you will be instrumental in leading the team towards successful project outcomes. Your primary responsibilities will include leading the design and implementation of Java applications, reviewing and testing code to maintain quality and performance standards, and ensuring adherence to SDLC processes and timelines in collaboration with other teams. As a Java Team Lead, you will also be tasked with providing technical mentorship to junior developers, assigning tasks effectively, and ensuring that the application's security measures comply with OWASP guidelines and industry best practices. Proficiency in Spring MVC, Spring Boot, Spring Security, JPA, Hibernate, HTML/JSP/React, and Eclipse is essential for this role, along with a strong background in SQL Server or Oracle databases. Your expertise should extend to identifying and addressing OWASP vulnerabilities, familiarity with DAST and SAST tools, and experience with security tools like Burp Suite, OWASP ZAP, and SonarQube. Additionally, knowledge of microservices architectures and cloud services (AWS, Azure, or GCP) will be advantageous in fulfilling the requirements of this position. To qualify for this role, you should hold a Bachelor's or Master's degree in Computer Science, Engineering, or a related field. If you are ready to take on this challenging yet rewarding opportunity, we look forward to considering your application.,

As a Staff Application Security Engineer at Zscaler, you will be an integral part of the Product Security team. You will report to the Director of Vulnerability Management and play a vital role in conducting comprehensive static and dynamic analysis of applications to detect and address security vulnerabilities at an early stage of the development process. Your responsibilities will include implementing Software Composition Analysis (SCA) tools to manage open-source components, ensuring their security and up-to-date status. Additionally, you will be responsible for assessing and securing containerized environments and Infrastructure as Code (IAC) deployments, emphasizing the adherence to security best practices to safeguard the infrastructure against potential threats. To be successful in this role, you should possess expertise in DevSecOps, with a minimum of 4 years of hands-on experience in deploying and managing security protocols such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), or Infrastructure as Code (IaC). Proficiency in application security tools like Snyk, Semgrep, Coverity, and knowledge of dependency management tools is essential. You should have a strong understanding of secure coding practices, vulnerability management, remediation techniques, and expertise in source control and CI pipelines. Preferred qualifications include experience as a software developer or in a DevSecOps position, proficiency in programming languages like Java, Python, JavaScript, C/C++, and Golang. Extensive experience in Cloud Security is desirable, with the ability to secure cloud environments in AWS, Azure, and Google Cloud, along with knowledge of cloud-native security tools and methodologies. Joining Zscaler means becoming part of a diverse and inclusive team that values collaboration and belonging. Our comprehensive Benefits program supports employees and their families at various life stages, offering health plans, vacation and sick time off, parental leave options, retirement plans, education reimbursement, in-office perks, and more. By applying for this role, you agree to comply with applicable laws, regulations, and Zscaler policies related to security, privacy standards, and guidelines. Zscaler is committed to providing reasonable support and accommodations in recruiting processes for candidates with different abilities, long-term conditions, mental health conditions, religious beliefs, neurodiversity, or pregnancy-related support.,

Your demonstrated ability will be required to develop test automation using Selenium Webdriver with Java, TestNG, Appium, REST Assured, and Maven. The ideal candidate should have a minimum of 1.5 to 7 years of experience in this field. Key Skills and Qualifications: - Minimum 1.5 to 7 years of experience in developing test automation using Selenium Webdriver with Java, TestNG, Appium, REST Assured, and Maven. - Ability to understand and analyze requirements. - Knowledge of testing API using Postman and/or REST Assured. - Proficiency in generating test data and reports. - Understanding of Functional Testing, UI/UX Testing, Regression Testing, Performance/Load Testing, and Security Analysis. Added advantage: - Working knowledge of Jmeter for Load Testing, OWASP ZAP, and Burpsuite for Security Testing. Location: Surat, India If you are interested in applying for this position, kindly send your CV to people@staah.com.,

Role & responsibilities Perform vulnerability assessments using tools like SAST, DAST, SCA, and manual techniques. Should have hands-on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Check marx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux, etc. Conduct technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them. Manage and improve application security tools (e.g., Check marx, Veracode, Fortify, Burp Suite, OWASP ZAP). Participate in incident response and forensics in the event of a security breach involving application layer components. Contact Person: Divya R Email ID: rdivya@gojobs.biz

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

Job Summary: We are seeking a skilled VAPT (Vulnerability Assessment and Penetration Testing) Analyst to join our team. In this role, you will be responsible for conducting comprehensive security assessments, including network penetration testing, black box testing, and vulnerability assessments. You will be working directly with our client while being employed under our payroll, ensuring a seamless and secure IT environment. Your expertise in IT project management and IT security will be crucial in managing and executing these security projects effectively. Major Objectives of the Job: Conduct network penetration testing to identify and exploit vulnerabilities. Perform black box testing to assess system security from an external perspective. Carry out thorough vulnerability assessments to pinpoint potential security threats. Operate as a penetration tester to ensure the robustness of security measures. Skills & Qualifications: Live PT Projects Handling Experience : Demonstrated ability to handle live penetration testing projects independently and efficiently. IT Project Management : Basic knowledge of IT project management principles. Experience with project management tools and methodologies to plan, execute, and oversee IT security projects. IT Infrastructure and Security Knowledge : Solid understanding of IT infrastructure components and security principles. Familiarity with network architecture, protocols, and security measures. Experience in Handling IT Security Projects : Proven experience in managing IT security projects from inception to completion, ensuring all security requirements are met and risks are mitigated. Key Responsibilities: Perform network penetration testing and black box testing to identify security vulnerabilities. Develop and implement testing strategies, methodologies, and tools to ensure comprehensive security assessments. Document and report findings, providing actionable recommendations to improve security posture. Collaborate with IT and security teams to address vulnerabilities and enhance overall network Stay up-to-date with the latest security trends, tools, and techniques to continuously improve testing Manage multiple IT security projects simultaneously, ensuring timely and successful completion. Desired Qualifications: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or CISSP (Certified Information Systems Security Professional) are a plus. Strong analytical and problem-solving skills. Excellent communication skills, both written and verbal. Ability to work independently and as part of a team.

o Experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux Perform automated testing of running applications and static code (SAST, DAST).

As a Senior Automation Tester, you will be responsible for developing, implementing, and maintaining automation frameworks to streamline the testing process and enhance efficiency. Your role will involve creating and executing automated test scripts using programming languages like Java, Python, Ruby, or C#. Additionally, you will conduct API testing using tools such as Postman and SoapUI to validate the functionality and performance of application programming interfaces. Your expertise in database technologies and SQL will be utilized for database testing to ensure data integrity. You will also perform performance testing using tools like JMeter or LoadRunner to evaluate system scalability, responsiveness, and resource usage. Collaborating with cross-functional teams, you will integrate automation testing into DevOps and CI/CD pipelines. Troubleshooting and debugging automation scripts and frameworks will be part of your responsibilities, along with applying security testing principles to identify vulnerabilities using tools like OWASP ZAP and Burp Suite. You will automate various tests using frameworks and tools such as Selenium WebDriver, Appium, TestNG, JUnit, and Cucumber. Your involvement in test planning, test case creation, and test execution activities will be crucial. Documenting test results, tracking defects, and providing detailed reports to stakeholders will also be part of your role. To qualify for this position, you should have a Bachelor's degree in Computer Science, Engineering, or a related field, along with proven experience in developing and maintaining automation frameworks for software testing. Strong analytical and problem-solving skills, excellent communication and collaboration abilities, and demonstrated leadership qualities are essential. Experience in creating test plans, test scenarios, and test cases based on project requirements is required. You should also be capable of assigning work, providing guidance to team members, and ensuring quality assurance through code reviews. This is a full-time position with benefits including a flexible schedule, leave encashment, and Provident Fund. The work location is in person. If you are interested in this role, please contact the employer at +91 9875952832.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

We are seeking a QA Analyst/Website Tester to ensure the quality and functionality of websites before they are launched. As a QA Analyst/Website Tester, your main responsibility will be to conduct various types of testing to identify defects and work closely with developers to improve the overall user experience. Your responsibilities will include conducting functional, usability, and performance testing of websites. You will need to identify and document bugs, errors, and inconsistencies, ensuring cross-browser and cross-device compatibility. Additionally, you will test website speed, security, and responsiveness, providing clear feedback to developers and tracking issue resolution. You will also verify compliance with design and user experience standards and suggest improvements for website functionality and user experience. To excel in this role, you should have experience in website testing, QA, or a related field. Knowledge of manual and automated testing tools is essential, along with familiarity with different browsers, devices, and operating systems. An understanding of HTML, CSS, and basic web development concepts is also required. Strong attention to detail, problem-solving skills, and good communication skills are crucial for reporting findings effectively. Candidates should be familiar with various testing tools such as Selenium for automated functional testing, JMeter for performance and load testing, Postman for API testing, BrowserStack/Sauce Labs for cross-browser and cross-device testing, Lighthouse for website performance and SEO testing, Google PageSpeed Insights for speed and optimization testing, and WAVE/axe Accessibility Checker for accessibility testing. Knowledge of TestRail/Zephyr for test case management and Bugzilla/JIRA for bug tracking and issue management is preferred. Experience with CI/CD tools for automated testing and knowledge of security testing tools like OWASP ZAP would be advantageous for this role.,

Role & responsibilities Conduct Vulnerability Assessment and Penetration Testing (VAPT) on in-house web applications, iOS applications, Android applications, network infrastructure, and AWS (Cloud) services. Identify and analyze security vulnerabilities, weaknesses, and misconfigurations in the above mentioned systems. Develop comprehensive reports detailing identified vulnerabilities, potential risks, and recommended remediation strategies. Collaborate with development, operations, and IT teams to prioritize and implement security fixes and improvements. Continuously monitor and assess the security posture of internal systems and recommend proactive measures to enhance security. Stay updated with the latest security threats, vulnerabilities, and industry best practices related to web applications, mobile applications, networks, and cloud environments. Participate in incident response activities, including investigating security incidents and providing support in remediation efforts. Contribute to the development and maintenance of security policies, procedures, and standards. Provide training and awareness sessions to staff on the latest cyber security trends, best practices, and emerging threats to enhance the overall security posture of the organization.

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

JD:- Application Security Lead Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA & M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

Key Responsibilities: Vulnerability Management: Conduct regular vulnerability assessments using tools such as Tenable Nessus , Qualys , Rapid7 , or similar. Analyze vulnerability scan results and collaborate with IT and DevOps teams for timely remediation. Prioritize vulnerabilities based on risk level, exploitability, and business impact. Track and report remediation efforts, providing status updates to stakeholders. Maintain up-to-date knowledge of known vulnerabilities and emerging threats (e.g., CVEs). Penetration Testing: Perform penetration tests on applications, systems, networks, and cloud environments. Simulate real-world attacks to evaluate the effectiveness of security controls. Document findings and create detailed reports with actionable remediation guidance. Conduct retesting after fixes to validate security improvements. Use manual and automated testing tools (e.g., Burp Suite , Metasploit , Nmap , Kali Linux , OWASP ZAP ). Qualifications and Requirements: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field. 3+ years of experience in vulnerability management and penetration testing . Hands-on experience with industry-standard tools such as Nessus , Burp Suite , Nmap , Metasploit , Qualys , etc. Familiarity with CVSS scoring, threat modeling, and risk assessment frameworks. Deep understanding of network protocols, web application architecture, and secure coding practices. Strong communication skills to deliver clear and actionable vulnerability reports. Desirable Skills and Certifications: Security certifications such as: OSCP (Offensive Security Certified Professional) CEH (Certified Ethical Hacker) GPEN (GIAC Penetration Tester) CISSP , Security+ , or CRTP Experience with cloud security and tools like AWS Inspector, Azure Security Center, or GCP SCC. Knowledge of SIEM platforms and threat intelligence feeds. Familiarity with secure DevOps (DevSecOps) practices and CI/CD pipeline integration.

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

As an Associate Cybersecurity Consultant at Bulletproof, a GLI company headquartered in Canada with a global presence, you will be part of a team with decades of technology, security, and compliance expertise. Our work in the security space has been recognized nationally and globally for excellence. Our vision at Bulletproof is to serve, secure, and empower the world through people and technology, one customer at a time. We believe in ensuring the safety and security of all individuals and organizations we serve. Challenging Work: At Bulletproof, we thrive on solving complex problems and encourage all employees to contribute their best ideas. You will have the opportunity to work on highly challenging projects and make a real impact. Great People: We value openness, honesty, and authenticity. Each member of our team is essential to our collective success, and we believe in fostering a culture of inclusivity and collaboration. Global Impact: Being part of a global team means that your work will have a significant impact on colleagues, customers, communities, and the world at large. We are inspired by the positive influence our work has in various regions and cultures. Diversity, Equity, and Inclusion: We celebrate diversity, strive for equality, and understand that inclusion strengthens us as individuals, as a company, and as global citizens. Role Overview: As an Associate Cybersecurity Consultant specializing in penetration testing, you will be responsible for conducting thorough security assessments on web-based applications, networks, and systems to identify and mitigate vulnerabilities. Your role will involve defining assessment scopes, generating detailed security test reports, collaborating with clients on remediation plans, and delivering exceptional service in a professional manner. Additionally, you will provide technical expertise in security testing, stay updated on the latest tools and technologies, and contribute to the continuous improvement of our Information Security practice. Key Responsibilities: - Conduct comprehensive security assessments for a diverse range of clients - Define scopes for security testing assignments - Generate high-quality security test reports and documentation - Collaborate with clients on remediation strategies - Offer technical support as a subject matter expert in security testing - Stay informed about current tools, technologies, and vulnerabilities - Work collaboratively with cross-functional teams to meet client security needs - Perform other related duties as assigned Requirements: - Degree in Computer Science, Information Systems, Engineering, or related field - Prior experience in vulnerability assessments and penetration testing preferred - Proficiency in Linux, Windows, and network security - Strong communication skills in English, both written and oral - Ability to work independently and as part of a team - Familiarity with security testing tools such as Nessus, MetaSploit, Burp Suite, etc. - Relevant certifications like CEH, LPT, CPEN, OSCP, etc., are an asset - Knowledge of PCI ASV, CREST certifications, and threat modeling methodologies is a plus - Experience with mobile application security testing and social engineering techniques is advantageous Note: This job description outlines the primary responsibilities and qualifications for the role of Associate Cybersecurity Consultant at Bulletproof. It is not exhaustive and may involve additional tasks based on business needs. Bulletproof is an equal opportunity employer committed to diversity, equity, and inclusion.,

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

1)The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with the operation and construction of tools to assist in these tasks. 2)Well-versed with OWASP Top 10, SANS, NIST and WASC Threat Classifications 3)Expertise in Vulnerability Assessment and Penetration Testing of Web Applications, Networks and Cloud (AWS/Azure) 4)Expertise in Penetration testing of Mobile applications 5)Well versed in Source Code Reviews 6)Familiar with popular tools like Burp suite, Paros, OWASP ZAP, Wireshark Nessus, NTO Spider, Metasploit, Exploit DB, Kali etc. 7)Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them 8)Must be CEH certified 9)Excellent communication skills written and verbal

We are looking for an energetic and self-starter software developer to join our product development practice as a Staff Engineer. You will get to work with some of the best and knowledgeable tech talent in the financial world and you will build next generation digital services and platforms that will lead the transformation goals for our customers. You will work closely with the engineering, UX, product and test automation communities, as part of the agile team, to lead product design and development and to help the Digital Service Product Owner to deliver and maximize value. You will drive engineering and architecture best practices for writing and encouraging others to write secure code and dev-ops process while getting opportunities for learning new business domain and topics, to work with industry SMEs and to learn new technology and behavioral skills. Key Responsibilities As a Full-stack Developer 8+ years professional experience in enterprise software design and development in an N-tier architecture environment; Understanding of 12-factor app framework is highly desirable Must have experience building web applications using .NET core 6.x (.NET 8.0 is better), Web API, HTML5, React OR other JS-based frameworks like Angular Must have experience with tools such as Jira, Github, Confluence (or other wiki), SonarQube (or similar), OWASP ZAP (or similar) and Snyk (or similar) Experience with data visualization libraries /framework like D3js, Plotly, HighCharts etc. will be an advantage Must have experience with SOA and Web Service standards (REST JSON/SOAP WSDL/WS-I Basic Profile), and IIS Understand the business requirements from the product owner(s) Design and implement the system from scratch build enhancements, features request using modern application frameworks using C# and React with .NET Core, Web API, AWS services etc. Participate in both development maintenance tasks Independently troubleshoot difficult and complex issues on production and other environments As a Technical Lead in the pod Must have experience of working in an automated CI/CD environment and with fast moving teams using Scrum/Agile; Experience with AWS and other cloud providers is highly desirable Must have extensive experience with object oriented design principles. Ability to articulate the pros and cons of design/implementation options Participate in design review and peer code review Work collaboratively in a global setting, should be eager to learn new technologies Responsible for extending and maintaining existing codebase with focus on quality, re-usability, maintainability and consistency Coach teams on best practices and architecture design As member of the Engineering community Must have extensive experience with object oriented design principles. Ability to articulate the pros and cons of design/implementation options Good understanding and knowledge of areas including but not limited to requirement gathering, designing, development, testing (TDD), maintenance, quality control etc. Stay up-to-date on latest developments in technology Learn and share learnings with the community Behavioral Competencies A self-starter, excellent planner and executor and above all, a good team player Excellent communication skills and inter-personal skills are a must Must have organizational skills, including multi-task capability, priority setting and meeting deadlines

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Job Role : DevOps Engineer Year Of Experience- 2–3 Years Location: Ghansoli Education: BE/ B.Tech Overview : Looking for a motivated and skilled DevSecOps Engineer with 2–3 years of hands-on experience in implementing DevSecOps practices, CI/CD pipelines, and integrating security into the development lifecycle. The ideal candidate will have working knowledge of Kubernetes (K8S), cloud platforms like GKE and AKS, and build/deployment automation tools including Azure DevOps and Jenkins. Experience with security scanning tools (SAST, DAST, Fortify, SonarQube) and scripting knowledge in Groovy, ANT, and JavaScript is essential. Job Role: • Design, implement, and maintain secure and scalable CI/CD pipelines. • Integrate security tools and processes into DevOps workflows (DevSecOps). • Automate infrastructure and deployments using Azure DevOps and Jenkins. • Deployment using On-Premises K8S clusters and Manage Kubernetes clusters - GKE and AKS. • Deployment using Windows based servers - IIS • Implement and maintain Static and Dynamic Application Security Testing (SAST/DAST) tools. • Integrate and configure Fortify, SonarQube, and other security tools into pipelines. • Write and maintain automation scripts using Groovy, ANT, and JavaScript. • Collaborate with development, QA, and security teams to ensure secure software delivery. • Conduct security assessments and remediations as part of the SDLC. Required Skills & Qualifications : • Bachelor degree in Engineering or Equivalent. • 2–3 years of hands-on experience in DevSecOps / DevOps. • Strong knowledge and hands-on experience with: - Azure DevOps Pipelines and Jenkins for CI/CD. - Security tools: Fortify, SonarQube, Blackduck, DAST/SAST tools (e.g., OWASP ZAP, Burp Suite, etc.). - Kubernetes (K8s) – with GKE and AKS. • Proficiency in scripting languages such as Groovy, ANT, and JavaScript. • Basic programming / scripting capabilities to automate security checks & workflows. • Understanding of application security principles and best practices. • Experience working in Agile and collaborative team environments. • Excellent troubleshooting, documentation, and communication skills.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies