105 Owasp Zap Jobs

As a Penetration Tester, you will be responsible for conducting security assessments on various systems and applications to identify vulnerabilities and provide recommendations for mitigation. Here is a summary of the key details from the job description provided: - **Role Overview:** With at least 7 years of experience in penetration testing, you will demonstrate proven abilities in both black box and white box testing methodologies. Your primary focus will be on manual penetration testing, utilizing tools such as Burp Suite, Checkmark, OWASP ZAP, Nmap, Nessus, and Metasploit Framework. You should have hands-on experience in API penetration testing of Rest/SOAP based interfaces and possess a deep understanding of OWASP methodology and web vulnerabilities. - **Key Responsibilities:** - Perform vulnerability assessments using both manual and automated techniques. - Conduct source code analysis for vulnerabilities utilizing scanning tools. - Collaborate with development teams to assess and mitigate risks based on penetration test results. - Apply PCI, NIST guidelines, ISO2700x, cloud security, virtualization, SecDevOps, and containerized deployment best practices. - Demonstrate strong written and oral communication skills. - **Qualifications Required:** - Minimum 7 years of experience in penetration testing. - Proficiency in using vulnerability scanners and frameworks such as Burp Suite, Checkmark, OWASP ZAP, Nmap, Nessus, and Metasploit Framework. - Strong knowledge of API penetration testing and web vulnerabilities. - Familiarity with scripting languages like Python. - Comfortable working in Linux/Unix environments. - Desirable skills in PCI, NIST guidelines, ISO2700x, cloud security, virtualization, SecDevOps, and containerized deployment. This role requires an extremely committed and self-motivated individual who can excel in challenging situations and effectively communicate findings and recommendations to stakeholders.,

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems, Responsibilities Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud), OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways), and IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards), Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures, Execute Red Team scenarios to simulate insider threats or supply chain compromise, ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols (Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP, MQTT, CoAP), Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience, Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks, Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware using JTAG, UART, SPI, Perform static/dynamic analysis with Ghidra, Binwalk, Radare2, IDA Pro, Reverse engineer file systems (squashfs, cramfs), analyze backdoors, insecure bootloaders, Network Architecture & Segmentation Testing: Review and test IT-OT segmentation, DMZ, firewall ACLs, VLANs, Assess trust relationships, insecure remote access, weak credentials, bridging of air-gapped networks, Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines, Test REST APIs, cloud misconfigurations, insecure mobile app integrations, Identify insecure certificate handling, weak encryption, default API tokens, Reporting & Mitigation: Develop technical and executive-level reports with CVSS scoring, attack paths, exploitation evidence, Recommend hardening measures for IT and OT systems, Coordinate with ICS engineers, IT admins, SOC teams for patch validation and monitoring upgrades, Compliance & Framework Alignment: Ensure assessments comply with industry standards: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, Map findings to MITRE ATT&CK for ICS and track new CVEs in industrial products, Eligibility: Educational Background: Bachelors or Masters in Cybersecurity, Computer Science, Industrial Automation, Electronics, or related field, Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS), Hands-on with VAPT tools (Nessus, Burp Suite, Metasploit, Nmap, SQLMap, etc ), ICS tools (Wireshark, PLCScan, ICSFuzz, S7comm Tools, etc ), Firmware tools (Binwalk, Ghidra, Radare2), IIoT security (Shodan, MQTTX, Postman, OWASP ZAP), Desired Eligibility: Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, Participation in ICS/IoT CTFs or open-source contributions is a plus, Travel: As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams, Communication: Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph, Show more Show less

Job responsibility 4– 8 years of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Technical Skills Required: Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

As a Security Operations Engineer at Commvault, you will play a key role in driving innovation in application security by integrating automated testing tools into CI/CD workflows. Your focus will be on building scalable solutions, collaborating with cross-functional teams, and enhancing security processes to support the global security program. **Key Responsibilities:** - Design, build, implement, and maintain scalable automation tools and pipelines for application security, including static (SAST), dynamic (DAST), and software composition analysis (SCA) scanning. - Collaborate with developers, security engineers, and DevOps teams to seamlessly integrate security automation into CI/CD workflows. - Identify opportunities for improving security tool coverage, efficiency, and performance. - Develop custom scripts, plugins, or APIs to extend the capabilities of security testing and remediation automation. - Monitor and analyze security automation tool results, generate actionable insights, and support incident response and remediation efforts. - Stay updated on the latest security automation trends, technologies, and best practices, advocating for continuous improvement in tooling and processes. - Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices. **Qualifications Required:** - 8+ years of software engineering experience with a focus on security automation or application security. - Proficiency in programming languages such as Python, Ruby, Go, Java, or similar. - Strong understanding of application security principles, vulnerabilities (e.g., OWASP Top Ten), and remediation techniques. - Hands-on experience with security scanning tools such as SAST, DAST, and SCA. - Familiarity with CI/CD pipelines and infrastructure as code tools is a plus. - Solid understanding of software development lifecycle processes and seamless integration of security automation. - Excellent problem-solving skills and ability to work independently and as part of a team. **Preferred Skills:** - Experience with cloud-native security automation in AWS, Azure, or GCP environments. - Familiarity with container security and related security scanning solutions. - Knowledge of threat modeling and security risk assessments. Commvault is committed to an inclusive and accessible interviewing process. If you require accommodation due to a disability or special need, please contact accommodations@commvault.com. For general inquiries, please reach out to wwrecruitingteam@commvault.com.,

Work Experience 4– 8 yrs of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA work location-Bnagalore

Job Description Job Posting Description Job title: Product Security Specialist u00A0 Your role: This is an individual contributor role. As part of the larger Security and Privacy team, the Application Security Engineer would - u00A0 u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Perform comprehensive Dynamic Application security Testing (DAST) u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Understand and analyze the applications from security point of view. u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Understand the application security risks and Threat modeling of applications u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Create and execute the corresponding security test cases to verify that the mitigations are properly implemented in the application. u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Able to guide and support development teams to fix the security vulnerabilities in the code. You're the right fit if : u00A0 u00B7 u00A0 4 years u00A0of experience in Application Security Testing and VAPT u00B7u00A0 Must have experience in Hardware/ IoT penetration testing. u00B7 u00A0 Familiarity with code review methods and standards u00B7 u00A0 Knowledge of OWASP standards u00A0and OSSTMM methodologies u00B7 u00A0 Proficient with tools like HP WebInspect, IBM AppScan, Acunetix , and open-source tools (e.g., Burp Suite, OWASP ZAP, CSRF Tester ) u00B7 u00A0 Background in application development u00B7 u00A0 Python u00A0experience for security automation is a plus u00B7 u00A0 Research and pilot new technologies for secure software development u00B7 u00A0 Familiarity with cloud technologies u00A0like AWS u00A0and Azure u00A0is advantageous. Educational Qualifications: u00B7u00A0u00A0u00A0u00A0u00A0u00A0 Bachelor degree with concentration in Computer Science, Information Systems, Information Security or similar would be preferred. Preferred Security certifications Ideally, candidate will possess any one of the below Security certifications(but not mandatory) u00B7u00A0u00A0u00A0u00A0u00A0u00A0 CEH u00B7u00A0u00A0u00A0u00A0u00A0u00A0 ECSA u00B7u00A0u00A0u00A0u00A0u00A0u00A0 LPT u00B7u00A0u00A0u00A0u00A0u00A0u00A0 OSCP

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities: Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities: Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud.You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on whats happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil. What you will be doing: Identifying solutions for difficult security problems while participating in a broader agile Application Security team. Building comprehensive solutions to conduct consolidation, aggregation, andnotification of security findings to respective stakeholders. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams. Promoting, designing, and evaluating application security in all phases of theSDLC and constantly looking for innovative ways to improve processes. Influencing, building, and assisting with information security challenges within applications. What we'll want you to have: You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering. 5+ plus years of experience with application security and relevant testing tools for: DAST: Burp Suite, OWASP Zap, Invicti, AppScan SAST/SCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito 3+ years of experience with Python, Bash, and/or PowerShell. 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration. Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus. Experience partnering with development and systems engineers on impactful securityinitiatives. Understanding of software development; how applications and systems are designed, built, and break is critical. UnderstandDevSecOpscultural mindsets, and an engineering-focused approach to solvingcomplexsecurity problems. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes.

1-3 Years Gurgaon Full-Time Job Description | SDET Who are we Falcon a Series-A funded cloud-native, AI-first banking technology & processing platform that helps banks, NBFCs, and PPIs quickly and affordably launch next-gen financial products, such as credit card, credit line on UPI, prepaid card, fixed deposits, and loans. Since our 2022 launch, weve processed USD 1 Bn+ in transactions, signed on 12 of India&aposs top financial institutions, & clocked USD 15 Mn+ in revenue. Our company is backed by marquee investors from around the world, including heavyweight investors from Japan, USA, as well as leading Indian ventures and banks. For more details, please visit https://falconfs.com/ Job Summary Were looking for a passionate and detail-oriented SDET (Software Development Engineer in Test) with a strong understanding of penetration testing and familiarity with automation frameworks . In this hybrid role, youll bridge the gap between development, testing, and securityensuring our applications are not just functional, but secure and resilient. Key Responsibilities Conduct manual and automated penetration testing across web and mobile applications, APIs, and infrastructure Develop, maintain, and enhance automated test scripts within CI/CD pipelines Identify vulnerabilities using tools (e.g., Burp Suite, OWASP ZAP, Metasploit) and validate fixes through regression and retesting Collaborate with DevOps, Development, and Product teams to build security-first testing frameworks Assist in creating secure coding guidelines and performing code reviews with a security lens Contribute to the development of test strategies, test plans, and test cases Stay updated with the latest security vulnerabilities, attack vectors, and threat landscapes Required Qualifications 13 years of experience in software testing , including security and functional test automation Strong understanding of OWASP Top 10 , threat modelling , and security best practices Experience with automated testing tools such as Selenium, TestNG, JUnit, or Cypress Hands-on with SAST/DAST tools , vulnerability scanners, and scripting languages (Python, Bash, JavaScript) Familiarity with CI/CD tools like Jenkins, GitLab, or Circle CI Understanding of RESTful APIs and experience in API testing (Postman, Rest Assured, etc.) Certifications like OSCP, CEH, or GWAPT are a plus Other Specifics Location: Gurgaon(Hybrid mode) Job Type: Full Time Share with someone awesome View all job openings Show more Show less

As an Assistant Manager in the Research department of Technology Solutions based in Mumbai, your primary responsibility will be to design and implement test strategies for complex applications across web and mobile platforms (Android, iOS). You will define testing standards, methods, and processes to ensure consistency in testing practices across various projects. Your role will involve overseeing the design of test cases and scenarios to cover all functional and non-functional requirements effectively. In this position, you will lead the planning, execution, and reporting of tests for web and mobile applications. You will manage testing efforts for third-party integrations such as ERP, CRM, and HRMS to guarantee seamless functionality. Additionally, you will conduct regression, performance, security, and load testing using tools like JMeter, LoadRunner, and OWASP ZAP. You will be responsible for performing both manual and automated testing to verify application functionality, scalability, security, and performance. Creating and maintaining automated test scripts using tools like Selenium, Appium, and other automation tools will be a key aspect of your role. Implementing automation best practices, enhancing the test automation framework, and tracking bugs using tools like Jira or Bugzilla will also be part of your responsibilities. Moreover, you will collaborate with junior testers to ensure comprehensive testing of all key functionalities. As the key technical contact for clients, you will provide detailed insights on QA processes and progress. Delivering comprehensive test reports focusing on identified issues, risks, and recommendations will be crucial. Leading discussions on quality improvements and testing methodologies with stakeholders and clients is also part of your role. Furthermore, you will lead the QA team by mentoring junior testers in manual and automation testing techniques. You will coordinate the team's efforts in testing to ensure high-quality deliverables and support cross-functional project work as a subject matter expert. Active participation in Agile ceremonies and fostering collaboration with development and product teams for a streamlined testing process are essential aspects of this position. This role requires candidates who are graduates and have a strong background in testing methodologies, automation tools, and client communication. If you are passionate about ensuring the quality and reliability of applications through effective testing practices, this Assistant Manager position in the Research department of Technology Solutions could be the perfect opportunity for you.,

We are seeking a skilled Application Security Consultant to join our team at MAST Vanguard (Cybersecurity). The ideal candidate will have a strong background in manual secure code review for Java and C#, as well as experience in penetration testing of web/mobile apps, APIs, and networks. As a Consultant at MAST Vanguard, you will need to have at least 3 years of experience in AppSec testing using tools such as BurpSuite, Veracode, and OWASP ZAP. You should also possess expertise in manual code review and penetration testing. Additionally, you should be able to effectively collaborate with both technical and business teams. Familiarity with advanced vulnerabilities like IDOR, 2nd Order SQLi, and CSRF is essential. Bonus points if you hold ethical hacking certifications such as OSCP, GWAPT, etc. Experience in web/app development or AI pen testing would be an added advantage. Join our team and be part of solving real-world security challenges using cutting-edge tools and techniques. If you are ready for this exciting opportunity, apply now or reach out for more information. #Hiring #CyberSecurityJobs #ApplicationSecurity #PenTesting #SecureCodeReview #OSCP #BurpSuite #InfoSec #Careers #TechJobs,

* 6- 9 years of overall IT experience with minimum 3+ years in DevSecOps/Security engineering. * Strong knowledge of CI/CD tools: Jenkins, GitHub Actions, GitLab CI, Azure DevOps. * Hands-on with security tools: SonarQube, Checkmarx, Fortify, OWASP ZAP, Aqua, Prisma Cloud, Snyk, etc. * Expertise in cloud platforms: AWS, Azure, or GCP (with security focus). * Experience in containerization & orchestration security: Docker, Kubernetes. * Strong scripting knowledge: Python, Bash, Shell, Groovy, or PowerShell. * Proficient in infrastructure as code (IaC) and securing IaC templates. * Experience with SIEM and monitoring tools: Splunk, ELK, CloudWatch, Datadog.

Performed Application Security Testing, Cloud Security Testing. Review Reports. Stakeholder management.

Perform Web Penetration Testing, Secure Code Review, API Security Assessment, Mobile Application Security Assessment etc. Report preparation.

Breach & Attack Simulation, Cloud Security Assessment & Red Teaming

As a Senior Software Developer – Infrastructure you will work with a strong focus on Infrastructure and DevOps, specializing in building scalable, automated solutions to streamline deployment pipelines, infrastructure management, and system reliability. Proficient in cloud platforms, IaC tools like Terraform and Ansible, CI/CD, and container orchestration. Adept at bridging development and operations to accelerate delivery and improve system performance. Support IBM Cloud Architect and support deployment strategies for applications running on IBM Cloud, and Kubernetes clusters. Ensure System Reliability and MonitoringImplement monitoring, logging, and alerting solutions improving system uptime, observability, and incident response readiness. Collaborate Across TeamsWork closely with developers, architects, and operations teams to align infrastructure with business and technical needs, following Agile and DevSecOps Maintain Security and Compliance Standards: Apply IBM’s security best practices for infrastructure and DevOps processes, Drive DevOps Best Practices Champion DevOps culture by continuously improving processes, tools, and workflows to enhance scalability, speed, and quality across delivery teams Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum 7+ Years of Experience Team leadership & global support for system monitoring & operations. Deep Knowledge on IBM Cloud & Security IBM Cloud VPC, Classic, Multi-zone deployments. Linux Proficiencyvery strong knowledge of Linux operating systems & security processes. Bash & Python scripting Kubernetes/OpenShift Strongly preferred experience in working with production containerized environments. Experienced on Network Security & Management. DevOps & CI/CD Pipeline Management Previous experience leading automation for Infrastructure & Operations processes. Experienced leading ITIL Processes - Incident, Problem Management, Configuration , Access , Change and Release Management. Service Level Management monitor SLAs/SLOs (Service Level Agreements) with the business & internal IBM processes. Experience with Reliability & Availability Metrics implementation for SRE processes. Experience with Observability & Monitoring Tools & Best Practices. Experience with Security & Compliance best practices & implementation for Infrastructure & DevOps Team. Preferred technical and professional experience Would be differential candidate with experience on CIO Security Processes & Tools for infrastructure processes aligned with ITSS. AI Ops & Automation Experience with Terraform & Ansible. IBM Cloud Certification DevOps experience managing CI/CD Pipelines & Security Scanning Tools SonaQube, Contrast, Jenkins, OWASP ZAP. Experience with tools Service Now, Instana , IBM Cloud Logs. Knowledge or experience with Java applications

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or you can apply in below post Mandatory roles: Perform Internal and External Red Teaming. Report Preparation with proof of concepts. Provide recommendations to remediate the findings. Excellent communication skill is important. Additional skills: Cyber Security Assessment & Consulting,Cyber Threat Hunting,Manual Penetration Testing using OWASP checklists,OWASP Top 10,OWASP ZAP,Penetration Testing,Static Code analysis,Static/dynamic testing of mobile applications Exp range:7 + years Who can by Immediate or 15 days max Thanks and Regards, Ankita Ghosh

As a Software Developer – Infrastructure you will work with a strong focus on Infrastructure and DevOps, specializing in building scalable, automated solutions to streamline deployment pipelines, infrastructure management, and system reliability. Proficient in cloud platforms, IaC tools like Terraform and Ansible, CI/CD, and container orchestration. Adept at bridging development and operations to accelerate delivery and improve system performance. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum 4+ Years of Experience Strong Linux ProficiencyStrong knowledge of Linux operating systems & security processes. Strong IBM CloudSkills :IBM Cloud VPC, Classic, Multi-zone deployments and IBM Cloud logs. Network Security & Management VPNs, Load Balancers and Transit Gateways, Akamai , Blue Fringe & best practices for network security. Kubernetes/OpenShiftStrongly preferred experience in working with production Kubernetes/OpenShift environments. System Monitoring and TroubleshootingStrong skills in monitoring/observability, issue response, and troubleshooting foroptimalsystem performance. Operation and Support ExperienceDemonstrated experience in handling day-to-day operations, alert management, incident support, migration tasks, and break-fix support. Monitoring/ObservabilityHands on experience crafting alerts and dashboards using tools such as Insana. Preferred technical and professional experience DevOps :experience managing CI/CD Pipelines & Security ScanningTools, SonaQube, Contrast, Jenkins, OWASP ZAP. AutomationExperience with Terraform & Ansible. Experience with tools Service Now, Instana , IBM Cloud Logs

The Security Tester will play a crucial role in identifying and mitigating security vulnerabilities within products, applications, and infrastructure. You will be responsible for designing, executing, and reporting on security testing activities to ensure that systems meet industry best practices and regulatory requirements. Your responsibilities will include designing, developing, and executing security testing strategies such as vulnerability assessments, penetration testing, and code reviews. You will identify and document security vulnerabilities and risks, providing detailed reports and recommendations for remediation. Additionally, you will assist in the development and implementation of security policies, standards, and procedures, while collaborating with development teams to integrate security into the software development lifecycle. To succeed in this role, you should have a Bachelor's degree in Computer Science, Information Security, or a related field, along with at least 3 years of experience in security testing or a similar role. A strong understanding of security concepts like OWASP Top Ten, encryption, authentication, and network security is required. Proficiency in using security testing tools such as Burp Suite, Metasploit, Nessus, and OWASP ZAP is essential. Knowledge of programming languages like Python, Java, or C++ is advantageous. You should possess excellent analytical and problem-solving skills, along with the ability to work independently and as part of a team. Strong communication and documentation skills are crucial for this role. A certification in security testing (e.g., OSCP, CEH, CISSP) is preferred, and experience with cloud security (AWS, Azure, or GCP) is a plus. Stay updated with the latest security threats, vulnerabilities, and best practices, and participate in incident response activities by providing expertise and support as needed.,

Company Description Quasar Cyber Tech (QCT) is a fast-moving cybersecurity startup building next-gen offensive security capabilities. If you love breaking things the right way, mentoring juniors, and shipping crisp, client-ready reportslets talk. What you&aposll do Plan & execute network, web, and API penetration tests (black/grey/white box). Lead/red-team style engagements (ATT&CK-aligned), exploit development & PoCs. Abuse auth flows (OAuth/JWT/SAML), test modern APIs (REST/GraphQL), cloud entry points. Run internal/external VA/PT , identify root causes, and drive remediation guidance . Write and review reports with clear risk, impact, CVSS, and reproducible steps. Mentor interns/juniors; perform peer reviews, checklists, and quality gates. Collaborate with engineering/AppSec to fix issues fast (threat modeling, SDL inputs). Must-haves 25 years hands-on pentesting/red-team experience (network + web + API ). Strong with Burp Suite , Nmap , OWASP ZAP , Metasploit , nuclei , Kali/Parrot . Solid knowledge of OWASP Top 10 / API Top 10 , PTES , MITRE ATT&CK . Scripting for automation ( Python/PowerShell/Bash ), interceptor tools ( Postman , ffuf , jwt-tool ). Certifications: CEH (valid) or equivalent (e.g., OSCP/OSWE/OSEP/eJPT/GPEN/GWAPT/CRTP ). Excellent documentation & client communication skills. Nice-to-haves AD/Windows attack paths (Kerberoasting/NTLM relays), Azure/AWS footholds. Mobile app testing (Android/iOS), container/k8s attack surface. Experience with banks/fintech or regulated environments (RBI/CERT-In exposure). Why join us (startup reality) High ownership & impact : real clients, real production findings, real fixes. Flexibility with sprints, night windows for red-team ops when needed. Culture of learning & success : opportunities & time for research/PoCs. Competitive salary + performance bonus + fast-track growth. Send your resume to [HIDDEN TEXT] with subject PenTester/Red Team . Optionally include a short note on your favourite exploit chain or a link to a report sample / your work etc . Show more Show less

Designation: IT Risk manager 4+ Years Navi Mumbai (Juinagar) - WFO 5 Days (1st & 3rd Sat working) Immediate Joiners B)Skills: Proficient in VAPT tools for applications and infrastructure (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap, Postman). Strong grasp of OWASP Top 10, API Security best practices, and secure coding principles. Experience in secure configuration reviews for firewalls, servers, endpoints, and API gateways. Familiar with DevSecOps, including integrating security. Understanding of API security frameworks: OAuth 2.0, JWT, API key management, rate limiting. Hands-on with incident response workflows (e.g., Splunk, CrowdStrike). Skilled in writing and maintaining security documentation, including SOPs and incident response plans. Awareness of regulatory standards: RBI Cybersecurity Framework, PCI DSS, NIST. Exposure to risk assessments, security audits, and third-party security evaluations. Ability to collaborate with Dev, Infra, and Compliance teams to ensure secure deployments. C)Qualifications: Graduation or Post Graduate D)Experience: Role relevance/Tenure/Industry 4 - 7 years of relevant experience in BFSI domain Sincerely, Sonia TS

Job Title: Security Architect - AI Products & Multi-Cloud Security Location : Offshore( Bangalore/Pune/Hyderabad) Job Summary We are seeking a skilled Security Architect to ensure the security of our AI-powered products across multi-cloud platforms. This role will focus on implementing end-to-end security practices during the entire software development lifecycle, ensuring data privacy, safeguarding AI models, and promoting Responsible AI practices. You will be instrumental in developing and enforcing security guardrails that protect our AI solutions from potential threats and vulnerabilities. Key Responsibilities Application Security : Develop security policies and practices for AI and ML models. Conduct security assessments, code reviews, and threat modeling for AI applications. Implement security measures following OWASP Top 10 guidelines to prevent common vulnerabilities. DevSecOps : Integrate security into CI/CD pipelines to enable automated security testing. Use tools like GitHub Actions, Jenkins , and Terraform to automate infrastructure security checks. Promote secure coding standards and practices across development teams. Data Security : Design and implement data protection mechanisms such as encryption (both at rest and in transit) and data anonymization techniques. Ensure compliance with data privacy regulations such as GDPR and CCPA . Utilize tools like Data Loss Prevention (DLP) and data masking technologies for sensitive data protection. Identity & Access Management (IAM) : Develop and enforce IAM strategies across multi-cloud platforms (AWS, Azure, GCP). Implement Zero Trust Architecture and role-based access controls (RBAC) to safeguard user access. Utilize multi-factor authentication (MFA) and identity federation protocols. AI Security & AI Guardrails : Define AI guardrails to mitigate risks like model drift, bias, adversarial attacks, and unauthorized model access. Implement AI model monitoring tools like LIME , SHAP , and IBM AIF360 for model interpretability and fairness. Promote Responsible AI practices, ensuring ethical AI deployment and compliance with industry standards. Cloud Security : Architect and implement secure cloud environments using AWS, Azure, and GCP services. Leverage cloud-native security tools such as AWS Shield , Azure Security Center , and Google Security Command Center . Conduct regular cloud security audits and vulnerability assessments. Compliance & Governance : Ensure alignment with security and compliance frameworks like NIST , ISO 27001 , and SOC 2 . Lead security audits and penetration testing to identify and mitigate vulnerabilities. Establish security policies and guidelines to ensure organizational compliance. Technical Skills Required 3+ years of experience in Data Privacy,cybersecurity, focusing on AI and cloud security. Hands-on experience with one major cloud (AWS, Azure, or GCP) or preferably multi-cloud security (AWS, Azure, GCP)and AI model governance. Strong knowledge of DevSecOps practices and automated security testing. Proficiency with AI/ML security frameworks and tools for monitoring and securing AI models. Experience with security tools like Burp Suite, OWASP ZAP , and SonarQube . Familiarity with AI ethics, model explainability tools (e.g., LIME , SHAP ), and AI risk management. Strong understanding of Privacy by Design Principle, data privacy regulations (GDPR, CCPA) and data security best practices. Knowledge of identity management solutions and best practices in IAM. Strong knowledge of Data lifecycle management in AI context. Preferred Qualifications Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) AWS Certified Security - Specialty Azure Security Engineer Associate Certified AI Ethics & Governance Professional Soft Skills Excellent communication skills to collaborate with cross-functional teams, including Data Science, DevOps, and Product Management. Strong analytical and problem-solving abilities. Proven ability to stay updated with the latest security trends, AI regulations, and cloud technologies. Ability to articulate security concepts and practices to both technical and non-technical stakeholders. Nice-to-Have Experience with Machine Learning Operations ( MLOps ) security. Hands-on knowledge of Container Security (Docker, Kubernetes). Familiarity with AI ethics frameworks and AI safety research . Exposure to Responsible AI tools and methodologies.

You will be responsible for defining and driving the Quality Engineering (QE) strategy in alignment with BMO's Enterprise Risk platform architecture, engineering standards, and transformation roadmap. Your role will involve leading end-to-end QE delivery across manual, automation, and data validation workstreams, covering UI, API, ETL, and batch validation. You will be required to establish and scale automation frameworks for UI (Selenium, Cypress, Playwright), API (Rest Assured, Postman, Karate), and ETL and backend jobs (Python, SQL-based validation frameworks). Leading a team of 20-30 members, you will be tasked with fostering a culture centered on quality, reusability, and an automation-first mindset. Collaboration with development, DevOp, and Product teams to implement shift-left testing, test data management, and test coverage alignment will be a key part of your responsibilities. Integrating QE into CI/CD pipelines using tools like Jenkins/GitLab and enforcing test gating, code quality checks, and coverage thresholds will also fall under your purview. Your role will involve implementing non-functional testing strategies (performance, security, resiliency) using tools like JMeter, OWASP ZAP, and integrating them into test automation cycles. You will also evaluate and embed GenAI-driven QE capabilities such as test case generation, self-healing scripts, synthetic test data generation, and test and coverage gap analysis. Supporting proposal, RFP, and stakeholder presentations by articulating QE capability maturity, roadmap, and measurable outcomes (KPIs, ROI, coverage) will be an essential aspect of your role. Additionally, you will be leading a team of SDETs, QE engineers, and manual testers while fostering a culture of quality, reusability, and automation-first. Driving continuous improvement initiatives via test metrics, RCA, defect leakage trends, and QE process optimization will also be part of your responsibilities. Required Skills and Experience: - Expertise in architecting scalable and modular test automation frameworks across UI, API, and ETL layers - Hands-on experience with tools such as Selenium, Rest Assured, Playwright, Postman, JMeter, Python, SQL, Git, Jenkins, Docker, etc. - Strong understanding of DevOps, CI/CD integration, test orchestration, and environment provisioning - Experience working in BFSI/Wealth/Capital Markets domain; prior exposure to Enterprise Risk platforms, data governance, or regulatory workflows is a strong plus - Exposure to AI/ML/GenAI tools in testing & QE - Proven ability to mentor and scale QE teams, establish best practices, and manage client expectations - Strong interpersonal skills for stakeholder engagement across BAs, Product Owners, Architects, and Delivery Leads - Experience in test data virtualization, synthetic data generation, or data masking - Familiarity with compliance testing, audit traceability, and reporting standards in banking environments - Understanding of microservices, event-driven systems, and integration patterns,

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or you can apply in below post Mandatory roles: Perform Internal and External Red Teaming. Report Preparation with proof of concepts. Provide recommendations to remediate the findings. Excellent communication skill is important. Additional skills: Cyber Security Assessment & Consulting,Cyber Threat Hunting,Manual Penetration Testing using OWASP checklists,OWASP Top 10,OWASP ZAP,Penetration Testing,Static Code analysis,Static/dynamic testing of mobile applications Exp range:8 + years Who can by Immediate or 15 days max Thanks and Regards, Ankita Ghosh