54 Owasp Zap Jobs - Page 2

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Proficient in Python Experienced with OWASP ZAP, Burp Suite, SonarQube Strong knowledge of cryptography, TLS/HTTPS Skilled in threat modeling, secure code review (C/C++/Node/Golang), pen testing Familiar with OWASP Top10, CWE Top25, and mitigations.

Job Description: Security Testing Lead with experience in Application Security is preferred The resource should mandatorily have minimum 4 Years experience in Application Security Responsible for overseeing the planning execution and management of application security testing activities across enterprise and government systems Key Responsibilities: Lead the end to end application security testing lifecycle across critical government and enterprise applications Define and implement robust security testing strategies including Static Application Security Testing SAST and Dynamic Application Security Testing DAST Collaborate with DevOps and development teams to embed security into CI CD pipelines and ensure secure software delivery Conduct threat modelling vulnerability assessments and provide actionable remediation guidance Serve as a subject matter expert SME in application security engaging with senior stakeholders to communicate risks and mitigation strategies effectively Technical Requirements: Proven expertise in application security testing tools such as Fortify Veracode Burp Suite and OWASP ZAP etc Deep understanding of secure coding practices OWASP Top 10 and software development lifecycles Strong analytical communication and leadership skills Domain process functional technical Thorough understanding of Agile methodologies Experience working in highly regulated environments with strong knowledge of release governance and compliance Preferred Skills: Technology->Application Security->Application Security - ALL

Work Location:- Bangalore / Pune Experience:- 4 to 7 years Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing should be able to perform Penetration testing -Gray Box Web applications, application security engineering principles, security tools- should be strong at . should know scripting Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring an Associate Consultant_Penetration Testing_ Web Application Location: Bengaluru Work Mode: Hybrid; 2 days WFO Geography they support: US Shift Time: 12-9 PM Experience: 4 -9 Years Notice Period: Immediate to 15 days Requirements: Web Application Penetration Testing (Mandatory): Candidates must have strong experience in web application penetration testing. While a combination of web and mobile application testing is acceptable, their recent and primary experience should be focused on web applications. CSRF (Cross-Site Request Forgery) Boolean SQL Injection DOM XSS (Cross-Site Scripting) CSV Injection Coding and auditing expertise Mandatory technical & functional skills Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Roles & responsibilities •Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications •Perform threat modeling, evaluate application business logic, and perform application architecture reviews •Ability to demonstrate application testing experience in real time via demos to both internal and external audiences •Act independently in penetration testing engagements, with minimal oversight and guidance •Act as a technical leader and mentor for junior engineers •Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options •Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Security Testing Engineer Company: Kiya.ai Work Mode: Hybrid Interview Mode: 2 rounds (Virtual & F2F is Must) Kiya.ai is seeking a Security Testing Engineer to join our team in Bangalore. This role is crucial for ensuring the security of our applications through comprehensive penetration testing and adherence to secure development practices. Direct Responsibilities: Perform Penetration testing (Gray Box and/or Black Box) for Web applications, Thick Client, API, and mobile applications. Demonstrate deep knowledge of application security engineering principles to follow secure development practices, including secure build processes, secure code review, and security testing. Understand the integration and use of security tools within DevOps Processes . Possess knowledge of one or more scripting languages for automation . Collaborate effectively with developers to help them understand and remediate reported vulnerabilities in applications. Contributing Responsibilities: Understand application security requirements and identify & document the scope of security tests. Ensure the thorough execution of documented security scenarios for the application under test. Document and report all findings clearly and comprehensively. Escalate issues to local management and onshore stakeholders if they affect testing progress. Ensure adherence to defined processes for security assessments. Help review peers work and mentor junior members of the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 application security risks. Proficiency with security tools/OS such as Burp Suite, OWASP ZAP, and Kali Linux . Strong skills in Manual Security Testing & Analysis and Security Test Designing . Excellent interpersonal and presentation skills. Strong verbal and written communication abilities. Good analytical skills. Strong time management capabilities. Must be flexible, independent, self-motivated, and a team player.

Role & responsibilities Support and consult with development and engineering teams in the areas of API security. Educates development team on security procedure and standards, and ensures they are followed. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Create Security guidance/documentation for development/engineering teams. Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Preferred candidate profile 6+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note: - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OSBurp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications(if required) CSSLP/CEH or equivalent certification preferred Skills Referential BehaviouralSkills(Please select up to 4 skills) Transversal Skills: (Please select up to 5 skills)Education Level:Bachelor Degree or equivalentExperience LevelAt Least 3 years

Were hiring on the Blackbaud Application Security team! As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud.You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on whats happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil. What you will be doing: Identifying solutions for difficult security problems while participating in a broader agile Application Security team. Building comprehensive solutions to conduct consolidation, aggregation, andnotification of security findings to respective stakeholders. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams. Promoting, designing, and evaluating application security in all phases of theSDLC and constantly looking for innovative ways to improve processes. Influencing, building, and assisting with information security challenges within applications. What we'll want you to have: You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering. 5+ plus years of experience with application security and relevant testing tools for DASTBurp Suite, OWASP Zap, Invicti, AppScan SAST/SCAFortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck Attack Surface ManagementOWASP Amass, Spiderfoot, CyCognito 3+ years of experience with Python, Bash, and/or PowerShell. 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration. Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus. Experience partnering with development and systems engineers on impactful securityinitiatives. Understanding of software development; how applications and systems are designed, built, and break is critical. UnderstandDevSecOpscultural mindsets, and an engineering-focused approach to solvingcomplexsecurity problems. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes. The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business. Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

Req ID: 327620 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Devops with .net framework to join our team in Chennai, Tamil N?du (IN-TN), India (IN). Key Responsibilities: Design, build, and maintain CI/CD pipelines for .NET applications using tools like Azure DevOps, GitHub Actions, or Jenkins Automate build, test, and deployment processes with a strong emphasis on security ad reliability Collaborate with software engineers and QA teams to ensure automated testing and code coverage practices are embedded into the pipelines Monitor and troubleshoot build failures and deployment issues Manage build artifacts, versioning strategies, and release orchestration Integrate static code analysis, security scanning (SAST/DAST), and compliance checks into the pipelines Support infrastructure-as-code deployments using tools like Terraform , Azure Bicep , or ARM templates Maintain and improve documentation for build/release processes, infrastructure, and tooling standards Contribute to DevOps best practices and help shape our CI/CD strategy as we move toward cloud-native architecture and Cloud 3.0 adoption Qualifications: Bachelor's degree in Computer Science, Engineering, or related field (or equivalent experience) 3+ years of experience in DevOps, CI/CD, or build and release engineering Hands-on experience with .NET Core / .NET Framework build and deployment processes Strong experience with Azure DevOps Pipelines (YAML and Classic) Familiarity with Git , NuGet , NUnit/xUnit , SonarQube , OWASP/ZAP , etc. Experience deploying to Azure App Services, Azure Kubernetes Service (AKS) , or Azure Functions Experience with Docker and container-based deployments Working knowledge of infrastructure-as-code (Terraform, Bicep, or similar) Understanding of release management and software development lifecycle (SDLC) best practices Excellent problem-solving, collaboration, and communication skills Can you walk us through how you would design a CI/CD pipeline for a .NET application using Azure DevOps from build to deployment How do you handle secrets and sensitive configuration values in a CI/CD pipeline Have you ever had to troubleshoot a failing deployment in production What tools did you use to diagnose the issue, and how did you resolve it About NTT DATA NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at NTT DATA endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click . If you'd like more information on your EEO rights under the law, please click . For Pay Transparency information, please click.

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Hiring for Security Test Engineer at Bangalore location Role: Security Test Engineer Exp: 2 - 7 Years Job location: Bangalore Notice Period: Immediate joiners only - Must Work Mode: Hybrid Interview Mode: 2 rounds ( Virtual & F2F round is Must ) Direct Responsibilities: To perform Penetration testing (Gray Box and/or Black Box), for Web applications, Thick Client, API, and mobile applications. Understand and deep knowledge of application security engineering principles to follow secure development practices which includes secure build processes, secure code review, security testing. Understanding of the security tools in DevOps Processes Knowledge of one or more scripting languages for automation Collaborate with the developers to help them understand the vulnerabilities reported in application. Contributing Responsibilities To understand the applications security requirements and identify & document the scope of the test. Ensure execution of the documented security scenarios for the application under test. Document and report all findings. Escalate issues to the local management and onshore stakeholders in case it affects the testing progress. Ensure processes for the project is followed for the assessments. Help review peer's work and mentor junior members in the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player Interested candidates can share your updated profile to premkumar.m@kiya.ai

Job Title: DevOps Engineer Experience: 7+ Years Location: Remote Notice Period: Immediate Worker Type: C2C / Full-Time (specify based on engagement) Mandatory Skills: DevOps, Azure DevOps, Terraform Key Responsibilities: Design, implement, and manage scalable CI/CD pipelines using Azure DevOps and GitHub Actions . Automate infrastructure provisioning using Terraform and configuration management tools like Ansible . Manage containerized applications in Kubernetes and Docker environments. Integrate and manage test automation frameworks (e.g., Selenium, JUnit) to uphold software quality. Embed vulnerability scanning tools such as SonarQube and OWASP ZAP into the pipeline for secure deployments. Monitor system health, performance, and proactively troubleshoot production issues. Collaborate with cross-functional teams to continuously improve DevOps processes and delivery pipelines. Participate in on-call support rotations and respond to incidents effectively. Stay current with DevOps trends , tools, and technologies to introduce process optimizations. Required Skills & Qualifications: Minimum 7 years of experience in DevOps or related roles. Strong scripting skills using Bash, PowerShell, or Python . Proficient in Azure Cloud Services and infrastructure-as-code (IaC) using Terraform . Expertise in containerization (Docker) and orchestration platforms (Kubernetes). Solid experience in Azure DevOps , GitHub Actions , and CI/CD best practices. Hands-on experience with tools like Ansible , Puppet , or Chef . Familiarity with automated testing tools and test integration in pipelines. Exposure to DevSecOps practices and tools for vulnerability scanning and compliance. Excellent problem-solving abilities and communication skills. Preferred Qualifications: Prior experience integrating test automation into CI/CD pipelines. Strong grasp of DevOps security best practices and cloud-native security principles. Azure certifications or equivalent cloud platform credentials are a plus. Interested candidates can apply at: B.Simran@ekloudservices.com Note: Immediate joiners preferred. Profiles with relevant DevOps + Azure + Terraform experience will be shortlisted on priority.

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite, OWASP, OWASP ZAP Interested candidates for above position kindly share your CVs on asha.ch@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Design, develop, and maintain automated and manual test cases with a focus on security. Perform static and dynamic application security testing (SAST/DAST). Identify, document, and track security-related defects and work with engineering teams for remediation. Conduct threat modeling and risk assessments as part of the software development lifecycle. Validate fixes and patches for known vulnerabilities. Assist in integrating security testing tools (e.g., OWASP ZAP, Burp Suite, SonarQube) into CI/CD pipelines. Stay current with security best practices, industry trends, and vulnerability databases (e.g., CVE, NVD). Collaborate with QA, DevSecOps, and security analysts to promote secure development practices. Participate in code reviews and assist in the development of secure coding guidelines.

Job Title: P r o g r a m M a n a g e r Business Unit: Piramal Swasthya Domain: Social Sector Location: PSMRI office, Hyderabad Big Bet: Shared Services Department: IT Design, implement, and maintain scalable, secure, and high-performance DevOps practices on AWS infrastructure. Drive the integration of security into every phase of the DevOps lifecycle. Support automation, deployment, monitoring, and security hardening to achieve agility, reliability, and compliance. Purpose of Job Essential Qualifications : *Any Graduate, preferably bachelor's degree in computer science or information technology. *Overall Working Experience of 6-8 Years *Minimum 4 years of experience in DevOps with AWS and security automation *AWS Certified DevOps Engineer / AWS Security Specialty (preferred) Preferred Key Skill /Qualifications : Deep understanding of AWS services (EC2, S3, IAM, RDS, Lambda, CloudTrail, CloudWatch, Config, GuardDuty, VPC, EKS, CloudFormation) Infrastructure as Code (Terraform, AWS CDK, CloudFormation) Network security, firewall configuration, security groups, VPC subnetting Identity & Access Management (IAM, RBAC, MFA, SSO) Vulnerability assessment, penetration testing, patch management CI/CD tools (Jenkins, GitHub Actions, GitLab CI/CD) Scripting (Python, Bash, Shell) Containerization (Docker, Kubernetes/EKS) Security-as-Code and automated compliance tools (e.g., Checkov, TFSec, Open Policy Agent) Preferred Key Skill /Qualifications : Secrets management (HashiCorp Vault, AWS Secrets Manager) SAST/DAST tools (SonarQube, OWASP ZAP, Snyk, Fortify) IAM roles, policies, encryption, KMS, and secure configurations Centralized logging and monitoring (CloudWatch, ELK Stack, Prometheus, Grafana) Excellent documentation, communication, and collaboration skills Essential Experience : • Automating security checks in CI/CD pipelines • Implementing least privilege access control and identity federation Securing infrastructure provisioning and deployments • Conducting threat modeling and vulnerability remediation • Enforcing compliance and audit readiness (ISO, HIPAA, etc.) Working knowledge of secure networking (VPCs, firewalls, VPNs, NACLs, etc.) • Incident response and root cause analysis for infrastructure issues Partnering with infosec teams to roll out security best practices Supporting development teams to adopt security-by-design Competencies • Strong analytical, problem-solving, and debugging skills Security-first mindset across DevOps practices Effective communicator and team collaborator Continuous learning and proactive approach Decision Making Choice of security tools and DevSecOps frameworks Cloud architecture decisions aligned with compliance Key Roles/Responsibilities: • Build and maintain AWS cloud environments with infrastructure as code • Integrate security controls into CI/CD pipelines and DevOps workflows • Automate security scans, testing, and compliance validation • Support secure deployment of applications in containers and serverless setups • Implement cloud-native logging, monitoring, and alerting systems • Manage secrets, certificates, and access securely • Work closely with development, infosec, and operations teams to enforce DevSecOps best practices • Document all configurations, procedures, and known issues • Conduct internal training on DevOps, secure coding and best security practices • Respond to security incidents and participate in audits and reviews • Ensure adherence to SLAs, compliance mandates, and performance KPIs

What you will do Let’s do this. Let’s change the world. In this vital role you will Guide and support junior team members by offering technical advice, conducting code reviews, and sharing knowledge to promote their professional development. Perform security testing (e.g., penetration testing, code reviews) and ensure continuous security monitoring across the organization’s IT landscape. Identify vulnerabilities in networks, systems, applications, and infrastructure through hands-on penetration testing. Attempt to exploit discovered vulnerabilities to demonstrate their impact and prove their existence (e.g., retrieving sensitive data, elevating user privileges, or gaining access to admin functionality). Perform assessments on web applications, cloud environments, and network infrastructure. Use automated tools and manual techniques to identify security weaknesses. Conduct advanced post-exploitation tasks to simulate real-world attack scenarios. Work with third-party security vendors for audits, product testing, and external assessments when required. Use automated tools (e.g., Burp Suite, OWASP ZAP, or Acunetix) to identify common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Document identified vulnerabilities in detail, explaining how they were found, their severity, and their potential impact. Include proof-of-concept (PoC) for critical vulnerabilities. Offer actionable, practical solutions for fixing the vulnerabilities, such as secure coding practices, configuration changes, or security controls. Use risk-based prioritization, categorizing issues by their severity and business impact (e.g., high, medium, low) to help the organization focus on the most critical issues. Continuously learn about the latest vulnerabilities, exploits, and security trends. Present the findings to stakeholders, security teams, and management, explaining the business risk and potential impacts of the vulnerabilities discovered. Familiarity with industry standards and compliance requirements (e.g., PCI-DSS, NIST, ISO 27001) and their relevance to penetration testing. What we expect of you We are all different, yet we all use our unique contributions to serve patients. This role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. This role is responsible for conducting authorized security tests on IT infrastructure to evaluate the strength of its systems against potential cyberattacks. A variety of automated tools and manual techniques are leveraged to simulate real-world attacks. The penetration tester then works with the organization to prioritize, remediate and report on identified issues, strengthening the overall security posture. Basic Qualifications: Bachelor’s degree with 6 - 8 years of experience in Computer Science, Cybersecurity or Information Systems related field . Preferred Qualifications: Must-Have Skills: Strong knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), network protocols, encryption standards, application security and common penetration testing methodologies (ISSAF, OSSTMM, PTES). Familiarity with tools like Burp Suite, OWASP ZAP and Metasploit. A deep understanding of web application architecture, databases, and authentication mechanisms. Ability to think critically and creatively when testing and attempting to exploit vulnerabilities. Good-to-Have Skills: Experience with threat intelligence and incorporating emerging threats into penetration testing practices Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications (please mention if the certification is preferred or mandatory for the role): PreferredeJPT, eCPPT, eWPT, OSCP, OSWA, GWAPT What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Role Overview: This role focuses on integrating security best practices into CI/CD pipelines and production system deployments, ensuring security is embedded throughout the software development lifecycle. As a DevSecOps Engineer, you will work closely with architecture, development, and operations teams to make security a shared responsibility across all stages of software development and deployment. Your primary responsibility will be implementing security best practices, testing, and automation tools into CI/CD pipelines and production environments using industry-standard tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security mechanisms. Key Responsibilities : Security Integration into DevOps: Collaborate with development and operations teams to integrate security practices into every stage of the software development lifecycle, from code creation to deployment. CI/CD Pipeline Security: Configure, implement, and manage security tools and automation in CI/CD pipelines to detect vulnerabilities early in the development process. Security Testing: Use SAST and DAST tools to automate security testing for code and applications. Continuously monitor security scans, report findings, and recommend remediation strategies. Automation & Process Improvement: Continuously enhance and automate security processes to deliver secure software efficiently while minimizing manual intervention. Experience Required: 3+ years of experience in DevOps or a similar role focused on integrating security into CI/CD processes. Proven experience implementing and configuring security tools such as SAST, DAST, and other automation tools. Strong hands-on experience with CI/CD tools and languages (e.g., Jenkins, Groovy, Git, Python, Bash) for pipeline automation. Proficiency in cloud-native deployments and management (e.g., Helm, Kustomize), Kubernetes objects, and cluster debugging. Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible. Knowledge of CIS benchmark recommendations and system hardening practices. Curious? Apply now :-cognyte.70.75E@applynow.io

About The Role We are looking for a skilled Application Security Engineer to strengthen our security posture by proactively identifying and mitigating vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities(What will you do): -Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. -Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript. -Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. -Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. -Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. -Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders. What Makes You a Great Fit -1-5 years of experience in application security, penetration testing, or related fields. -Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks. -Experience integrating security into SDLC and familiarity with DevSecOps tools. -Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. -Strong scripting skills (Python preferred) for security automation. -Excellent communication and stakeholder management abilities. -Passion for continuous learning and staying updated on security trends. -Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA