105 Owasp Zap Jobs - Page 3

o Experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux Perform automated testing of running applications and static code (SAST, DAST).

As a Senior Automation Tester, you will be responsible for developing, implementing, and maintaining automation frameworks to streamline the testing process and enhance efficiency. Your role will involve creating and executing automated test scripts using programming languages like Java, Python, Ruby, or C#. Additionally, you will conduct API testing using tools such as Postman and SoapUI to validate the functionality and performance of application programming interfaces. Your expertise in database technologies and SQL will be utilized for database testing to ensure data integrity. You will also perform performance testing using tools like JMeter or LoadRunner to evaluate system scalability, responsiveness, and resource usage. Collaborating with cross-functional teams, you will integrate automation testing into DevOps and CI/CD pipelines. Troubleshooting and debugging automation scripts and frameworks will be part of your responsibilities, along with applying security testing principles to identify vulnerabilities using tools like OWASP ZAP and Burp Suite. You will automate various tests using frameworks and tools such as Selenium WebDriver, Appium, TestNG, JUnit, and Cucumber. Your involvement in test planning, test case creation, and test execution activities will be crucial. Documenting test results, tracking defects, and providing detailed reports to stakeholders will also be part of your role. To qualify for this position, you should have a Bachelor's degree in Computer Science, Engineering, or a related field, along with proven experience in developing and maintaining automation frameworks for software testing. Strong analytical and problem-solving skills, excellent communication and collaboration abilities, and demonstrated leadership qualities are essential. Experience in creating test plans, test scenarios, and test cases based on project requirements is required. You should also be capable of assigning work, providing guidance to team members, and ensuring quality assurance through code reviews. This is a full-time position with benefits including a flexible schedule, leave encashment, and Provident Fund. The work location is in person. If you are interested in this role, please contact the employer at +91 9875952832.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

We are seeking a QA Analyst/Website Tester to ensure the quality and functionality of websites before they are launched. As a QA Analyst/Website Tester, your main responsibility will be to conduct various types of testing to identify defects and work closely with developers to improve the overall user experience. Your responsibilities will include conducting functional, usability, and performance testing of websites. You will need to identify and document bugs, errors, and inconsistencies, ensuring cross-browser and cross-device compatibility. Additionally, you will test website speed, security, and responsiveness, providing clear feedback to developers and tracking issue resolution. You will also verify compliance with design and user experience standards and suggest improvements for website functionality and user experience. To excel in this role, you should have experience in website testing, QA, or a related field. Knowledge of manual and automated testing tools is essential, along with familiarity with different browsers, devices, and operating systems. An understanding of HTML, CSS, and basic web development concepts is also required. Strong attention to detail, problem-solving skills, and good communication skills are crucial for reporting findings effectively. Candidates should be familiar with various testing tools such as Selenium for automated functional testing, JMeter for performance and load testing, Postman for API testing, BrowserStack/Sauce Labs for cross-browser and cross-device testing, Lighthouse for website performance and SEO testing, Google PageSpeed Insights for speed and optimization testing, and WAVE/axe Accessibility Checker for accessibility testing. Knowledge of TestRail/Zephyr for test case management and Bugzilla/JIRA for bug tracking and issue management is preferred. Experience with CI/CD tools for automated testing and knowledge of security testing tools like OWASP ZAP would be advantageous for this role.,

Role & responsibilities Conduct Vulnerability Assessment and Penetration Testing (VAPT) on in-house web applications, iOS applications, Android applications, network infrastructure, and AWS (Cloud) services. Identify and analyze security vulnerabilities, weaknesses, and misconfigurations in the above mentioned systems. Develop comprehensive reports detailing identified vulnerabilities, potential risks, and recommended remediation strategies. Collaborate with development, operations, and IT teams to prioritize and implement security fixes and improvements. Continuously monitor and assess the security posture of internal systems and recommend proactive measures to enhance security. Stay updated with the latest security threats, vulnerabilities, and industry best practices related to web applications, mobile applications, networks, and cloud environments. Participate in incident response activities, including investigating security incidents and providing support in remediation efforts. Contribute to the development and maintenance of security policies, procedures, and standards. Provide training and awareness sessions to staff on the latest cyber security trends, best practices, and emerging threats to enhance the overall security posture of the organization.

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

JD:- Application Security Lead Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA & M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

Key Responsibilities: Vulnerability Management: Conduct regular vulnerability assessments using tools such as Tenable Nessus , Qualys , Rapid7 , or similar. Analyze vulnerability scan results and collaborate with IT and DevOps teams for timely remediation. Prioritize vulnerabilities based on risk level, exploitability, and business impact. Track and report remediation efforts, providing status updates to stakeholders. Maintain up-to-date knowledge of known vulnerabilities and emerging threats (e.g., CVEs). Penetration Testing: Perform penetration tests on applications, systems, networks, and cloud environments. Simulate real-world attacks to evaluate the effectiveness of security controls. Document findings and create detailed reports with actionable remediation guidance. Conduct retesting after fixes to validate security improvements. Use manual and automated testing tools (e.g., Burp Suite , Metasploit , Nmap , Kali Linux , OWASP ZAP ). Qualifications and Requirements: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field. 3+ years of experience in vulnerability management and penetration testing . Hands-on experience with industry-standard tools such as Nessus , Burp Suite , Nmap , Metasploit , Qualys , etc. Familiarity with CVSS scoring, threat modeling, and risk assessment frameworks. Deep understanding of network protocols, web application architecture, and secure coding practices. Strong communication skills to deliver clear and actionable vulnerability reports. Desirable Skills and Certifications: Security certifications such as: OSCP (Offensive Security Certified Professional) CEH (Certified Ethical Hacker) GPEN (GIAC Penetration Tester) CISSP , Security+ , or CRTP Experience with cloud security and tools like AWS Inspector, Azure Security Center, or GCP SCC. Knowledge of SIEM platforms and threat intelligence feeds. Familiarity with secure DevOps (DevSecOps) practices and CI/CD pipeline integration.

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

As an Associate Cybersecurity Consultant at Bulletproof, a GLI company headquartered in Canada with a global presence, you will be part of a team with decades of technology, security, and compliance expertise. Our work in the security space has been recognized nationally and globally for excellence. Our vision at Bulletproof is to serve, secure, and empower the world through people and technology, one customer at a time. We believe in ensuring the safety and security of all individuals and organizations we serve. Challenging Work: At Bulletproof, we thrive on solving complex problems and encourage all employees to contribute their best ideas. You will have the opportunity to work on highly challenging projects and make a real impact. Great People: We value openness, honesty, and authenticity. Each member of our team is essential to our collective success, and we believe in fostering a culture of inclusivity and collaboration. Global Impact: Being part of a global team means that your work will have a significant impact on colleagues, customers, communities, and the world at large. We are inspired by the positive influence our work has in various regions and cultures. Diversity, Equity, and Inclusion: We celebrate diversity, strive for equality, and understand that inclusion strengthens us as individuals, as a company, and as global citizens. Role Overview: As an Associate Cybersecurity Consultant specializing in penetration testing, you will be responsible for conducting thorough security assessments on web-based applications, networks, and systems to identify and mitigate vulnerabilities. Your role will involve defining assessment scopes, generating detailed security test reports, collaborating with clients on remediation plans, and delivering exceptional service in a professional manner. Additionally, you will provide technical expertise in security testing, stay updated on the latest tools and technologies, and contribute to the continuous improvement of our Information Security practice. Key Responsibilities: - Conduct comprehensive security assessments for a diverse range of clients - Define scopes for security testing assignments - Generate high-quality security test reports and documentation - Collaborate with clients on remediation strategies - Offer technical support as a subject matter expert in security testing - Stay informed about current tools, technologies, and vulnerabilities - Work collaboratively with cross-functional teams to meet client security needs - Perform other related duties as assigned Requirements: - Degree in Computer Science, Information Systems, Engineering, or related field - Prior experience in vulnerability assessments and penetration testing preferred - Proficiency in Linux, Windows, and network security - Strong communication skills in English, both written and oral - Ability to work independently and as part of a team - Familiarity with security testing tools such as Nessus, MetaSploit, Burp Suite, etc. - Relevant certifications like CEH, LPT, CPEN, OSCP, etc., are an asset - Knowledge of PCI ASV, CREST certifications, and threat modeling methodologies is a plus - Experience with mobile application security testing and social engineering techniques is advantageous Note: This job description outlines the primary responsibilities and qualifications for the role of Associate Cybersecurity Consultant at Bulletproof. It is not exhaustive and may involve additional tasks based on business needs. Bulletproof is an equal opportunity employer committed to diversity, equity, and inclusion.,

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

1)The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with the operation and construction of tools to assist in these tasks. 2)Well-versed with OWASP Top 10, SANS, NIST and WASC Threat Classifications 3)Expertise in Vulnerability Assessment and Penetration Testing of Web Applications, Networks and Cloud (AWS/Azure) 4)Expertise in Penetration testing of Mobile applications 5)Well versed in Source Code Reviews 6)Familiar with popular tools like Burp suite, Paros, OWASP ZAP, Wireshark Nessus, NTO Spider, Metasploit, Exploit DB, Kali etc. 7)Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them 8)Must be CEH certified 9)Excellent communication skills written and verbal

We are looking for an energetic and self-starter software developer to join our product development practice as a Staff Engineer. You will get to work with some of the best and knowledgeable tech talent in the financial world and you will build next generation digital services and platforms that will lead the transformation goals for our customers. You will work closely with the engineering, UX, product and test automation communities, as part of the agile team, to lead product design and development and to help the Digital Service Product Owner to deliver and maximize value. You will drive engineering and architecture best practices for writing and encouraging others to write secure code and dev-ops process while getting opportunities for learning new business domain and topics, to work with industry SMEs and to learn new technology and behavioral skills. Key Responsibilities As a Full-stack Developer 8+ years professional experience in enterprise software design and development in an N-tier architecture environment; Understanding of 12-factor app framework is highly desirable Must have experience building web applications using .NET core 6.x (.NET 8.0 is better), Web API, HTML5, React OR other JS-based frameworks like Angular Must have experience with tools such as Jira, Github, Confluence (or other wiki), SonarQube (or similar), OWASP ZAP (or similar) and Snyk (or similar) Experience with data visualization libraries /framework like D3js, Plotly, HighCharts etc. will be an advantage Must have experience with SOA and Web Service standards (REST JSON/SOAP WSDL/WS-I Basic Profile), and IIS Understand the business requirements from the product owner(s) Design and implement the system from scratch build enhancements, features request using modern application frameworks using C# and React with .NET Core, Web API, AWS services etc. Participate in both development maintenance tasks Independently troubleshoot difficult and complex issues on production and other environments As a Technical Lead in the pod Must have experience of working in an automated CI/CD environment and with fast moving teams using Scrum/Agile; Experience with AWS and other cloud providers is highly desirable Must have extensive experience with object oriented design principles. Ability to articulate the pros and cons of design/implementation options Participate in design review and peer code review Work collaboratively in a global setting, should be eager to learn new technologies Responsible for extending and maintaining existing codebase with focus on quality, re-usability, maintainability and consistency Coach teams on best practices and architecture design As member of the Engineering community Must have extensive experience with object oriented design principles. Ability to articulate the pros and cons of design/implementation options Good understanding and knowledge of areas including but not limited to requirement gathering, designing, development, testing (TDD), maintenance, quality control etc. Stay up-to-date on latest developments in technology Learn and share learnings with the community Behavioral Competencies A self-starter, excellent planner and executor and above all, a good team player Excellent communication skills and inter-personal skills are a must Must have organizational skills, including multi-task capability, priority setting and meeting deadlines

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Job Role : DevOps Engineer Year Of Experience- 2–3 Years Location: Ghansoli Education: BE/ B.Tech Overview : Looking for a motivated and skilled DevSecOps Engineer with 2–3 years of hands-on experience in implementing DevSecOps practices, CI/CD pipelines, and integrating security into the development lifecycle. The ideal candidate will have working knowledge of Kubernetes (K8S), cloud platforms like GKE and AKS, and build/deployment automation tools including Azure DevOps and Jenkins. Experience with security scanning tools (SAST, DAST, Fortify, SonarQube) and scripting knowledge in Groovy, ANT, and JavaScript is essential. Job Role: • Design, implement, and maintain secure and scalable CI/CD pipelines. • Integrate security tools and processes into DevOps workflows (DevSecOps). • Automate infrastructure and deployments using Azure DevOps and Jenkins. • Deployment using On-Premises K8S clusters and Manage Kubernetes clusters - GKE and AKS. • Deployment using Windows based servers - IIS • Implement and maintain Static and Dynamic Application Security Testing (SAST/DAST) tools. • Integrate and configure Fortify, SonarQube, and other security tools into pipelines. • Write and maintain automation scripts using Groovy, ANT, and JavaScript. • Collaborate with development, QA, and security teams to ensure secure software delivery. • Conduct security assessments and remediations as part of the SDLC. Required Skills & Qualifications : • Bachelor degree in Engineering or Equivalent. • 2–3 years of hands-on experience in DevSecOps / DevOps. • Strong knowledge and hands-on experience with: - Azure DevOps Pipelines and Jenkins for CI/CD. - Security tools: Fortify, SonarQube, Blackduck, DAST/SAST tools (e.g., OWASP ZAP, Burp Suite, etc.). - Kubernetes (K8s) – with GKE and AKS. • Proficiency in scripting languages such as Groovy, ANT, and JavaScript. • Basic programming / scripting capabilities to automate security checks & workflows. • Understanding of application security principles and best practices. • Experience working in Agile and collaborative team environments. • Excellent troubleshooting, documentation, and communication skills.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Proficient in Python Experienced with OWASP ZAP, Burp Suite, SonarQube Strong knowledge of cryptography, TLS/HTTPS Skilled in threat modeling, secure code review (C/C++/Node/Golang), pen testing Familiar with OWASP Top10, CWE Top25, and mitigations.

Job Description: Security Testing Lead with experience in Application Security is preferred The resource should mandatorily have minimum 4 Years experience in Application Security Responsible for overseeing the planning execution and management of application security testing activities across enterprise and government systems Key Responsibilities: Lead the end to end application security testing lifecycle across critical government and enterprise applications Define and implement robust security testing strategies including Static Application Security Testing SAST and Dynamic Application Security Testing DAST Collaborate with DevOps and development teams to embed security into CI CD pipelines and ensure secure software delivery Conduct threat modelling vulnerability assessments and provide actionable remediation guidance Serve as a subject matter expert SME in application security engaging with senior stakeholders to communicate risks and mitigation strategies effectively Technical Requirements: Proven expertise in application security testing tools such as Fortify Veracode Burp Suite and OWASP ZAP etc Deep understanding of secure coding practices OWASP Top 10 and software development lifecycles Strong analytical communication and leadership skills Domain process functional technical Thorough understanding of Agile methodologies Experience working in highly regulated environments with strong knowledge of release governance and compliance Preferred Skills: Technology->Application Security->Application Security - ALL

Work Location:- Bangalore / Pune Experience:- 4 to 7 years Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing should be able to perform Penetration testing -Gray Box Web applications, application security engineering principles, security tools- should be strong at . should know scripting Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring an Associate Consultant_Penetration Testing_ Web Application Location: Bengaluru Work Mode: Hybrid; 2 days WFO Geography they support: US Shift Time: 12-9 PM Experience: 4 -9 Years Notice Period: Immediate to 15 days Requirements: Web Application Penetration Testing (Mandatory): Candidates must have strong experience in web application penetration testing. While a combination of web and mobile application testing is acceptable, their recent and primary experience should be focused on web applications. CSRF (Cross-Site Request Forgery) Boolean SQL Injection DOM XSS (Cross-Site Scripting) CSV Injection Coding and auditing expertise Mandatory technical & functional skills Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Roles & responsibilities •Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications •Perform threat modeling, evaluate application business logic, and perform application architecture reviews •Ability to demonstrate application testing experience in real time via demos to both internal and external audiences •Act independently in penetration testing engagements, with minimal oversight and guidance •Act as a technical leader and mentor for junior engineers •Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options •Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Security Testing Engineer Company: Kiya.ai Work Mode: Hybrid Interview Mode: 2 rounds (Virtual & F2F is Must) Kiya.ai is seeking a Security Testing Engineer to join our team in Bangalore. This role is crucial for ensuring the security of our applications through comprehensive penetration testing and adherence to secure development practices. Direct Responsibilities: Perform Penetration testing (Gray Box and/or Black Box) for Web applications, Thick Client, API, and mobile applications. Demonstrate deep knowledge of application security engineering principles to follow secure development practices, including secure build processes, secure code review, and security testing. Understand the integration and use of security tools within DevOps Processes . Possess knowledge of one or more scripting languages for automation . Collaborate effectively with developers to help them understand and remediate reported vulnerabilities in applications. Contributing Responsibilities: Understand application security requirements and identify & document the scope of security tests. Ensure the thorough execution of documented security scenarios for the application under test. Document and report all findings clearly and comprehensively. Escalate issues to local management and onshore stakeholders if they affect testing progress. Ensure adherence to defined processes for security assessments. Help review peers work and mentor junior members of the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 application security risks. Proficiency with security tools/OS such as Burp Suite, OWASP ZAP, and Kali Linux . Strong skills in Manual Security Testing & Analysis and Security Test Designing . Excellent interpersonal and presentation skills. Strong verbal and written communication abilities. Good analytical skills. Strong time management capabilities. Must be flexible, independent, self-motivated, and a team player.

Role & responsibilities Support and consult with development and engineering teams in the areas of API security. Educates development team on security procedure and standards, and ensures they are followed. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Create Security guidance/documentation for development/engineering teams. Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Preferred candidate profile 6+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.