789 Penetration Testing Jobs - Page 29

You will be responsible for developing and maintaining a robust application security strategy and architecture that aligns with industry best practices and regulatory requirements. The ideal candidate will possess a deep understanding of both AppSec and general cybersecurity principles. Your Day to Day Develop and maintain a robust application security strategy, standards and target state architectures which aligns with industry best practices and regulatory requirements. Be the application security advocate across the organization. Lead discussions and reviews around new technologies, framework enhancements and product reviews. Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment. Conduct regular security architecture risk assessments and threat modelling to implement effective risk mitigation strategies. Ensure compliance with relevant security standards, regulations, and industry frameworks (eg, PCI DSS, GDPR). Maintain awareness on latest DevSecOps approaches and how they fit into large enterprise organization s AppSec program. Collaborate with software engineers and leadership teams as we'll and cybersecurity teams to integrate security controls throughout the software development lifecycle. Be comfortable interfacing and providing guidance to senior and technical leadership on application security issues/approaches, to achieve the deployment of effective security solutions. What do you need to bring Degree in Computer Science, Cybersecurity, Mathematics, or a related field. 15+ years experience in AppSec, Software/Systems Engineering, and/or Architecture. Expert level understanding of NodeJS, Java, modern web development frameworks and Service Oriented Architecture (SOA). Familiarity with iOS, Android and browser SDK development. Expert level understanding of AppSec scanning tools across SAST/SCA/DAST/IAST/Container Security/API Security/Secret Scanning/Fuzzing in large enterprise environments. In depth knowledge of SDLC, and CI/CD pipelines best practices. Good understanding of SLSA and supply chain security. Expert level understanding of containerized platforms and security best practices. In depth understanding of cybersecurity principles, including cryptography, authentication, web security, vulnerability assessments and threat detection. Desired expertise in various security testing activities, including penetration testing, vulnerability scanning, and code reviews. Working knowledge of major cloud platforms such as AWS, Azure, Google Cloud. Industry certifications (eg, CISSP, CISM, CCSP, or equivalent) are a plus.

Job Title: Associate Engineer- Mobile Security Testing Location : Mumba-Airoli Experience: 1 to 3 years The ideal candidate will be responsible for identifying vulnerabilities in mobile applications and ensuring that our products meet the highest security standards. You will work closely with development teams to implement security measures and enhance application security. Key Responsibilities: Conduct security assessments of mobile applications on iOS and Android platforms. Perform penetration testing to identify security vulnerabilities and risks. Analyze application architecture, design, and code for security weaknesses. Develop and execute test plans, test cases, and test scripts for mobile applications. Collaborate with development teams to remediate security vulnerabilities. Stay updated on the latest security threats, vulnerabilities, and industry trends. Provide detailed reports on findings, including risk assessments and remediation recommendations. Assist in the development of secure coding practices and security guidelines for mobile applications. Conduct security training and awareness sessions for development teams. Qualifications: Bachelor s degree in computer science, Information Security, or related field. Proven experience in mobile application security testing ( 0-2 years preferred ). Strong knowledge of mobile application architectures, security frameworks, and best practices. Familiarity with security testing tools such as OWASP ZAP, Burp Suite, and mobilespecific tools (e.g., MobSF). Understanding of common vulnerabilities (OWASP Mobile Top 10) and secure coding practices. Experience with static and dynamic application security testing (SAST/DAST). Relevant security certifications Skills: Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Attention to detail and a proactive approach to security. Ability to work independently and manage multiple tasks effectively #Eviden

Job Title: Associate Engineer- Mobile Security Testing Location : Mumba-Airoli Experience: 1 to 3 years The ideal candidate will be responsible for identifying vulnerabilities in mobile applications and ensuring that our products meet the highest security standards. You will work closely with development teams to implement security measures and enhance application security. Key Responsibilities: Conduct security assessments of mobile applications on iOS and Android platforms. Perform penetration testing to identify security vulnerabilities and risks. Analyze application architecture, design, and code for security weaknesses. Develop and execute test plans, test cases, and test scripts for mobile applications. Collaborate with development teams to remediate security vulnerabilities. Stay updated on the latest security threats, vulnerabilities, and industry trends. Provide detailed reports on findings, including risk assessments and remediation recommendations. Assist in the development of secure coding practices and security guidelines for mobile applications. Conduct security training and awareness sessions for development teams. Qualifications: Bachelor s degree in computer science, Information Security, or related field. Proven experience in mobile application security testing ( 0-2 years preferred ). Strong knowledge of mobile application architectures, security frameworks, and best practices. Familiarity with security testing tools such as OWASP ZAP, Burp Suite, and mobilespecific tools (e.g., MobSF). Understanding of common vulnerabilities (OWASP Mobile Top 10) and secure coding practices. Experience with static and dynamic application security testing (SAST/DAST). Relevant security certifications Skills: Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Attention to detail and a proactive approach to security. Ability to work independently and manage multiple tasks effectively Let s grow together.

Role Overview : The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio. This position requires a proactive mindset, strong technical skills, and the ability to collaborate effectively with cross-functional teams and support the security projects. Key Responsibilities : 1. Vulnerability Assessment and Penetration Testing (VAPT): - Conduct comprehensive security assessments of applications using industry-standard tools and techniques.- Perform manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc.- Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams.- Support the security gating process with timely security assessment and reporting.- Provide guidance and assistance on secure software development life cycle.- Track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation.- Provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress. 2. Support for Security Projects: - Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices.- Perform Security Architecture review for existing and new security projects and guide on security best practices.- Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines. 3. Incident Response and Support: - Assist in incident response activities related to application security incidents.- Contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies. 4. Security Awareness and Training: - Develop and deliver training sessions on secure coding practices and application security awareness.- Promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies. Requirements: Bachelors degree in Computer Science/Information Technology, or a related field. Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices. Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc. Strong understanding of web application architecture, including front-end, back-end, and APIs. Solid knowledge of OWASP guidelines and best practices for secure coding. Certifications such as CISSP, CEH, OSCP, or similar are preferred. Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail. Why join us? Impactful Work: Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities: Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com

We are looking for a skilled Security Consultant / Senior Security Consultant with expertise in penetration testing to join our team. The ideal candidate will have 3-9 years of experience. ### Roles and Responsibility Lead engagements from kickoff with clients through scoping, penetration testing, and reporting while adhering to the agreed scope and deadlines. Perform penetration testing including network, web application, mobile app (Android & iOS), APIs, cloud security, thick client applications, wireless, social engineering, physical penetration testing, and red team assessments. Execute penetration testing projects using established methodology, tools, and rules of engagement. Identify and exploit security vulnerabilities in various systems. Conduct in-depth analysis of penetration testing results and create reports describing findings, exploitation procedures, risks, and recommendations. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Stay up-to-date with the latest techniques and concepts, including Active Directory attacks. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing knowledge, skills, and best practices to foster their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. ### Job Requirements BE/ B.Tech/ MCA or equivalent degree. Minimum 3 years of work experience in penetration testing, including at least three of the following: network, web application, mobile app (Android & iOS), thick client, APIs, wireless, social engineering, physical, and red team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX. Knowledge of Windows, Linux, UNIX, and other major operating systems. Strong understanding of security principles, policies, and industry best practices. Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in cybersecurity through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel, and PowerPoint skills.

We are looking for a skilled iOS Technical Lead with 10 to 15 years of experience in iOS native application development using SwiftUI, Swift, and Objective-C. The ideal candidate will have excellent UI/UX and architecture skills, with experience in unit testing and ensuring developed code passes quality gates from Sonar. ### Roles and Responsibility Develop new user interfaces for iOS through Storyboarding, Swift UI, or coding. Integrate networking libraries and third-party frameworks into applications. Build reusable components and libraries for future use. Translate designs and wireframes into high-quality code. Optimize code using instruments and memory profiling techniques. Guide the team in following best industry practices to deliver clean, performance-optimized code. Foster teamwork and lead by example. Participate in organization-wide people initiatives and mentor junior team members and campus freshers. Manage people and stakeholders through close interaction with clients and internal stakeholders. ### Job Requirements In-depth knowledge of the latest stable Swift (5+) and Objective-C. Expertise in iPhone SDK, Cocoa Touch frameworks such as UIKit, Foundation, Core Data, push notifications, AVFoundation, Core Location, ARKit, Health App integration, and APIs. Ability to develop code that meets Americans with Disabilities Act regulatory requirements. Experience in concurrency and performance testing. Ability to organize large-scale front-end mobile application codebases using common mobile design patterns such as MVVM, Clean Swift, MVC, or Viper. Must have developed apps using Swift and Objective-C interoperability. In-depth understanding of Adaptive layouts - iOS storyboards, auto layout, size classes. Understanding of interactive application development paradigms, GUI, memory management, file I/O, network & socket programming, concurrency, and multi-threading. Develop cutting-edge functional modules that will be integrated across our iOS Application. Experience in code versioning tools such as Git or SVN. Understanding and implementation of SOLID principles in an iOS Application. Stay updated on the latest iOS platform features and propose evolution of application to take advantage of them. Experience in Swift UI, Apple iOS class libraries. Experience with two-way data synchronization between client and server database for applications supporting offline capability. Unit-test code for robustness, including edge cases, usability, and general reliability. Continuously discover, evaluate, and implement new technologies to maximize development efficiency. Experience in implementing security policies. Experience in automation, CI/CD, and unit testing frameworks. Ability to analyze crash logs and provide fixes. Ability to write code that passes multiple quality gates from Fortify, MobSF, Sonar, etc., Good knowledge of fixing quality issues from Fortify and penetration testing. Exposure to AWS/Azure or any cloud is a plus. SSO, LDAP, OAuth, SSL integration, Alamofire, and StoreKit framework exposure is beneficial. Experience in emerging technologies such as IoT and AI/ML is desirable. Awareness of enterprise Mobile Application Management (MAM)/Mobile Device Management (MDM) frameworks such as Microsoft Intune, Citrix Endpoint Management is a plus. More advanced data handlers such as WebSocket’s and Offline mobile applications are preferred. Awareness of Enterprise mobile applications and data protection policies and methods would be a plus.

We are looking for a skilled Security Consultant / Senior Security Consultant with expertise in penetration testing to join our team. The ideal candidate will have 3-9 years of experience. ### Roles and Responsibility Lead client engagements from kickoff to scoping, penetration testing, and reporting, ensuring adherence to agreed scope and deadlines. Conduct penetration testing including network, web application, mobile app (Android & iOS), APIs, cloud security, thick client applications, wireless, social engineering, physical, and red team assessments. Execute penetration testing projects using established methodologies, tools, and rules of engagement. Identify and exploit security vulnerabilities in various systems. Perform in-depth analysis of penetration testing results and create reports describing findings, exploitation procedures, risks, and recommendations. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Stay updated with the latest techniques and concepts, including Active Directory attacks. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing knowledge, skills, and best practices to foster their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. ### Job Requirements Minimum 3 years of work experience in penetration testing, including at least three of the following: network, web application, mobile app (Android & iOS), thick client, APIs, cloud security, thick client applications, wireless, social engineering, physical, and red team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX. Knowledge of Windows, Linux, UNIX, and other major operating systems. Strong understanding of security principles, policies, and industry best practices. Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in cybersecurity through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. BE/ B.Tech/ MCA or equivalent. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel, and PowerPoint skills.

We are looking for a highly skilled and experienced Consultant to join our team in Mumbai. The ideal candidate will have 4+ years of experience in the field, with a strong background in Forensics and Discovery. ### Roles and Responsibility Conduct computer forensic investigations and analyze digital evidence. Utilize cyber tools and technologies such as SIEM, Firewall, and EDR. Develop and implement effective business process and control optimization strategies. Perform vulnerability assessments and penetration testing on various platforms. Investigate and triage security incidents, conducting in-depth analysis of security logs and network traffic. Collaborate with cross-functional teams to provide services across multiple client departments while adhering to commercial and legal requirements. ### Job Requirements Graduate degree required; relevant HR policy qualifications apply. Technical expertise in specified domains, including IT skills and information security experience. Proficient in IT governance and quality standards, with hands-on experience using scripting languages. Experience in SOC operations, focusing on securing network technologies and operating systems. Ability to work collaboratively to provide services across multiple client departments. Practical approach to solving issues and complex problems, delivering insightful and practical solutions. Agile, curious, mindful, and able to sustain positive energy, adaptable and creative in their approach.

Position Summary The Head of Application Security (AppSec) & Vulnerability Management will be responsible for conducting security assessments and penetration testing of IT, cloud, and OT infrastructure, performing application security assessments for hosted applications, and providing DevSecOps support for new applications throughout their lifecycle. This role involves identifying potential vulnerabilities, suggesting mitigation strategies, and assisting customers and partners in implementing these strategies. Additionally, the role includes project management, service delivery, quality assurance, customer management, and maintaining relationships with vendors and technology partners. Key General Responsibilities: Lead and drive the AppSec and Vulnerability Management functions, ensuring effective service delivery through project acquisition, execution, and operational support. Demonstrate strong leadership skills by managing departmental and functional teams, including hiring, developing, and growing team competency. Provide expert technical guidance to delivery teams, partners, and customers, ensuring the successful implementation of security solutions. Be results-oriented with the ability to think strategically and align efforts with customer needs, working backward from those needs to achieve goals. Oversee project management, service management, and quality assurance processes to ensure successful delivery and client satisfaction. Exhibit strong communication skills, with a proven ability to work cross-functionally, deliver results, and demonstrate ownership in various projects. Manage all aspects of people development, including hiring, talent development, performance management, succession planning, and team engagement. Possess excellent interpersonal skills, with the ability to influence and engage stakeholders at all levels within the organization and with external customers, partners, and vendors. Support sales strategies to meet revenue targets by providing pre-sales support and delivering appropriate security solutions. Identify and cultivate new opportunities with existing customers, ensuring high levels of customer satisfaction and retention. Key Technical Responsibilities: As a technical leader, drive the future strategy for threat intelligence, security architecture reviews, vulnerability management, security configuration, DevSecOps, and application security. Conduct both manual and automated internal and external vulnerability assessments across IT, cloud, and OT environments. Perform security control and vulnerability assessments specifically within OT environments. Execute Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications. Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, Android applications, and APIs. Perform Gray Box and/or penetration testing on web, API, and mobile devices (Android). Complete project tasks with high quality and within deadlines. Analyze findings, draw comprehensive conclusions, and provide detailed recommendations and mitigation plans. Clearly communicate technical impacts and business risks to non-technical audiences after project completion. Provide expert advice on selecting and implementing appropriate security assessment and testing software and tools. Implement and manage DevSecOps practices using the Software Assurance Maturity Model (SAMM) to evaluate and enhance the security of software development processes. Adhere to security standards and frameworks, implementing best practices and methodologies. Work closely with product development teams to ensure adherence to secure coding practices. Educate customers, technical teams, and application developers about emerging threats, vulnerabilities, and application security, promoting a Security Champion program to raise awareness. Qualifications Education: oBachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. A master's degree or relevant certifications (e.g., CISSP, CEH, OSCP) are preferred. Experience: oOver 10 years of experience in leading and managing threat and vulnerability functions, projects, and customer engagements. o6-8 years of direct, hands-on experience in cybersecurity, including familiarity with security standards and best practices, vulnerability assessments, web application testing, network and mobile application assessments, and penetration testing. o1-2 years of experience in enterprise security management, including security product/solution integration and security operations, with a solid understanding of network and system security concepts, standards, and best practices. oProven track record in building, leading, and managing security teams, with experience in cybersecurity practices, application security (AppSec), threat intelligence, vulnerability management, penetration testing, and infrastructure security assessment. oDemonstrated excellence in project management, service management, and customer relations. oExceptional written, presentation, and verbal communication skills, essential for effective team coordination, partner support, and service discussions. oStrong analytical abilities with a creative approach to solving complex technical problems. oCapable of working effectively with clients, management, staff, vendors, and consultants, and interacting and collaborating with senior management, including IT, Network, Security, and C-level executives. oAbility to remain calm and patient in high-pressure situations within a dynamic environment. Skills and Competencies oStrong background in network and infrastructure vulnerability assessment and penetration testing. oComprehensive understanding of security vulnerabilities, including OWASP Top 10, enterprise security architecture, relevant standards, best practices, and frameworks. oExtensive experience in securing web applications, APIs, Android mobile apps, and cloud environments (AWS/Azure). oProficient in software penetration testing, architectural risk assessment, threat modeling, static code analysis, and secure code review for web applications, APIs, and Android mobile applications. oStrong expertise in assessing web applications for security vulnerabilities using tools such as Burp Suite, OWASP ZAP, or similar. oSkilled in evaluating the security of Android mobile applications, including reverse engineering and code analysis. oIn-depth knowledge of cloud security best practices, with hands-on experience in AWS and Azure cloud platforms, including configuring security controls and monitoring for cloud-based threats. oExpertise in evaluating API security, focusing on authentication, authorization, and data protection. oExperience in web and mobile app security assessment according to OWASP standards. oProficient in analyzing vulnerabilities in various applications using both manual and automated tools. oFamiliarity with security practices in DevOps and CI/CD pipelines. oExperience with Windows and Linux operating systems, with a good understanding of operating system internals and mobile OS (Android), especially in the context of app development. oFamiliarity with common compliance requirements such as GDPR, PCI-DSS, and ISO 27001. oExperience with OWASP Mobile Security Testing Guide and associated checklists. oAbility to configure and utilize automated scanners for tasks such as login sequence, policy customization, and scan throttling, while effectively analyzing and managing false positives. oSkilled in identifying vulnerabilities not detected by automated scanners through manual testing, including authentication, session management, CSRF, and business logic testing. oUnderstanding of application workflows to identify entry points and potential vulnerabilities. oHands-on experience with popular security tools, including NMAP, Nessus, Burp Suite, Netsparker, Metasploit, and OWASP ZAP. oFamiliarity with Agile processes and development tools such as Jira, Confluence, Bitbucket, Git, Maven, and Jenkins. Why Tribastion? Strategic Leadership: Play a pivotal role in shaping Tribastions growth strategy in one of the most competitive markets in the world. Career Advancement: Opportunities for professional growth within a dynamic and rapidly expanding organization. Innovative Environment: Contribute to a company that prioritizes excellence, innovation, and leadership in the cybersecurity industry.

Job Title : Security Engineer - Contractual Role Experience Required : 2-4 years. Job Summary : Seeking for a highly skilled and motivated Web Application Firewall (WAF) and Bot Operations Security Engineer who will play a crucial role in ensuring the security and resilience of our organisations systems, networks, and infrastructure. He will be responsible for deploying, configuring, and managing Web Application Firewalls (WAFs) and bot mitigation solutions to protect our web applications from various cyber threats and malicious activities. This role involves a deep understanding of web application security, bot management, and hands-on experience with WAF technologies and bot mitigation tools. Required Skills: The candidate should have minimum experience of 3 years in Vulnerability management to carry out WAF & BOT solutions. Mandatory : 3+ years of experience in web application security, including hands-on experience with WAF technologies and bot mitigation tools (e.g., Akamai, Cloudflare, Imperva, AWS WAF, Azure Application Gateway, F5 BIG-IP). Strong understanding of web application vulnerabilities, attack vectors, and mitigation techniques. Experience with security monitoring and incident response. Good to have: Proficiency in scripting languages (e.g., Python, Bash) for automation and custom rule creation. Knowledge of web technologies, including HTTP/HTTPS, HTML, JavaScript, and APIs. Familiarity with security frameworks and standards (e.g., OWASP, CIS). Certification: Mandatory : Relevant security certifications such as CISSP, CISM, CEH, or other industry-recognized credentials. Good to have: Certifications such as CREST Practitioner Security Analyst (CPSA), Certified Expert Penetration Tester (CEPT) etc. Qualifications : 1. Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). 2. Strong understanding of networking protocols, operating systems, and security technologies. 3. Excellent analytical and problem-solving skills. 4. Proficient in at least one scripting language. Responsibilities : WAF Management: Deploy, configure, and maintain Web Application Firewalls to protect web applications from threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. Develop and implement custom WAF rules and policies to address specific security requirements and threat landscapes. Monitor WAF performance and fine-tune rules to minimize false positives and negatives. Bot Mitigation: Implement and manage bot detection and mitigation solutions (including advanced BOTs) to safeguard against automated attacks and scraping activities. Analyze bot traffic patterns and behaviour to fine-tune detection and mitigation strategies. Stay updated on emerging bot threats and mitigation techniques, and proactively adjust strategies to counteract new attack vectors. Incident Response: Investigate and respond to security incidents, attack scenarios related to web applications and bot activities. Perform root cause analysis for security events and provide recommendations for improvements to prevent recurrence. Must be willing to be available during off-hours and weekends for incident response and attack scenarios as needed. Collaboration and Communication: Work closely with application developers, system administrators, and other stakeholders to address security concerns and ensure secure application deployment. Provide security guidance and best practices to teams across the organization to enhance overall security posture.

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

Security test engineer having 4+ years experience in software/IT industry preferably with B.Tech./B.E./M.Tech (preferably in computer science)/ MCA Good experience doing the security/penetration Security test engineer having 4+ years experience in software/IT industry preferably with B.Tech./B.E./M.Tech (preferably in computer science)/MCA Good experience doing the security/ penetration testing for enterprise products Basic understanding in domain pf BPM, ECM and CCM products will be an additional advantage. Strong experience in using the DAST tools like Burp professional, Kali Linux, or any other industry recognized tools Experience in using SAST tools like Veracode, SonarQube, JFrog or CheckMarx would be the added advantage Strong understanding of protocols, SSL, transport layers, encryption and cryptography. Strong experience in manual penetration testing using different hacking techniques, Well versed in security standards like PCI-DSS, OWASP, HIPAA etc. Good Experience in Linux and SQL. API penetration testing. Knowledge of XSS, SQL Injection and multiple type of security payloads. Knowledge of cloud computing AWS, Azure and Openshift Certifications like CISSP, CEH, or GSEC are preferred. Ability to work as a team player in a target driven work environment meeting deadline. Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols Interest in all aspects of security research and development Key Skills: Ethical Hacking, Kali Linux, Penetration testing, Security testing.

Vulnerability Analyst I Overview The Vulnerability Management team is a dedicated collection of self-organizing, interdependent, co-located individuals representing different functional roles with all the necessary skills to conduct security testing of Mastercard applications and networks. Team members are network and application security and penetration testing professionals with various levels of expertise and experience in security testing of web application, mobile applications, APIs, Cloud hosted application, Containers and on-prem data centers. The Vulnerability Analyst I is a hands-on professional in application security testing and delivers on individual assignments as well as work within a multi-location team environment. Role Ensuring that all web and mobile applications security tests are conducted within the framework set at Mastercard. Ensure that all test cases and tools are used appropriately for testing of various application types. Ensuring that all help and guidance is provided to development teams on the vulnerabilities identified in their applications while performing of security testing. Identify improvement areas in the security testing domain and implement learnings for the Globally located team. Coordinate with application development teams on their demands for security testing and provide a seamless experience with testing and reporting of penetration tests. Ready to work with a global team spread across time-zones and geographies. All About You A record of successful delivery of application security testing projects as an individual and team leader. Excellent communicator and collaborator Problem solver and solution-seeking approach Ability to build rapport and relationships Understands the full scope of S-SDLC Preferably a certified OSCP or SANS GMOB, ESCA or equivalent certification is a must. Experience in Cloud based application testing or Bug Bounty programs will be an added benefit.

Responsibilities: Support the deployment of robust application security testing tooling in support of the application lifecycle of PTC products. Maintain and improve the application security testing suite to reduce vulnerabilities introduced into the PTC production environment. Support the expanding bug bounty and application penetration testing efforts across PTC. Participate in activities to support the integration of security controls throughout the SDLC. Assist in the process of reviewing designs of new applications and products. Participate in the security testing efforts against our applications, including code reviews, black/white box testing of applications, and maintaining a continuous testing methodology. The qualifications below are ideal, but not all are required. We encourage candidates to apply if they satisfy some, but not all, qualifications. 3-5 years of experience in information security or equivalent experience 2-3 years of experience in hands-on application and product security disciplines or equivalent experience Experience with cloud technologies (i.e., AWS, Azure, Salesforce) Experience working with Salesforce Lighting, Salesforce Customer 360, or Salesforce field service products. Experience with threat modeling, systems analysis, and security design reviews Familiarity with SAST, DAST, SCA, and penetration testing methodologies Good written and verbal communication skills Understanding of application and product architectures, scripting-based programming languages, web application stacks, and general approaches to implementation of an SDLC Ability to prioritize security efforts to mitigate the appropriate risks Ability to identify, analyze, and explain the present or future needs for proposed security initiatives to team leads Ability to influence with empathy and compassion Bonus: Experience with CI/CD practices and platform tools (Jenkins, Travis, GitHub, etc.) Bonus: Background with containers and orchestration technologies (Docker, Kubernetes, Helm) Ideal candidates will thrive in our culture if they have a passion for: Building quality products with a mindset on safety and security Operating in a fast-moving and high-growth environment Working as a team player with an entrepreneurial work ethic Security, learning, and continuous improvement

locationsGURGAON, INDINDIA VIRTUAL, IND time typeFull time posted onPosted 4 Days Ago time left to applyEnd DateMay 23, 2025 (10 days left to apply) job requisition idR1146865 . Key Responsibilities Security Administration Design, Engineer and manage security solutions. Configure, monitor, and troubleshoot systems to ensure optimal performance and security. Plan and execute upgrades, patches, and other maintenance activities for security tooling. Collaborate with the cybersecurity team to ensure robust security measures and compliance with industry standards. Technical Support and Troubleshooting: Provide advanced technical support for AWS cloud networking issues. Mentor and guide junior engineers and IT support staff. Documentation and Reporting Create and maintain comprehensive documentation of configurations, procedures, and processes. Generate regular reports on system performance, security incidents, and maintenance activities. Qualifications Education : Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field; or equivalent work experience. Experience : At least 3 years of hands-on experience in Cyber Security. Technical Skills: Strong understanding of network protocols and services (TCP/IP, DNS, VPN, etc.).Knowledge of scripting languages (PowerShell, Python) for automation. Key Competencies Problem-Solving Skills: Strong analytical and troubleshooting abilities to diagnose and resolve complex technical issues. Communication Skills: Excellent verbal and written communication skills, with the ability to explain technical concepts to non-technical stakeholders. Project Management Ability to manage multiple projects and priorities in a fast-paced environment. Offers of employment are conditional upon passage of screening criteria applicable to the job.

Experience: 4 to 7.5 years Location: Bangalore / Pune Job Type: Full-Time Key Responsibilities Conduct manual security code reviews on applications developed in Java and C# to identify and remediate security issues. Perform dynamic and static application security testing (DAST/SAST) using tools such as: AppScan Netsparker Acunetix Checkmarx Veracode Burp Suite OWASP ZAP Utilize Kali Linux and other penetration testing toolsets for application assessments. Collaborate with development and QA teams to provide guidance on secure coding practices and remediation strategies. Document security findings and provide detailed, actionable recommendations. Stay up to date on current and emerging security threats, vulnerabilities, and industry best practices. Required Skills 4 to 7.5 years of relevant experience in application security . Strong experience in manual code review , particularly in Java and C# . Proficient in using a wide range of application security tools (DAST, SAST, IAST). Knowledge of common vulnerabilities (e.g., OWASP Top 10) and secure coding principles. Experience working with DevSecOps or integrating security into the SDLC is a plus. Excellent communication and analytical skills. Preferred Certifications (optional but beneficial) OSCP , CEH , CISSP , GIAC GWAPT/GWEB , or similar certifications.

Senior Manager, Penetration Testing & Red Teaming What you will do Let’s do this. Let’s change the world. In this vital role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. As a senior-level position, this role involves not only hands-on penetration testing but also overseeing teams, setting testing strategies, and working closely with other security and engineering teams to implement long-term security improvements. The ideal candidate has in-depth knowledge of cybersecurity practices, experience in complex security assessment practices and strong leadership skills. Roles & Responsibilities: Develop and implement the penetration testing strategy in alignment with Amgen’s security framework. Champion a proactive security culture, integrating offensive security principles into Amgen’s broader risk management program. Lead, mentor, and develop a team of penetration testers, fostering a culture of innovation and continuous learning. Provide coaching and training to enhance the team’s technical and strategic capabilities. Build and maintain a high-performance security team, ensuring strong succession planning and career development opportunities. Oversee complex penetration testing engagements, ensuring high-quality execution and impactful reporting. Establish standard methodologies and frameworks for offensive security testing, risk assessment, and mitigation strategies. Ensure penetration testing methodologies align with industry standards (e.g., PTES, OWASP, MITRE ATT&CK). Serve as a trusted advisor to security, engineering, and executive leadership teams on cybersecurity risks and offensive security findings. Advocate for secure development practices and influence secure-by-design principles across engineering teams. Communicate technical security risks in business terms to executive collaborators and senior leadership. Define and enforce security testing policies, methodologies, and compliance requirements. Drive initiatives to enhance security automation and continuous testing frameworks. Ensure penetration testing efforts contribute to regulatory compliance (e.g., ISO 27001, NIST). What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master’s degree and 8 to 10 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Bachelor’s degree and 10 to 14 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Diploma and 14 to 18 years of experience in Computer Science, Cybersecurity or Information Systems related field Must-Have Skills: Proven experience in leading and managing high-performing security teams. Strong ability to influence senior collaborators and drive security adoption across an organization. Ability to translate technical security risks into business-aligned security strategies. Experience building and managing enterprise-wide penetration testing programs. Demonstrated ability to foster a culture of innovation, learning, and collaboration within security teams. Technical & Security Skills Deep knowledge of penetration testing frameworks and methodologies (e.g., OWASP, NIST, MITRE ATT&CK, PTES). Strong understanding of web application, cloud, and infrastructure security vulnerabilities. Experience with security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux. Familiarity with secure coding principles, threat modeling, and adversary simulation. Professional Certifications (please mention if the certification is preferred or mandatory for the role): PreferredOSCP, OSWE, OSWA, eWPTX, GWAPT, GXPN PreferredCISSP Preferred Qualifications: Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now and make a lasting impact with the Amgen team. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

IS Specialist OT Security What you will do Let’s do this. Let’s change the world. In this vital role you will [responsible for developing and implementing security strategies that protect industrial control systems (ICS), SCADA networks, and other manufacturing infrastructure components. This role ensures the integrity, availability, and confidentiality of OT environments by integrating security monitoring, risk management, and compliance efforts into industrial operations. The OT Security Engineer works closely with Security Operations, Engineering and Infrastructure, and Operations to safeguard systems against cyber threats. Key responsibilities include implementing security best practices for OT, managing vulnerabilities, and collaborating with stakeholders to enhance the security posture of OT environments. . Roles & Responsibilities: Define, lead, and implement security strategies for OT environments, focusing on Industrial Control Systems (ICS) and SCADA. Implement and manage OT-specific security monitoring tools, ensuring real-time detection and response to cyber threats. Collaborate with engineering and operational teams to integrate security measures into OT network architectures. Assess and mitigate vulnerabilities in OT environments, ensuring compliance with industry standards (e.g., NIST 800-82, IEC 62443). Support security incident response efforts, including forensic analysis and remediation of threats in industrial environments. Coordinate with vendors, partners, and government agencies to address OT cybersecurity challenges. Develop security policies, procedures, and guidelines tailored to OT environments. Provide training and awareness programs to operational teams regarding OT cybersecurity best practices. Maintain relationships with vendors and strategic partners to enhance security capabilities. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications: Master’s degree with 4- 6years of experience in Information Systems or related field OR Bachelor’s degree with 6- 8years of experience Information Systems or related field OR Diploma with 10– 12years of experience in Information Systems or related field Preferred Qualifications: Must-Have Skills: Solid understanding of ICS, SCADA, and OT security principles Experience with network segmentation, firewalls, and intrusion detection systems in OT environments Knowledge of industrial protocols (e.g., Modbus, DNP3, BACnet, OPC, CIP) and their security implications Understanding of risk management frameworks (e.g., NIST 800-82, IEC 62443, NERC CIP) Experience with security monitoring and detection in OT environments Good-to-Have Skills: Experience with security assessments and penetration testing for OT networks Proficiency in security tools (e.g., Nozomi Networks, Dragos, Claroty, Armis) Knowledge of cloud security and how it integrates with OT environments Scripting and automation skills (e.g., Python, PowerShell) Familiarity with compliance and regulatory requirements for critical infrastructure Professional Certifications (please mention if the certification is preferred or required for the role): GICSP (Global Industrial Cyber Security Professional) – Preferred CISSP (Certified Information Systems Security Professional) – Preferred ISA/IEC 62443 Cybersecurity Certificate – Preferred CompTIA Security+ – Preferred Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Project Role : Quality Engineer (Tester) Project Role Description : Enables full stack solutions through multi-disciplinary team planning and ecosystem integration to accelerate delivery and drive quality across the application lifecycle. Performs continuous testing for security, API, and regression suite. Creates automation strategy, automated scripts and supports data and environment configuration. Participates in code reviews, monitors, and reports defects to support continuous improvement activities for the end-to-end testing process. Must have skills : Infrastructure Penetration Testing Good to have skills : Automated Testing, Agile Testing, Test Automation Strategy Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Quality Engineer, you will enable full stack solutions through multi-disciplinary team planning and ecosystem integration to accelerate delivery and drive quality across the application lifecycle. Your typical day will involve performing continuous testing for security, API, and regression suites, creating automation strategies, and supporting data and environment configurations. You will also participate in code reviews and monitor defects to support continuous improvement activities for the end-to-end testing process, ensuring that the highest standards of quality are maintained throughout the project lifecycle. Roles & Responsibilities: Expected to perform independently and become an SME. Required active participation/contribution in team discussions. Contribute in providing solutions to work related problems. Collaborate with cross-functional teams to ensure seamless integration of testing processes. Develop and maintain automated testing scripts to enhance testing efficiency. Design, develop, and maintain automated test scripts for Terraform and Sentinel policies Implement and manage test automation frameworks for DevSecOps toolchain orchestration Collaborate with development, operations, and security teams to ensure comprehensive test coverage and adherence to best practices Perform continuous integration and continuous deployment (CI/CD) pipeline testing to ensure seamless integration of security measures Identify, document, and track defects, and work with developers to resolve issues Conduct performance and security testing to validate the robustness and resilience of infrastructure as code (IaC) implementations Professional & Technical Skills: Must To Have Skills: Proficiency in Infrastructure Penetration Testing. Good To Have Skills: Experience with Automated Testing, Agile Testing, Test Automation Strategy. Strong understanding of security testing methodologies and tools. Experience in creating and executing test plans and test cases. Familiarity with continuous integration and continuous deployment practices. Proven experience (min. 3 years) in test automation, particularly with Terraform and Sentinel or similar role Strong expertise in DevSecOps and infrastructure as code (IaC) principles Experience with CI/CD tools such as GitHub, GitHub Actions, Jenkins, and JFrog Platform Solid understanding of cloud platforms, specifically Google Cloud Platform (GCP) and Microsoft Azure Knowledge of containerization technologies (Docker, Kubernetes) and orchestration. Experience with security testing tools and methodologies Certifications in Terraform or other relevant technologies Proficiency with scripting languages (e.g., Python, JavaScript, Ruby). Additional Information: The candidate should have minimum 3 years of experience in Infrastructure Penetration Testing. This position is based at our Hyderabad office. A 15 years full time education is required. Qualification 15 years full time education

Security Architecture Design Design and implement security frameworks for blockchain applications Ensure secure interactions between the blockchain platform and external systems Data Protection and Encryption Required Candidate profile Experience in securing blockchain-based applications. Familiarity with decentralized identity solutions Security certifications such as CISSP, CEH, CISM, or Blockchain Security Professional (CBSP)

Description: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India Requirements: - Must have 15+ years of experience in cyber security areas - Must be efficient in medical domain security - Must have experience with medical device security: threat modelling, pen testing, SAST, DAST - Must be hands on with pen testing of medical devices, application and cloud Job Responsibilities: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India What We Offer: Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them. Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities! Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays. Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings. Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses. Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!

Position Overview: We are seeking a highly skilled and motivated IoT / Embedded Security Engineer to join our team. The ideal candidate must have a strong background in IoT / embedded systems security, with a proven track record in identifying vulnerabilities and implementing robust security measures. Roles and Responsibilities: Conduct security assessments and risk analysis of embedded medical devices. Develop and implement security protocols and solutions for medical devices. Design and execute penetration testing and vulnerability assessments. Research and stay updated on emerging threats, vulnerabilities, and security trends in IoT and embedded systems. Collaborate with cross-functional teams to integrate security measures into the development lifecycle of products. Provide technical guidance and support to internal teams on security best practices. Participate in the design and architecture of secure IoT and embedded systems. Mandatory Skills: Bachelor's or Master's degree in Electrical Engineering, Computer Science or Electronic field. Proven experience (5 years) in IoT and embedded systems security. Strong knowledge of IoT protocols (e.g., UART, I2C, JTAG, MQTT, CoAP, HTTP) and embedded system architecture Experience with reverse engineering ARM/MIPS/x86 code architecture. Hands on with hardware attacks such as PCB reversing, Component identification,Side channel attacks,memory extraction methods. Knowledge of radio frequency (RF) protocols and related security implications such as BLE, WIFI, LoRa,DSP, SDR, etc. Understanding of industrial IoT (IIoT) security considerations. Experience with various hardware security assessment tools/frameworks. Familiarity with hardware security concepts such as secure boot, encryption, and secure firmware updates. Proficiency in programming languages commonly used in embedded systems (C/C++, Python). Proactive, problem-solver and the ability to work independently and within a team. Good to Have: Understanding of cryptographic algorithms and protocols. Knowledge of exploit development techniques, buffer overflows, and other memory corruption vulnerabilities applicable to embedded systems. Knowledge of secure coding practices and principles specific to embedded systems, including memory management and input validation. Familiarity with regulatory compliance and standards in IoT security. Any certification in IoT security, Embedded device security or similar, is a plus

Role & responsibilities Conduct vulnerability assessment and penetration testing for network, web applications, mobile applications and thick-client application Conduct configuration reviews for OS, DB, Firewall, Routers, Switches and other infrastructure components Conduct red-team assessments using social engineering, physical security compromise and other techniques Be well-versed with internal privilege escalation techniques Conduct source-code review using automated and manual approaches Prepare detailed reports as per NII format Ensure timely delivery of status updates and final reports to clients Handle client queries Keep oneself updated on the latest IT Security news, exploits, hacks Contribute technical content chapter meetings, blogposts Conduct internal and external trainings on various topics related to security assessment

Karthika Consulting & Solutions Pvt Ltd is looking for Information Technology Professional to join our dynamic team and embark on a rewarding career journey Manage and adapt forecasting tools to effectively monitor inventory, consolidate financial and operational KPI's (SharePoint). Design for new LAN cabling including patch panels, UTP, switches, router. Work on many different customer migrations including IIS, email, DNS, SQL and others programs. Assist in collection, maintenance, and management of employee records, biweekly payroll processing, and benefits submissions. Install and troubleshoot company wireless internet. Migrate Linux DNS servers into Microsoft environment. Possess administrative access to install and troubleshoot software. Utilize Kali Linux to test for vulnerabilities against internal and external infrastructure. Install and configure secured environments, VPN Internet connectivity of virtualize server environment and clients. Implement network services including data backups/restores, security, wireless connectivity, VPN and terminal servers. Maintain ERP system including troubleshooting, relationship management, contract negotiation, and new system proposal and comparison. Develop user/reader-friendly company intranet (SharePoint) to promote better collaboration, and ensure crisp succinct communications across all corporate channels.

Key Skills: Web Application Security, Penetration Testing Roles and Responsibilities: Conduct in-depth security assessments of medical device software using SAST and DAST tools, identifying and reporting vulnerabilities Analyze software bills of materials (SBOMs) to identify and mitigate supply chain risks Develop and maintain comprehensive security testing strategies and procedures Collaborate with software development teams to integrate security best practices into the development lifecycle Investigate and respond to security incidents and vulnerabilities Stay up-to-date on the latest security threats and trends in the medical device industry Assess Security Issue Findings: Assess the findings from SAST and DAST security issue reports to determine true/false positives Create custom rules for Veracode to enable the scanning tool to accurately identify custom security modules and libraries used by development teams, thereby reducing false positive findings Work with software developers and architects to determine appropriate mitigations for security issues Perform Manual Penetration Testing: Use Burp Suite, browser, or other tools to find security issues such as business logic-related issues and issues not usually found by automated security scanning tools Validate the implementation of security mitigations in addressing security issues using manual penetration testing techniques and tools Create and Execute Security Test Cases: Create and execute detailed security testing scripts using manual or automated approaches Create reusable test scripts for common security requirements In the process of creating security test cases, evaluate security requirements for gaps and research best practices for security issue remediation Consolidate testing results into standard templates for inclusion in regulatory documentation systems Map security requirements and functional or system requirements to show traceability Security Tools: Create and execute plans to evaluate new security tools Curate standard approaches in tools such as threat modeling tools to enable reuse Skills Required: Minimum of 5 years of experience in application security testing, with a focus on SAST, DAST, and SBOM analysis Minimum of 3 years of software development or practical automation using Python, Java, C#, or JavaScript Strong understanding of software development methodologies and programming languages Experience with security tools such as Fortify, AppScan, Veracode, or similar Knowledge of industry standards and regulations (e.g., FDA, IEC 62443) Excellent problem-solving, analytical, and communication skills Ability to work independently and as part of a team Preferred Qualifications: CISSP, CISM, or other relevant security certifications Experience in the medical device industry Knowledge of cloud security and DevOps practices Education: Bachelor's degree in Computer Science, Information Security, or a related field and Master's degree in Computer Science, Information Security, or a related field