4 Sans 25 Jobs

Role & responsibilities Security Integration Across SDLC: Collaborate closely with development teams throughout the SDLC to embed security best practices from design through deployment. Application Penetration Testing: Perform hands-on penetration testing of web, mobile, and API-based applications. Partner with developers to ensure effective and timely remediation of vulnerabilities. Senior Security Analyst Security Scanning & Analysis: Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools. Analyze and interpret results to support developers in remediation efforts. Code Reviews & Secure Coding: Participate in code reviews to identify insecure coding patterns and provide actionable feedback aligned with secure coding standards. Threat Modeling & Design Reviews: Facilitate security design reviews and threat modeling exercises to identify potential risks early in the development pro Preferred candidate profile We are seeking a highly skilled and proactive Senior Security Analyst to join our Application Security team. This role is critical in embedding security across the Software Development Life Cycle (SDLC) and ensuring the security of our applications through expert-level testing, review, and collaboration with development teams. The ideal candidate will possess a strong technical background in application security, excellent communication skills, and hands-on experience in penetration testing and secure coding practices.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of four (4) years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 4+ years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Employment Type: [Full Time] Job Summary: We are seeking a skilled VAPT Engineer to identify, assess, and mitigate security vulnerabilities in our applications, networks, and IT infrastructure. The ideal candidate will be proficient in conducting manual and automated testing to uncover weaknesses, providing actionable recommendations for remediation, and ensuring the security of our systems against emerging threats. Key Responsibilities: Perform vulnerability assessments and penetration tests on networks, web applications, APIs, mobile applications, and cloud environments. Container Security on Cloud and On Prem Containers Use both automated tools (e.g., Nessus, Burp Suite, Metasploit, Qualys, Acunetix) and manual techniques to identify security vulnerabilities and exploit them in a controlled manner. Develop detailed technical reports on findings, including the severity of vulnerabilities and actionable mitigation strategies. Collaborate with development and IT teams to remediate identified vulnerabilities and enhance security configurations. Conduct post remediation testing to ensure vulnerabilities have been addressed effectively. Stay updated on emerging vulnerabilities, threats, and attack vectors to continuously refine testing methodologies. Coordinating with relevant stake holders/ Application owners for timely closure of vulnerabilities. Ensure compliance with applicable security standards and frameworks (e.g., OWASP Top 10, SANS 25, ISO 27001, PCI DSS). Contribute to the creation and enhancement of security policies and best practices. Required Qualifications: Bachelors degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience). 2 5 years of hands on experience in Vulnerability Assessment and Penetration Testing. Strong knowledge of OWASP Top 10, SANS 25, and common security vulnerabilities and exploits. Proficiency in using penetration testing tools such as Nessus, Burp Suite, Metasploit, Qualys, Acunetix, and others. Familiarity with manual testing techniques, scripting, and basic programming skills (Python, Bash, or PowerShell). Solid understanding of network protocols, operating systems, and security concepts. Strong analytical and problem solving skills, with the ability to explain technical findings to non technical stakeholders. Preferred Certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) CompTIA PenTest+