238 Sast Jobs

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

As a Security Testing professional with 3-10 years of experience in SAST/DAST/API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, your role as a part of the Infosys delivery team will encompass various responsibilities. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities to meet and exceed client expectations in the technology domain. This will involve gathering requirements and specifications to deeply understand client needs and translating them into system requirements. Additionally, you will be pivotal in estimating work requirements accurately to provide vital input on project estimations to Technology Leads and Project Managers. Your contribution will be essential in the creation of efficient programs and systems that align with client requirements and industry best practices. If you are passionate about aiding clients in their digital transformation journey and possess the required expertise, then this opportunity is tailored for you! This job opening is available in multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Join us as an Application Security Consultant at Barclays, where you will play a key role in supporting the successful delivery of Location Strategy projects while adhering to plan, budget, agreed quality, and governance standards. You will be at the forefront of evolving our digital landscape, driving innovation, and ensuring excellence in our digital offerings to provide unparalleled customer experiences. To excel in this role, you should possess a strong understanding of CVEs, CWEs, and their impact on applications. Additionally, you must have in-depth knowledge of various AppSec technologies such as SAST, DAST, SCA, IAST, and RASP. Proficiency in at least one programming language and framework, as well as experience in writing scripts in languages like Python and JavaScript, are essential skills for this position. Desirable skill sets to have include the ability to showcase expertise in low-level technical topics, such as native development on any platform, and experience with languages used in modern mobile development like Java+JNI, Objective C, and Swift. Familiarity with concepts like reverse engineering, assembly, and mobile code hardening techniques will be beneficial. Furthermore, the ability to replicate vulnerabilities in a lab environment is a plus. As an Application Security Consultant, you will be based in Pune and will be responsible for supporting various business areas with day-to-day tasks, including processing, reviewing, reporting, trading, and issue resolution. You will collaborate with teams across the bank to align operational processes, identify areas for improvement, and implement operational procedures and controls to mitigate risks while maintaining efficiency. In this role, you will also develop reports and presentations on operational performance, identify industry trends, and participate in projects to enhance operational efficiency. As an Assistant Vice President, you will consult on complex issues, advise People Leaders on escalated matters, and contribute to risk mitigation and policy development. You will take ownership of managing risk, collaborate with other business areas, and engage in data analysis to creatively solve problems and communicate complex information effectively. Your role will also involve influencing stakeholders to achieve desired outcomes. All colleagues at Barclays are expected to embody the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as the Barclays Mindset of Empower, Challenge, and Drive. Your commitment to these values and mindset will serve as our moral compass and guide our behavior within the organization.,

Organization: At CommBank, we never lose sight of the role we play in other peoples financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things. Job Title: : Staff Security Engineer Location: Bangalore Business & Team: We&aposre building tomorrows bank today, which means we need creative and diverse engineers to help us redefine what customers expect from a bank. Envisioning new technologies that are still waiting to be invented and reimagining products that support our customers and help build Australias future economy. CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk. The CBA technology unit delivers the best digital banking services to Commonwealth Bank customers and to do so is responsible for digital delivery, group data and analytics, technology and technology infrastructure, cyber, fraud, physical security and business resilience for all divisions across CBA. It is also dedicated to delivering the best workplace technology experience for our over 53.000 people across CBA and focused on providing the latest tools, technology, and resources to enhance the way we work together and empower our people to achieve more for our customers. The Security Engineering team protects the group and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk. Impact & Contribution: Designing and implementing secure solutions that align with group security policies, standards, and reference architecture. Work on threat modelling and can interpret and understand key cyber controls across the Group. Identify security requirements, qualify threats to design the IT systems and build countermeasures to minimise cyber risks. Collaborating with cross-functional teams to drive security outcomes throughout the design, build, and run phases of product development Supporting the adoption of modern scalable and high-velocity security practices, including Secure By Design, DevSecOps, and Automation Contributing to the continuous innovation and re-engineering of existing security engineering practices, including the development of practice strategies, patterns, and processes Staying up-to-date with the evolving technology landscape and providing expert guidance on security engineering best practices Supporting the response to high-profile security incidents, technology strategy and selection, and automation of security services Roles & Responsibilities: Provide deep technical hands-on Experience in security engineering, with a focus on design, strategy and implementation of secure solutions. Have strong understanding of security policies, standards, and reference architecture, and expertise in threat modelling, threat detection, control mapping, vulnerability analysis and control engineering risk identification. Are experienced in designing and building reusable security patterns and or solutions. Essential Skills: 8-12 years of experience in security engineering. Have experience with secure by design, DevSecOps, and Security automation (SAST, DAST, IAST) practices. Are experienced in designing and implementing enterprise Security Guidelines and Practices should have hands on experience in developing code , doing secure code Review , Threat modelling. Should have hands on experience securing Docker , Container and kubernitess. Experience with penetration testing and vulnerability assessment , and tool like OWASP ZAP or Burp Suite Familiarity with compliance frameworks, such as PCI-DSS or HIPAA Experience with AI/ML frameworks, libraries, and tools, such as TensorFlow, PyTorch, or Keras . Familiarity with Australian financial industry regulations and standards, such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) Education Qualification: Bachelors degree or masters degree in engineering in Computer Science/Information Technology If you&aposre already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you&aposll need to apply through Sidekick to submit a valid application. Were keen to support you with the next step in your career. We&aposre aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 30/08/2025 Show more Show less

As a Security Specialist, your primary responsibility will be to design, install, and manage security mechanisms to safeguard networks and information systems from potential threats such as hackers, breaches, viruses, and spyware. You will play a crucial role in detecting, eradicating, and preventing security threats within the NT environment. In this role, you will be required to review malware and security events, conduct in-depth analysis, and determine the necessity for additional incident response actions by relevant parties. When security breaches occur, you will be responsible for responding to incidents, investigating violations, and proposing enhancements to address potential security vulnerabilities. Your expertise in this field, gained through formal education or equivalent experience, will enable you to provide guidance and serve as a project manager or consultant. Additionally, you will utilize your knowledge of cybersecurity and project management to achieve organizational goals and enhance overall security measures. In this role, you will work within established guidelines and policies, contributing to the quality of your work and that of your team. Your expanded conceptual knowledge in cybersecurity will allow you to understand key business drivers and effectively communicate complex information to others in a clear and concise manner. Your ability to analyze problems, propose solutions based on technical expertise and judgment, and adhere to established protocols will be essential in ensuring the security of networks and information systems.,

As an Automation Engineer, your role involves designing, developing, and implementing automated testing solutions to ensure the quality and reliability of software applications. Your responsibilities include scripting and coding by writing and maintaining automated test scripts using programming languages such as Python, Java, or others. You will collaborate with the development team to integrate automated tests into the continuous integration / continuous deployment (CI/CD) pipeline. In terms of test frameworks, you will be responsible for selecting and implementing appropriate test automation frameworks (e.g., Selenium, Cucumber BDD, JUnit) based on project requirements. Additionally, you will design and develop reusable automation components to streamline testing processes. When it comes to test planning and strategy, your tasks will involve collaborating with QA and development teams to design comprehensive test cases and identifying and prioritizing test scenarios for automation. You will also develop and implement a test automation strategy that aligns with overall testing objectives and define key performance indicators for automated testing effectiveness. Furthermore, you should have good experience in Security Testing like SAST/DAST. For execution and analysis, you will be responsible for executing automated test suites and analyzing results to identify defects and areas for improvement. You will also monitor and manage test execution within CI/CD pipelines, implement and maintain automated regression test suites to ensure software stability across releases, and identify and address issues related to application changes. Moreover, you should have at least 2+ years of experience in Performance Testing using Jmeter/Load Runner and 3+ years of experience in API Testing using Postman/Swagger/Open API. In terms of collaboration and communication, you will collaborate with cross-functional teams, including developers, QA engineers, and product managers. You will participate in agile or other development methodologies to ensure alignment with development cycles. You will also be responsible for generating test automation reports, documenting test results, and providing clear and detailed documentation for automated test scripts and frameworks. Continuous learning is an essential part of this role, and you are expected to stay updated with industry trends, tools, and best practices in test automation. You should incorporate new technologies and methodologies to enhance automation capabilities. To qualify for this role, you should have a Bachelor's degree in Computer Science, Engineering, or a related field, proven experience in test automation and software testing, proficiency in programming languages (e.g., Python, Java) and test automation frameworks, familiarity with version control systems (e.g., Git) and CI/CD tools, and strong problem-solving and analytical skills.,

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

Summary : As a Senior Product Security Engineer, you will join our team of talented professionals dedicated to embedding continuous and seamless security into our engineering processes. You will contribute to the development and implementation of our Secure Software Development Lifecycle (S-SDLC), working across multiple technical teams to enhance our security posture. About the role : Promote secure-by-design architectures and implementations across all phases of our S-SDLC. Define product security standards, best practices, and processes with built-in governance and metrics. Develop new security capabilities, patterns and automation to integrate security throughout our development practices. Lead threat modeling sessions and secure code reviews (including of AI-based systems and products). Collaborate with cross-functional teams, including software engineering, platform engineering, QA, and operations. Accelerate security remediation through data analysis and support for product engineering teams. This central role will allow you to have maximum impact ensuring our products and applications meet the highest security standards to protect our customers. About you : Bachelor's degree in computer science or equivalent education experience. 7+ years of hands-on experience in software engineering or application security. Experience conducting security-focused threat modeling and code reviews across multiple technology stacks and programming languages. Experience with security tools (SAST, SCA, DAST, fuzzers a plus) and analyzing their findings. Proven analytical skills with ability to develop innovative solutions to complex security challenges. Both defensive and offensive mindset. Strong understanding of security principles (cryptography, authentication, authorization, etc.) and common vulnerabilities applicable to applications (web, desktop or mobile), APIs and cloud environments. Ability to identify, analyze, and mitigate common security vulnerabilities at both design and implementation levels. Knowledge of software engineering principles with experience designing and implementing secure systems, aligned with secure by design and secure by default principles Proficiency in writing code, tests, deployment logic, and API integrations. Any language welcomed. Python, GoLang, Java preferred. Excellent written and verbal communication skills with ability to articulate complex security concepts to diverse and cross-functional audiences. Preferred Qualifications Experience with a major cloud provider (AWS, Azure, Oracle Cloud or GCP). Experience with Infrastructure as Code (e.g., CDK, Terraform, ). Experience securing or developing systems using Large Language Models, RAG, and AI Agents. Experience with common authentication and authorization standards (SAML and OAuth). Experience with containerized application and container orchestration (Kubernetes, ECS, ). Knowledge of industry security frameworks and maturity models such as OWASP Application Security Verification Standard, CIS Benchmarks, NIST Cybersecurity Framework, OWASP SAMM or BSIMM. Relevant security certifications (e.g., OSCP, OSWE). Experience contributing to open-source security projects. Experience in security research, presenting at conferences, or publishing articles. #LI-SP1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

Your Role Perform static application security testing on source code using Fortify. Perform software composition analysis using Sonatype IQ Assist with scan onboarding and troubleshooting Integrate tools into Jenkins pipelines Collaborate with teams to remediate high/critical findings Generate and analyse SCA scan result Automate reporting and dashboards Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Your Profile Deep understanding of Source code review, SCA and SBOM Hands-on experience with SAST and SCA tool Fortify SCA, Sonatype IQ. Good understanding of secure coding practices for languages such as Java, .NET ,JavaScript,Python,etc. Strong knowledge of OWASP Top 10, CWE, and secure software development lifecycle (SSDLC). Familiarity with CI/CD pipelines and integrating security tools in DevOps. (Jenkins, GitHub) Security certifications such as OSCP, GWAPT, eWPTX, CEH, CRTP will be an added advantage. What will you love working at Capgemini Every Monday, kick off the week with a musical performance by our in-house band - The Rubber Band. Also get to participate in internal sports events, yoga challenges, or marathons. At Capgemini, you can work oncutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. You will have the opportunity to learn on one of the industry"s largest digital learning platforms, with access to 250,000+ courses and numerous certifications.

As a Security Engineer at Pluang based in Gurgaon, you will play a crucial role in enhancing the investment experience for users by ensuring state-of-the-art security and reliability of the platform. Your responsibilities will include collaborating with software engineering teams, defining security requirements, participating in architecture discussions, and maintaining a vulnerability management program to identify security risks across various systems. Your expertise will be utilized in designing and developing automated solutions for security processes, implementing perimeter security measures, application security practices, cloud security controls, and threat detection mechanisms. Additionally, you will support compliance and regulatory requirements, work with third parties to enhance information security governance, and contribute to security projects as necessary. Required qualifications for this role include a minimum of 3 years of experience in Vulnerability Assessment & Penetration Testing for web and mobile applications, as well as infrastructure. You should be familiar with threat detection tools such as EDR and WAF, possess experience with cloud-based microservice architectures, and have conducted application security reviews and code analysis. Collaboration with product managers and software engineering teams to enhance security throughout the software development lifecycle is also essential. Desirable skills for this position include experience in a fast-paced environment, implementing SAST and DAST technologies, and working with Container Security. Pluang offers an attractive compensation package, opportunities for career growth, a healthy work environment, and policies promoting work-life balance and team building. Join Pluang to be part of a team that aims to empower millennials to achieve financial freedom through a diverse range of investment options. With a focus on providing access to financial products in a simple and inclusive manner, Pluang utilizes robust technology to facilitate financial investments with high returns. As an affiliate of PG Berjangka with a trading license from Bappebti, Pluang is committed to making financial markets accessible to individuals from all backgrounds.,

About The Role Job Title - Application security + Manager + Corporate Function Management Level :07 - Manager Location:Bangalore/ Hyderabad (Location flexible for right candidate) Must have skills: Application Security, Web application Scanning, API scanning, Mobile application scanning, SAST, DAST Strong understanding of threats, vulnerabilities, Risk prioritization, Application security design principles and best practices. Experience in designing and implementing Application security controls and frameworks. In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST, OWASP). Hands-on experience with Application security tools and technologies. Good to have skills: Operations Management, Team Management, Invicti, HCL App Scan tool expertise. Job Summary : Applicant to manage the Infosec application scanning team of 25 team members and manage all business as usual activities and team operations along with the periodic reporting to senior management. Roles & Responsibilities: - Expected to be an SME in Application Security Technologies and tools (SAST, DAST, OWASP etc). -Lead and manage the Application security operations and initiatives for the team - Collaborate and manage the team to perform effectively. Responsible for team decisions and ensuring adherence to security best practices. Engage with multiple teams and contribute to key decisions. Expected to provide solutions to problems that apply across multiple teams. Ensure the implementation of robust applications security controls. Conduct risk assessments and vulnerability testing. Develop and maintain security policies and procedures. Professional & Technical Skills: As mentioned above in Must have and good to have skills section Additional Information: - The candidate should have minimum 12 years of experience in Application security, vulnerability management, experience in Application security tools and technologies. About Our Company | AccentureQualification Experience: Minimum 12 year(s) of experience is required Educational Qualification: B.Tech/BE or any graduate with 15 years full time education is required. (Accurate educational details should capture)

We are seeking a highly skilled and proactive Senior Consultant to implement security-as-code principles and automate security controls within CI/CD pipelines at Inspira Enterprise India. In this role, you will be instrumental in conducting secure code reviews, assisting developers in adopting secure coding practices, and deploying and managing a suite of security tools to enhance our overall security posture. Roles and Responsibilities: Implement security-as-code principles to embed security practices directly into the development workflow. Automate security controls within Continuous Integration/Continuous Delivery (CI/CD) pipelines to ensure continuous security validation. Conduct thorough secure code reviews to identify vulnerabilities and provide actionable feedback to development teams. Assist and guide developers in adopting and implementing secure coding practices. Deploy and manage various security tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and container security solutions. Skills Requirement: Proven experience in implementing security-as-code principles. Expertise in automating security controls within CI/CD pipelines. Strong experience in conducting secure code reviews. Ability to guide and assist developers in secure coding practices. Hands-on experience with deploying and managing security tools such as SAST, DAST, SCA, IAST, and container security solutions. QUALIFICATION: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

You are looking for an experienced Java Team Lead who can demonstrate strong technical expertise and leadership skills. In this role, you will be responsible for overseeing the design, development, and deployment of Java-based applications while providing guidance and mentorship to a growing development team. With a minimum of 5 years of overall experience in Java development, including at least 2 years in a leadership role, you will be instrumental in leading the team towards successful project outcomes. Your primary responsibilities will include leading the design and implementation of Java applications, reviewing and testing code to maintain quality and performance standards, and ensuring adherence to SDLC processes and timelines in collaboration with other teams. As a Java Team Lead, you will also be tasked with providing technical mentorship to junior developers, assigning tasks effectively, and ensuring that the application's security measures comply with OWASP guidelines and industry best practices. Proficiency in Spring MVC, Spring Boot, Spring Security, JPA, Hibernate, HTML/JSP/React, and Eclipse is essential for this role, along with a strong background in SQL Server or Oracle databases. Your expertise should extend to identifying and addressing OWASP vulnerabilities, familiarity with DAST and SAST tools, and experience with security tools like Burp Suite, OWASP ZAP, and SonarQube. Additionally, knowledge of microservices architectures and cloud services (AWS, Azure, or GCP) will be advantageous in fulfilling the requirements of this position. To qualify for this role, you should hold a Bachelor's or Master's degree in Computer Science, Engineering, or a related field. If you are ready to take on this challenging yet rewarding opportunity, we look forward to considering your application.,

As an IT Security Senior Analyst, you will be responsible for performing penetration testing (PT), SAST, and articulating findings in an easily comprehensible manner to asset owners. Collaborative skills are essential for this role. Your key responsibilities will include building a Secure Development Lifecycle (SDLC) by embedding SAST, SCA, DAST, and penetration testing into the development pipeline. You will conduct penetration testing of various component types such as web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Additionally, you will run SAST & DAST scans, analyze tool results, provide remediation support, and review open-source components. It will be your responsibility to assess, report, and close identified vulnerabilities and validate issues as part of the responsible disclosure program. You will be required to provide status reports to the PT Service owner and other stakeholders related to key metrics, risk indicators, trending, and compliance. Furthermore, you will analyze security assessment results and threat feeds to appropriately react to security weaknesses or vulnerabilities. Supporting the Automation of Vulnerability Management program to achieve efficiency and effectiveness, as well as configuring and maintaining regular and ad-hoc vulnerability scans using SAST & DAST tools against internal and external applications are also part of your role. To be successful in this position, you should have a minimum of 1.5 years of experience in performing penetration testing of web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Experience working with SAST & DAST programs, developing and communicating SDLC processes, and performing manual source code reviews is required. Proficiency in using tools like Burp Suite and exposure to platforms such as Veracode, Acunetix, Kali Linux, and Android Studio (AVD) are preferred. A good understanding of Windows, Linux, Active Directory, and networking protocols is also necessary.,

We are looking for a skilled and motivated Vulnerability Management Engineer to join our team. In this role, you will be responsible for assessing, tracking, and managing vulnerabilities in cloud and platform environments. You will play a critical role in ensuring the security posture of applications and infrastructure, using various vulnerability management tools and processes. Your responsibilities will include evaluating vulnerabilities, triaging risks, and ensuring proper remediation actions are taken to protect the organization's systems. Responsibilities: - Vulnerability Assessment: Assess the risk of CVEs (Common Vulnerabilities and Exposures) in the context of your environment and prioritize them based on risk. - Vulnerability Management Lifecycle: Triage the entire vulnerability management lifecycle, ensuring vulnerabilities are identified, tracked, and remediated in a timely manner. - Application Security & Vulnerability Management: Manage and oversee the Application Security and Vulnerability Management product, including CSPM (Cloud Security Posture Management), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), Dependency Scans, and Secrets Scans. - Cloud Security & Container Protection: Responsible for platform vulnerability management, including Cloud Security Posture Management and Container Workload Protection using Prisma Scanner. - Change Request Analysis: Evaluate change requests for e-commerce systems, assess security implications, and provide security recommendations. - Change Tracking: Track all feature changes, bug fixes, and release changes for each platform release to ensure no vulnerabilities are introduced. - CVE Tracking: Monitor and track CVEs, ensuring timely identification, prioritization, and assessment of vulnerabilities. - Component Identification: Identify and document components and systems impacted by proposed changes and their associated vulnerabilities. - Security Assessment Planning: Develop and implement security assessment plans for changes to ensure compliance with industry standards and best practices. - Vulnerability Scanning: Conduct regular vulnerability scans of infrastructure and source code, focusing on Kubernetes containerized apps, to identify and prioritize security risks. - Documentation: Maintain detailed and accurate records of vulnerability assessments, findings, remediation actions, and reporting for compliance purposes. - Security Tools: Experience with enterprise-grade vulnerability management tools like Prisma and Wiz is a plus. Qualifications: - Solid understanding of vulnerability management life cycle and risk assessment. - Experience with vulnerability scanning tools and platforms such as Prisma/Wiz. - Familiarity with Cloud Security Posture Management (CSPM), Container Workload Protection, SAST, DAST, and Dependency Scans. - Proven experience in security assessment, vulnerability remediation, and risk management. - Strong knowledge of CVE tracking and vulnerability prioritization techniques. - Knowledge of security best practices and compliance standards. - Excellent documentation, communication, and collaboration skills. - Past experience in operating enterprise-grade security vulnerability management tools is a plus.,

Acceldata is revolutionizing the way companies observe their data by offering comprehensive insights into various key aspects of data, data pipelines, and data infrastructure. Our platform empowers data teams to effectively manage products by ensuring data quality, preventing failures, and controlling costs. We are currently seeking a highly skilled and motivated Security Engineer to join our Infra and Security team. In this role, you will be responsible for vulnerability management across our SaaS and on-premise product stacks, driving both remediation and validation efforts. Your key responsibilities will include identifying, prioritizing, and managing security vulnerabilities, collaborating with product and engineering teams for timely remediation, conducting penetration testing, and integrating security tools for SAST and DAST to proactively secure our applications and infrastructure. The ideal candidate will have proven experience in vulnerability management in both SaaS and on-prem environments, hands-on experience with security testing tools like OWASP ZAP and Burp Suite, familiarity with common vulnerability scanning tools and techniques, a strong understanding of SAST and DAST concepts, tools, and workflows, knowledge of common security standards and frameworks, and the ability to read, understand, and remediate application code or configurations. Excellent problem-solving and communication skills are also essential for this role. At Acceldata, we value mentorship, growth, and provide benefits such as ESOPs, medical and life insurance, paid maternity and parental leave, corporate Uber program, and learning and development support. We are a fast-growing company driven by strong work ethics, high standards of excellence, and a spirit of collaboration. Our goal is to create a healthy work environment that fosters teamwork, innovation, commitment, and accountability. If you are looking to be part of a dynamic team that is redefining data observability for enterprise data systems, then Acceldata is the place for you. Join us in solving complex data problems at scale and be part of a company that values innovation, teamwork, and individual excellence. With a SaaS product embraced by global customers, Acceldata offers a unique opportunity to work on cutting-edge solutions that address challenges such as scaling, performance issues, cost overruns, and data quality problems.,

Job Description Strategy is a pioneering organization dedicated to transforming businesses into intelligent enterprises through data-driven innovation. As a market leader in enterprise analytics and mobility software, we have revolutionized the BI and analytics space, empowering individuals to make informed decisions and reshaping the operational landscape of businesses. Additionally, Strategy is at the forefront of a groundbreaking shift in treasury reserve strategy by boldly adopting Bitcoin as a key asset, solidifying our position as an innovative force in the market. Join us in our mission to redefine financial investment and push the boundaries of analytics. At Strategy, we value our people as the cornerstone of our success. Join a team of smart, creative minds engaged in dynamic projects with cutting-edge technologies. Our corporate values bold, agile, engaged, impactful, and united form the foundation of our culture. As we navigate the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued. Become a part of an organization that thrives on innovation and challenges the status quo every day. Job Location: Pune, India (Full-time in person from Strategy Office, European Hours) Join Strategy's IT Security group as a Senior Application Security Engineer and play a pivotal role in safeguarding Strategy's software applications using modern security and AI tools. In this role, you will be responsible for implementing innovative security practices throughout the software development lifecycle to ensure the resilience of our software products against emerging threats and vulnerabilities. Your responsibilities will include: - Designing and implementing application security architecture and processes aligned with industry best practices and regulatory requirements. - Managing a risk-balanced Secure Software Development Life Cycle (SDLC) by incorporating threat modeling, secure code reviews, and security testing. - Identifying, triaging, and remediating security vulnerabilities through various security testing tools. - Performing advanced penetration testing and red teaming across web, mobile, and cloud applications. - Analyzing source code and providing security recommendations to developers to ensure adherence to secure coding best practices. - Leading and enhancing DevSecOps initiatives by integrating security automation within CI/CD pipelines. - Leading security incident response related to applications and collaborating with engineering teams for effective threat remediation. - Developing and leading customized security training programs for engineering teams. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field. - Minimum 5 years of software development or software security experience in an agile environment. - Hands-on experience with various security testing tools. - Deep knowledge of API security, containerized applications, AI/ML security risks, and infrastructure as code security. - Fluent in programming languages such as Python, Java, JavaScript. - Strong understanding of secure coding principles, application security frameworks, and security standards. - Experience with cloud security best practices in AWS, Azure, or GCP. - Strong interpersonal skills and ability to collaborate effectively with technical and non-technical stakeholders. - Experience mentoring junior engineers and leading security champions within development teams. Join Strategy and be a part of an organization that values innovation, excellence, and collaboration in shaping the future of analytics and financial investment.,

As a ServiceNow Consultant (Development) with 9-13 years of experience, you will be working in Gurgaon and Noida for a global leader in professional services that specializes in risk, strategy, and people. With a strong global presence and a focus on innovation and collaboration, this organization offers expert advisory services and technology-driven solutions in various domains such as insurance, risk management, reinsurance, human capital, health, and strategic consulting. Your role as a Lead Software Engineer will involve driving engineering excellence, promoting AI integration, and leading high-performing teams. You will be responsible for product delivery while emphasizing security, scalability, reliability, maintainability, testability, and AI innovation. Key Responsibilities: - Lead and mentor development teams to encourage growth and innovation. - Design and implement scalable ServiceNow IRM/GRC solutions. - Integrate AI/ML models and productivity tools like GitHub Copilot. - Collaborate with data scientists and stakeholders on AI-driven features. - Ensure robust DevOps, CI/CD, and test engineering practices. - Advocate Agile, TDD, and continuous improvement methodologies. - Conduct code reviews and enforce coding best practices. - Address performance, observability (e.g., Datadog), and security (SAST/DAST). Requirements: - Bachelor's degree in Computer Science, IT, or a related field. - At least 5 years of experience in ServiceNow development with a focus on IRM/GRC. - Proficiency in scripting, integration (REST APIs/JSON), and workspace configuration. - Demonstrated leadership and mentoring skills. - Strong communication abilities. - Understanding of operational risk and compliance management. Preferred Certifications: - ServiceNow CSA, CAD, CISRisk & Compliance (preferred). - Experience with ITSM, ITOM, or CTA certification is a plus.,

Keywords: Cloud Security, Kubernetes Security, SaaS Security, DevSecOps, Infrastructure as Code, CI/CD Security, CSPM, Zero Trust, Cloud-Native Security, Identity and Access Management (IAM), Secrets Management, Threat Modeling, Risk Assessment, Secure SDLC, GitOps, API Security, Container Security Role Overview: Were looking for a Cloud-Native Security Lead to drive the security strategy across our modern cloud-native stack. This role calls for a thoughtful and pragmatic engineer, someone who understands the business context, evaluates trade-offs, and proposes secure, scalable solutions. You should be comfortable navigating ambiguity, using vendor guidance as one input, not the only one, and making decisions grounded in real-world needs. Key Responsibilities: Own and evolve the cloud-native security architecture across Kubernetes, APIs, CI/CD, and serverless platforms Define and implement practical security policies, standards, and controls Partner with engineering and DevOps to embed security early in the SDLC and infrastructure as code Evaluate and integrate security tools (e.g., SAST, DAST, CSPM, secrets management, container scanning) Lead risk assessments, threat modeling, and incident response planning Promote zero-trust principles, IAM best practices, and secure service-to-service communication Mentor teams and advocate for secure-by-design thinking across the organization Ensure security measures align with the pace and priorities of a fast-moving SaaS business Required Qualifications: 7+ years of security experience, including 23 years in cloud-native environments Strong background in SaaS security, with understanding of multitenancy, data isolation, and platform risks Deep knowledge of Kubernetes, containers, cloud platforms (AWS/GCP/Azure), and DevSecOps practices Experience with infrastructure as code (Terraform, CloudFormation), CI/CD pipelines, and GitOps Strong problem-solving skills and ability to weigh business context in security decisions Excellent communication and cross-functional collaboration skills

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

Hiring Application Security Exp: 5+ Years Notice Period : Preferring Immediate Joiners - 30 Days(If Serving and have LWD Confirmation) - Candidate who are in bench or not serving notice period dont apply Location: Marathahalli-Bangalore Mode Of Work : Hybrid Mandatory Skills Required : Application Security,Penetration Testing,SAST,DAST,IT Risk Assesment, Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity CEH/SSCP/OSCP certified. Mode of interview - 1st technical virtual & 2nd technical face to face in Marathahalli - Bangalore location - If you're available for face to face discussions on weekdays - Apply for this role. Interested candidates share your updated resume to suvetha.b@twsol.com

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems . If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Job Opening is for multiple locations- Bangalore, Hyderabad, Trivandrum, Chennai, Pune Technical and Professional Requirements: Security testing with 3-10 years exp - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMSkills Required - Security Testing--Primary skills:Application Security,Application Security-Burpsuite,Application Security-Devsecops,Application Security-Ethical Hacking(CEH),Application Security-Nessus,Application Security-SSL(Secure Sockets Layer),Application Security-Threat Modeling,Application Security-Vulnerability Assessment/Penetration Testing,Application Security-Vulnerability Management,Application Security-Web Security,Application Security-Webservices Security,Security testing-Vulnerability testing,Technology-Application Security-Vulnerability Management-Qualys,Mobile Testing-Mobile Security Testing Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling Technology-Application Security-Ethical Hacking Technology-Application Security-Mobile Application Security Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Infrastructure Security-Secure Web Gateway-TrendMicro Interscan web security Virtual appliance

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology-Security Testing-Security Testing - ALL

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA