239 Sast Jobs - Page 2

Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA

Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Roles and Responsibility Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.

As a Head of Quality Assurance at Commcise located in Bangalore, you will play a crucial role in managing testing activities to ensure the best user product experience. With 13-15 years of relevant experience, you will need to have an Engineering or IT Degree. Your strong expertise in software testing concepts and methodologies, along with excellent communication skills and technical aptitude, especially in automation, will be essential for this role. Your responsibilities will include having a deep understanding of capital markets, trading platforms, wealth management, and regulatory frameworks such as MiFID, SEC, SEBI, FCA. Experience with financial instruments and post-trade processes will also be necessary. You will be required to define and implement comprehensive testing strategies covering functional and non-functional testing, as well as developing test governance models and enforcing QA best practices. Your role will involve a strong grasp of programming concepts, coding standards, and test frameworks like Java, Python, and JavaScript. Expertise in test automation frameworks such as Selenium and Appium, as well as API testing and knowledge of connectivity protocols, will be advantageous. Understanding AI and Machine Learning applications in test automation and driving AI-driven automation initiatives will be part of your responsibilities. Experience in continuous testing within CI/CD pipelines, knowledge of infrastructure as code and cloud platforms, and familiarity with observability tools for real-time monitoring will also be required. You should have expertise in performance testing tools, security testing methodologies, and experience with resilience testing and chaos engineering. Strong leadership skills, team development abilities, and stakeholder management across various teams will be crucial in this role. Having an Agile mindset, leading Agile testing transformations, and implementing BDD/TDD practices will be part of your responsibilities. Strong strategic planning and execution skills, along with a willingness to be hands-on when required, will be essential for driving collaborative test strategies. This role offers an opportunity to work in a dynamic environment and contribute significantly to ensuring the quality and reliability of products in the financial technology industry.,

The role of an Application (software) Security Engineer is an entry-level, hands-on, engineering-focused position with the responsibility of fostering a Secure SDLC and secure by design approach and practice across all software engineering teams. You must possess a good combination of problem-solving and communication skills to effectively support the Application Security, InfoSec, and Software engineering teams. Your main responsibilities will include configuring and fine-tuning Application Security tests and vulnerability scans, integrating security testing into CI/CD pipelines, and collaborating with Senior Application Security engineers on Penetration tests set up and validation. Additionally, you will be expected to document and update processes and procedures, conduct research and consultations with colleagues, deliver secure software development training such as OWASP Top10, and collaborate with Security Analysts on software vulnerabilities and security issues. This will involve determining scope, severity, and potential impact of security issues, recommending next steps, and following through with risk treatment and mitigation. You will also be required to appropriately escalate issues to various teams and levels of authority within the organization. To qualify for this role, you must have a Bachelor's degree in a relevant business or technical discipline, along with a minimum of 3 years of relevant work experience. Demonstrated knowledge of application security concepts, best practices, and methods is essential, as well as experience with various application security tools including SAST, SCA, and DAST. Experience with Web Application security testing like Web Pentesting, Fuzzing, and Automated tests is also required. Ideally, you will also have experience securing cloud infrastructure and cloud applications, working knowledge of various architectures and design patterns, ability to code in at least one programming language (such as python, javascript, or go), familiarity with AWS native security tools, and knowledge of current and emerging security technologies and threats. Experience with threat analysis methodologies and tools, developer tools, project management, bug tracking systems, and integrating security tools into CI/CD pipelines would be considered advantageous for this role. This is a challenging yet rewarding opportunity for an individual with a passion for application security and a drive to contribute to the implementation of secure software practices within a dynamic organization.,

You are seeking a skilled SDET with a solid background in automation testing and proficiency in application security tools such as SAST and DAST. The ideal candidate will possess hands-on experience with Azure DevOps (ADO), Azure Load Testing, as well as familiarity with Selenium and JMeter. Your responsibilities will include developing and managing automated test scripts utilizing Selenium, integrating SAST and DAST tools into CI/CD workflows, and engaging with Azure DevOps pipelines for performance testing using Azure Load Testing and JMeter. Furthermore, you will collaborate with diverse teams to ensure the delivery of high-quality and secure applications, while also analyzing and resolving testing issues and furnishing detailed reports.,

The DevSecOps Security engineer will be responsible for enabling security testing services throughout the lifecycle of an application with the required processes and technologies. This includes cultivating a mindset of "secure by design" within the developer community, supporting driving automation via the application's CI/CD Pipeline, and supporting vulnerability remediation. The ideal candidate should have experience in Security testing activities such as SAST, DAST, Container Image scanning, and associated tools. A deep understanding of modern web application architectures including Microservices, SPAs, and APIs is essential. Experience with writing automation scripts, DevOps platforms like Tekton, CloudBuild, Github Actions, and cloud platforms such as GCP, Azure, or AWS is required. Good knowledge of Agile processes, AI/ML, and LLMs is also desired. Qualifications for this role include three or more years of experience in DevSecOps or Application Security Testing, along with an MCA or B.E/B.Tech (Computer Science/IT) or MS-IT degree from an accredited institution. DevSecOps or Application Security related certifications are preferred. Knowledge of Information Security Policies/Frameworks, being a self-starter, strong interpersonal skills, good communication and presentation skills, willingness to learn new technologies, and work flexible hours across time zones are necessary attributes. Position responsibilities involve defining policies and processes to support DevSecOps for the Enterprise, engaging early with developers in the software development lifecycle, identifying and implementing opportunities for automating security testing, facilitating the onboarding of applications into security tools, supporting application teams with vulnerability remediation, spreading awareness about application security and DevSecOps, working closely with security tool vendors, and producing necessary operational and vulnerability metrics for cyber and operations Leadership.,

As a Security Delivery Associate Manager at Accenture, you will be part of the Technology for Operations team, serving as a trusted advisor and partner to Accenture Operations. Your role will involve providing innovative and secure technologies to assist clients in building an intelligent operating model that drives exceptional results. Collaborating closely with the sales, offering, and delivery teams, you will identify and develop innovative solutions to meet client needs. Your responsibilities will include establishing and maintaining a security governance framework, supporting management structures and processes to ensure information security strategies align with business objectives and comply with relevant laws and regulations. By adhering to policies and internal controls, assigning responsibilities, defining metrics, and reporting, you will help manage risk and compliance requirements effectively. We are seeking a candidate with a commitment to quality, experience in research and development, strong negotiation skills, effective problem-solving abilities, and proficiency in risk management. The ideal candidate will possess in-depth knowledge in application security, hands-on experience in SAST, DAST, and penetration testing, as well as familiarity with DevSecOps and Software Composition Analysis. Additionally, expertise in scripting using Python, database knowledge, networking skills, and certifications such as CISSP, CCSP, CISM, CEH, and ECSA would be advantageous. In this role, you will analyze and resolve moderately complex problems, create new solutions by adapting existing methods and procedures, and align your work with the strategic direction set by senior management. Your primary interactions will be with your direct supervisor or team leads, as well as peers and management levels within Accenture and client organizations. You should be able to work independently on new assignments with minimal guidance, making decisions that impact your team and occasionally other teams. If in a leadership role, you may manage medium-sized teams or work efforts at a client or within Accenture. Please be aware that this position may involve working in rotational shifts.,

Role & responsibilities Perform vulnerability assessments using tools like SAST, DAST, SCA, and manual techniques. Should have hands-on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Check marx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux, etc. Conduct technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them. Manage and improve application security tools (e.g., Check marx, Veracode, Fortify, Burp Suite, OWASP ZAP). Participate in incident response and forensics in the event of a security breach involving application layer components. Contact Person: Divya R Email ID: rdivya@gojobs.biz

Dear Candidate, We are hiring a Security Engineer to design and implement security measures that protect IT systems, data, and networks against threats and breaches. Key Responsibilities: Design and deploy security solutions such as firewalls, IDS/IPS, and endpoint protection. Conduct vulnerability assessments, penetration tests, and threat modeling. Monitor systems for security incidents and respond promptly. Ensure compliance with security standards (ISO 27001, NIST, etc.). Collaborate with DevOps and IT teams to embed security best practices. Required Skills & Qualifications: Proficiency in security tools (Nessus, Metasploit, Splunk, Wireshark). Strong understanding of network and application security. Knowledge of cloud security (AWS, Azure, GCP). Experience with encryption, IAM, and incident response. Security certifications preferred (CISSP, CEH, OSCP). Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Key Responsibilities 1. To be responsible for providing technical guidance to a team of developers, enhancing their technical capabilities and increasing productivity. 2. To conduct comprehensive code reviews, establish and oversee quality assurance processes, performance optimization , implementation of best practices and coding standards to ensure succeful delivery of complex projects. 3. To ensure process compliance in the assigned module| and participate in technical discussions/review as a technical consultant for feasibility study (technical alternatives, best packages, supporting architecture best practices, technical risks, breakdown into components, estimations). 4. To collaborate with stakeholders to define project scope, objectives, deliverables and accordingly prepare and submit status reports for minimizing exposure & closure of escalations. Required Skill: DevOps DevOps Security SAST/DAST Terraform Kubernates

You are a skilled Lead GitLab Engineer responsible for managing and optimizing CI/CD pipelines, repository management, and DevOps workflows. Your deep expertise in using GitLab end-to-end will be crucial for this role. This position is based in Hyderabad. Your main responsibilities will include designing, developing, and maintaining automated build, test, and deployment pipelines in GitLab for all product lines and environments. You will collaborate with development teams to ensure successful deployments and implement and maintain the Git source control system. Developing and maintaining infrastructure as code, implementing Azure monitoring and alerting systems, and creating SOPs, security policies, and procedures will also be part of your role. You will be responsible for developing and maintaining documentation for all processes and should have knowledge of SAST and DAST tools. It would be beneficial to have knowledge of tools like Sonar Cube, SpotBugs, FindSecBug, and ZAP. Additionally, you will train and mentor other team members on DevOps best practices. To be successful in this role, you should have 8-11 years of experience in the Software Industry and DevOps. Deep understanding of DevOps concepts, repository setup and management with GIT and tools like BitBucket/SourceTree, hands-on knowledge of using Git commands, and GitLab practices are required. You should have in-depth expertise in Azure cloud infrastructure, Azure DevOps, AKS, and CI/CD. Proven ability to design containerized solutions using Docker and orchestration with Kubernetes, familiarity with monitoring and logging tools within the Azure ecosystem, and the ability to set up CI/CD pipelines including Maven for Java, Python, and ReactJS applications are essential. Experience with version control systems like GitLab, deployment methodologies, processes, and automation are also necessary. Non-technical/behavioral competencies required for this role include experience working with US-based clients in an onsite/offshore delivery model, strong verbal and written communication skills, technical articulation, listening, and presentation skills. Proven analytical and problem-solving skills, expertise in prioritization, time management, stakeholder management, being a quick learner, self-starter, proactive, and an effective team player are important traits for this position. Experience working under tight deadlines within a matrix organizational structure is also necessary.,

Conduct and participate in the regular governance calls with different stakeholders to enhance the public cloud security operations Management of security validations and exceptions raised on the public cloud infrastructure Drive the process implementation, enhancements and improvements on the Conduct regular governance with vulnerability and SOC teams to enhance the detection security posture on cloud Conduct risk assessments and security evaluations of public cloud applications/infrastructure in line with SGs framework/standards/guidelines Drive the pentest governance strategy, roll-out and remediations within its public cloud scope Drive the cloud native services non-compliance alert escalations, follow-up and reporting Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, secure by design processes) Enforce Group policies / standards and/or procedures / good security practices within its department. Develop and maintain process documentation, and reporting dashboards (KPIs, KRAs) Communicate risk and security recommendations to stakeholders Contribute to security audits support with artifacts (internal audit / regulators) within its scope To act as a security expert and point of contact on all the operational security and risk management activities Drive the remediation of critical vulnerabilities/alerts reported with vulnerability management team reported by CSPs Monitor and coordinate for timely closure of audit recommendations (internal / regulators), if necessary, intervene in support of operational teams. Review the security assessment and audit reports available from CSPs Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations. Prepare, update and review the major incident response plan with the CSPs and internal stakeholders Profile required 14+ years of experience in operational security and risk management, or related fields 8+ years of experience in public cloud security operations in Azure (Preferred) and AWS Strong understanding of cloud native security services on Azure and AWS Strong understanding of infrastructure application security architecture, compliance frameworks, and risk management principles Experience with infrastructure application security assessments, risk assessments, and security controls implementation Excellent analytical, problem-solving, and communication skills Familiarity with cloud security framework, tools, and technologies (e.g., CIS, OWASP, CNAPP, SOC, Infrastructure security, IAM, DevSecOps, DAST/SAST. NIST, CCM) Education Qualification and Certifications: o SC-100, CCSK, CEH or CPENT are mandatory o CCSP or CISSP (optional) Bachelors or master's in computer science/information technology/Information security (Mandatory)

The Job in short No day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, youll need to stay on your toes and ahead of the game. Your core responsibility is to ensure the delivery of secure software. You are the go-to person for security, internally as well as for our clients. Leveraging your technical expertise and leadership, you drive the secure SDLC with its tools and processes. You ensure application security requirements are part of product development. You have expert understanding of application security and application security vulnerabilities and provide guidance to other team members. You provide architecture design reviews as well as source code reviews. You are responsible for Architectural Risk Analysis of the core products and lead the threat modeling activities. You provide training to developers and QA engineers on application security. You research new tools and take the initiative in improving the ways of working. You play a key role in selecting candidates for the security team as well as onboarding and mentoring new hires. Meet the job Looking for a journey instead of a job? Then let’s talk! We are THE pioneers in banking tech. We see opportunities and take the leap. Having the guts to push limits and break barriers to make things happen. We learn and reinvent ourselves for maximum impact, never giving up. We are creators, with a customer-centric mindset that love what they do and bring fun to any challenge. Together we kick ass, have fun and feel proud when our vision is delivered. Next day - we wake up and raise the bar a little higher. Are you ready? As a Senior Application Security Engineer you’ll take the lead in a team of security engineers working to ensure we build, maintain and deploy secure software that is used by millions of users around the globe. If you have a hacker mindset, are passionate about security and always looking to extend your knowledge, then this is the place for you. How about you In order to really own this role, we think you’ll need: Excellent understanding of application security and common application security vulnerabilities; Excellent knowledge of the frontend, backend and mobile security domains; Good understanding of DevOps and cloud native technologies; Successful track record driving security initiatives; We’ll be delighted if you bring experience in the following topics but otherwise these would be opportunities for you to grow your knowledge working in the security team: Implementing OWASP ASVS/M-ASVS and SKF; Implementing SAST, SCA, IAST and RASP tools in the SDLC; Assessing and implementing security maturity models; Facilitating threat modeling sessions with the development teams; Pen testing web and mobile applications; Training and guiding developers on application security concepts; Relevant regulations such as GDPR and PCI-DSS. A background in development and a good understanding of the SDLC; English language on a professional level, written and spoken.

We are hiring for Senior Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 4.8 to 8 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2-4 Years Primary Skills : Web App, API, Mobile App ,API Responsibility: API functional testing, Mobile functional testing ,API integration Thanks and Regards, Ankita Ghosh

Greetings, Hope you are doing well. We have an Opportunity for QA - Security Testing with our Reputed MNC company. So If you interested so kindly revert with your updated cv & below required details Experience- 3- 8 yrs Mode- Hybrid Location - Pune

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Design, implement, and manage application security controls, leveraging security recommendations. Requirement of Web Application Security, Mobile Application Security and Api Having deep Knowledge Application Security

Dear Candidate, We are seeking a skilled DevOps Engineer to join our team. The ideal candidate will be responsible for streamlining the software development and deployment process, automating workflows, and ensuring that our systems are scalable, secure, and reliable. You will collaborate closely with development, operations, and product teams to build and maintain infrastructure and ensure continuous integration and delivery. Role & Responsibilities: Automation & Scripting : Design and implement automated systems for deployment, monitoring, and infrastructure management using tools like Terraform , Ansible , or Chef . Continuous Integration/Continuous Deployment (CI/CD) : Develop and manage CI/CD pipelines using tools like Jenkins , GitLab CI , or CircleCI to enable rapid and reliable software deployment. Infrastructure Management : Manage and maintain cloud infrastructure (AWS, GCP, Azure) and on-premise systems, ensuring high availability, scalability, and security. System Monitoring & Performance : Monitor system performance, including application uptime, server health, and resource utilization. Use monitoring tools like Prometheus , Grafana , or Datadog to ensure smooth operation. Collaboration with Development Teams : Work closely with development teams to ensure the continuous delivery of high-quality software and streamline the development process. Security & Compliance : Implement and maintain security practices such as automated patch management, vulnerability scanning, and encryption to safeguard infrastructure. Version Control & Repository Management : Utilize version control systems like Git and repository management tools like GitHub or Bitbucket for code collaboration and management. Required Skills & Qualifications: DevOps Tools & Technologies : Strong experience with DevOps tools such as Jenkins , Docker , Kubernetes , Terraform , Ansible , Chef , and Puppet . Cloud Platforms : Extensive experience with cloud services like AWS , GCP , or Azure to build, manage, and scale infrastructure. Automation & Scripting : Proficiency in scripting languages like Python , Bash , or Ruby to automate repetitive tasks and streamline workflows. Containerization & Orchestration : Hands-on experience with Docker , Kubernetes , or other container orchestration tools for building and managing containers. CI/CD Practices : Expertise in setting up and maintaining CI/CD pipelines to automate the build, testing, and deployment processes. Infrastructure as Code (IaC) : Experience with Terraform or CloudFormation to manage infrastructure resources as code. Version Control : Proficiency in version control systems, specifically Git , for managing codebases and collaborating with teams. Monitoring & Logging : Familiarity with monitoring tools like Prometheus , Grafana , Datadog , or New Relic to ensure system health and performance. Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Job Responsibilities: Conduct manual exploitation penetration testing , identifying vulnerabilities across various application types. Perform DAST (Dynamic Application Security Testing) for Web, API, and Thick Client applications. Execute SAST (Static Application Security Testing) , including secure code analysis and Software Composition Analysis (SCA). Apply strong Java coding skills to understand, analyze, and potentially exploit vulnerabilities, as well as assist with secure code development. Utilize security testing tools such as Fortify, BurpSuite Pro, Postman, and SOAP UI effectively in testing efforts. Work with Linux environments for security testing tasks. Engage in DevSecOps practices, integrating security into the CI/CD pipeline. Ensure adherence to security standards , particularly OWASP Top 10 scenarios, during all testing phases. Work within an onshore-offshore model , coordinating directly with customers. Facilitate effective stakeholder coordination to communicate findings and collaborate on remediation. Required Skills: Strong hands-on experience in Java coding skills . Expertise in manual exploitation penetration testing . Experience with DAST (Web, API, Thick Client) and SAST (Secure code analysis, SCA). Hands-on knowledge/experience with Linux and DevSecOps . Proficiency with Security Testing Tools (Fortify, BurpSuite Pro, Postman, SOAP UI, etc.). Understanding of Security Standards , especially OWASP Top 10 scenarios. Security Testing Certifications such as CEH or BurpSuite certified.

As a C#.NET Developer, you will collaborate closely with engineering teams and the Information Security group to ensure that client applications are developed with a strong focus on security. Your deep understanding of the OWASP Top 10 project and best practices for preventing vulnerabilities across various tech stacks will be crucial for success. You will play a key role in overseeing Static Application Security Testing (SAST) during the development lifecycle, ensuring proper remediation of reported vulnerabilities, and providing training to developers on vulnerability remediation. Implementing OWASP Application Security Verification Standards (ASVS) will also be part of your responsibilities. Additionally, you will serve as a role model for a small team and effective communication skills along with familiarity with DevOps pipelines are essential for this role. Your primary responsibilities will include shifting security left in the Software Development Life Cycle (SDLC) for different applications, providing guidelines, tools, and best practices for SAST, DAST, SCA, and RASP, offering guidance and coaching to teams on security remediation efforts, assisting teams in integrating security scans into their pipelines, ensuring dependency scans are part of the development process, delivering ongoing training on new application threats and remediation techniques, advising on OpenID Connect (OIDC) and OAuth2 best practices, helping engineering teams in planning long-term remediation solutions, collaborating with the Information Security team on prioritizing applications and vulnerabilities based on risk, and guiding teams on proper storage and retrieval of application secrets. The required skills and experience for this role include a minimum of 5 years of software development experience, expertise in SAST, DAST, SCA scans with primary skill set in C# .NET development, secondary skill set in Python or Java, some exposure to cloud platforms like Azure, AWS, or GCP, and familiarity with tools like Fortify on demand and Invicti Netsparker. While the exact compensation may vary based on factors such as skills, experience, and education, employees in this role will receive a comprehensive benefits package starting from day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan will begin after 90 days of employment. Additionally, employees will have access to paid sick leave and other paid time off benefits as mandated by the applicable law at the worksite location.,

Harness is a high-growth company that is disrupting the software delivery market. The mission at Harness is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely, and quickly. This not only increases customers" pace of innovation but also improves the developer experience. Harness offers solutions for every step of the software delivery lifecycle, including building, testing, securing, deploying, and managing reliability, feature flags, and cloud costs. The Harness Software Delivery Platform encompasses modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights, and is expanding rapidly. Led by technologist and entrepreneur Jyoti Bansal, who previously founded AppDynamics and sold it to Cisco for $3.7B, Harness is backed with $425M in venture financing from top-tier VC and strategic firms. Some of the notable backers include J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, and many others. **About The Role** Harness is seeking a Senior Product Manager to spearhead the strategy, roadmap, and delivery of the Traceable Application Security Testing module. The focus of this role is on developing cutting-edge solutions across SAST, Secrets Detection, Container Security, DAST, and API Security Testing. The Senior Product Manager will collaborate with engineering, customers, and cross-functional teams to launch products that enhance the security of modern applications at scale. **Key Responsibilities** - Own the vision, strategy, and roadmap for the Traceable AppSec Testing product line. - Define and prioritize features for SAST, Secrets Detection, Container Security, DAST, and API Security Testing. - Collaborate closely with engineering to ensure the delivery of high-quality, secure, and scalable products. - Engage directly with customers to grasp their security workflows, pain points, and priorities. - Work with marketing, sales, and support teams to orchestrate successful product launches and drive adoption. - Keep abreast of competitive trends and emerging threats to steer product direction. - Establish and measure success metrics while driving continuous improvement. **Required Qualifications** - 6-10 years of product management experience, with a focus on building and releasing enterprise security or developer products. - Profound understanding of DevSecOps practices and Application Security (AppSec), particularly in SAST, DAST, secrets detection, container security, and API security. - Demonstrated ability to shape product strategy and translate customer needs into actionable requirements. - Excellent communication, collaboration, and stakeholder management skills. - Experience collaborating with technical users such as developers, security engineers, and DevOps teams. **Preferred Qualifications** - Familiarity with CI/CD, cloud-native security, Kubernetes, or software supply chain security. - Background in software development or security engineering is a plus. **Work Location** The successful candidate for this role will be expected to be present in the Bangalore office three times a week. At Harness, you can expect: - Experience in building a transformative product - End-to-end ownership of your projects - Competitive salary - Comprehensive healthcare benefits - Flexible work schedule - Quarterly Harness TGIF-Off for four days - Paid Time Off and Parental Leave - Monthly, quarterly, and annual social and team building events - Monthly internet reimbursement **Harness In The News** - Harness Grabs a $150m Line of Credit - Welcome Split! - SF Business Times - 2024 - 100 Fastest-Growing Private Companies in the Bay Area - Forbes - 2024 America's Best Startup Employers - SF Business Times - 2024 Fastest Growing Private Companies Awards - Fast Co - 2024 100 Best Workplaces for Innovators *Note on Fraudulent Recruiting/Offers* If you suspect fraudulent recruiting attempts or have received unsolicited emails or messages claiming to be from Harness recruiters or hiring managers, please refrain from providing personal or financial information. Contact Harness immediately at security@harness.io. Further information on this type of scam can be found on the Federal Trade Commission's website. Alternatively, you can reach out to your local law enforcement agency.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The opportunity EY is looking for a Manager Technology Consulting/Software Architect. We are looking for a seasoned Software Architect with over 10+ years of hands-on experience in Full stack Application development, DevOps Platform tooling, and database development. The ideal candidate thrives in dynamic environments with aggressive project timelines. Strong proficiency in Full stack technologies preferably in Java, Angular and ReactJS, DevOps Platform tooling (CI/CD Toolchain like Jenkins, Maven, GitLab, Ansible, JMeter etc.). Key Responsibilities: - Managing a team of software developers to deliver high quality and robust web-based applications in a SaaS setup. - Attracting and retaining top talent and building capabilities within the team. - Effectively collaborating with key stakeholders including other managers/senior managers, product managers, platform, and operation teams. - Setting up technical standards and governance structure for the enterprise. - Providing technology architecture expertise and guidance across multiple business divisions & technology domains. - Assist business strategy and accordingly drive technology strategy from an architecture perspective. - Driving technology strategy from an architecture perspective, across a portfolio of applications, for resource optimization and risk mitigation. - Translating business requirements into specific system, application, or process designs, including working with business personnel and executives to identify functional requirements. - Define/maintain Target Architectures in Roadmaps. - Lead and/or assist efforts to scope and architect major change programs, leading strategic options analysis & proposing end-to-end solutions & highlighting trade-offs. - Review ongoing designs of major programs to identify strategic opportunities and resolve design issues during delivery. - Identify key technology enablers to optimize IT investment. - Develop highly complex solutions that exemplify quality optimization regarding reliability, availability, scalability, manageability, flexibility, usability/reusability, and high performance. - Lead other IT Architects to provide effective consulting on complex projects including RFP technical evaluations for various business domains. - Lead multifunctional teams in successful application of methodologies and architecture modeling tools. - As an architect, the person would be responsible for suggestion and implementation of new technologies. Collaborate with key stakeholders in Software development, IT infra domain, IT-vendors, and other architects to achieve enterprise business goals. Requirements: - BE/BTech in (Computer Science/Computer Science & Engineering/Information Technology/Software Engineering/Electronics & Communications Engineering or equivalent degree in relevant discipline) or MCA or MTech/MSc in (Computer Science/Information Technology/Electronic & Communications Engineering) from recognized University/Institute. - MBA as an additional qualification is preferred. - Minimum 10 years post basic qualification in IT field. - Minimum 5 years preferably in Data-centric organizations. - Working knowledge of Data warehouse and data lake architecture preferred. - Expertise in all or some of the technology like C++, Java, JavaScript, Type Scripts. - Expertise in SQL and ORM technologies like Hibernate and Spring Boot. - Expertise in UI/UX technologies preferably in Angular and ReactJS. - Working knowledge of Automation service provisioning and middleware configuration. - Working knowledge of REST-based microservices web application architecture is preferred. - Working knowledge of no-SQL databases like mongo, Casandra is preferred. - Experience in handling JSON, XML, CSV data through code is preferable. - DevOps Architectural knowledge is a must. - Expert/Professional level Certification in software architecture preferred. - Familiarity with agile software development methodologies. - Skills with RHEL and Windows Operating System. - Knowledge of Red Hat Ansible Automation Platform. - Familiar with security automation testing processes (e.g., SAST, DAST, etc.) and tools. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

Job Tittle - Security Test Engineer Job Type: Full-time EXP 4+ Years Location - Gurgaon Role & responsibilities Responsibilities: Perform Security Assessments: Conduct various types of security testing, including: Penetration Testing: Perform black-box, gray-box, and white-box penetration testing on web applications, APIs, mobile applications (iOS/Android), and network infrastructure. Vulnerability Assessments: Utilize automated and manual techniques to identify security weaknesses. Static Application Security Testing (SAST): Analyze source code to identify potential vulnerabilities. Dynamic Application Security Testing (DAST): Test applications in a running state to find vulnerabilities. Interactive Application Security Testing (IAST): Combine elements of SAST and DAST for comprehensive testing. Configuration Reviews: Assess the security posture of various systems and applications. Threat Modeling: Participate in threat modeling sessions to identify potential attack vectors and vulnerabilities early in the development lifecycle. Vulnerability Management: Document identified vulnerabilities clearly and concisely, including steps to reproduce, impact, and severity. Communicate findings to development teams and stakeholders effectively. Track and manage vulnerabilities through their lifecycle, from discovery to remediation and retesting. Provide guidance and recommendations to development teams on remediation strategies. Security Tooling & Automation: Utilize and configure security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, Acunetix, Fortify, Checkmarx, Metasploit). Develop and implement automated security tests and scripts to improve efficiency. Stay up-to-date with the latest security testing tools, techniques, and best practices. Collaboration & Communication: Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC (Secure SDLC). Educate and mentor developers on secure coding practices and common vulnerabilities. Participate in security code reviews. Present security findings and recommendations to technical and non-technical audiences. Research & Development: Stay informed about emerging security threats, attack vectors, and industry trends. Contribute to the improvement of security testing methodologies and processes. Participate in security community activities, conferences, and training. Required Skills & Qualifications: Education: Bachelors degree in computer science, Information Security, or a related field (or equivalent practical experience). Experience: Junior Level: 1-3 years of experience in security testing, penetration testing, or application security. Mid-Level: 3-6 years of experience in security testing, penetration testing, or application security. Senior Level: 6+ years of experience in security testing, leading penetration testing engagements, and architecting secure solutions. Technical Skills: Strong understanding of web application security vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit). Experience with various operating systems (Linux, Windows). Familiarity with scripting languages (e.g., Python, Ruby, PowerShell, Bash). Understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of secure coding principles and common programming languages (e.g., Java, Python, C#, JavaScript, Node.js). Experience with cloud security (AWS, Azure, GCP) is a strong plus. Familiarity with CI/CD pipelines and integrating security into automated workflows. Soft Skills: Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical audiences. Ability to work independently and as part of a team. High attention to detail and a methodical approach to testing. Curiosity and a strong desire to learn and stay current with security trends. Desired Certifications (Plus, but not required): OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) CEH (Certified Ethical Hacker) CompTIA Security+ SANS certifications (e.g., GWEB, GWAPT, GPEN) CSSLP (Certified Secure Software Lifecycle Professional)

Overview Skills :- Product Security, Devops, SCA, SAAS Platforms, SecDevops, SAST Location :- Hyderabad Shift Timing :- 2.00 pm -11.00 pm (IST) About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4500 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Role Overview We have an exciting opportunity for an Engineer, Product Security at our Hyderabad office. This role supports secure software development, risk mitigation, and product security best practices across automated platforms and infrastructure-as-code environments. The Product Security Engineer will perform vulnerability assessments, provide risk analysis, support incident response, and collaborate with development and DevOps teams to embed security into all stages of the product lifecycle. This role plays a vital part in enabling secure, scalable, and compliant services across Omnicom’s digital ecosystem. Responsibilities Assist in implementing secure software development standards and practices. Support integration of security measures into automated service platforms and infrastructure-as-code. Conduct regular security assessments and vulnerability scans for applications and infrastructure. Analyse and report on security risks and vulnerabilities; provide mitigation recommendations. Collaborate with the incident response team on investigations and real-time threat intelligence. Monitor and manage security tools to detect and respond to application and infrastructure threats. Continuously monitor cloud environments and SaaS platforms for emerging security threats. Work closely with development, QA, and IT teams to support secure software delivery. Prepare and present security metrics, reports, and summaries to Product Security Leads and stakeholders. Deliver security awareness training on secure software development and SecDevOps practices. Contribute to the maintenance of security documentation and internal guidelines. Qualifications 3-5 years of experience in cybersecurity, software engineering, or DevOps with a focus on product security. Familiarity with security assessment tools (e.g., SAST, DAST scanners) and CI/CD environments. Basic understanding of secure coding, cloud security, and infrastructure-as-code practices. Hands-on experience with tools such as GitHub, AWS, Terraform, Jenkins, Docker, etc. Understanding of IT governance frameworks (e.g., SDLC, ITIL) is a plus. Strong analytical, documentation, and troubleshooting capabilities. Bachelor's degree in Cybersecurity, Computer Science, IT, or related field. Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis Certifications such as Security+ or CEH are a plus. Preferred Qualifications AppSec depth (CSSLP, eWPT), Cloud specialization (AWS Security), Foundational credibility (Security+), and CEH are a plus. Experience with cloud security frameworks and zero trust architecture.

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable. Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity. We are seeking an experienced DevSecOps Engineer with a strong background in cloud security, infrastructure management, and secure software development. The ideal candidate will have extensive hands-on expertise across major cloud platforms, containerization technologies, and security frameworks. You will be responsible for architecting, implementing, and maintaining secure cloud environments while ensuring that security is seamlessly integrated throughout the development lifecycle. What youll be doing: Cloud Infrastructure & Security Architect and secure highly available, scalable, and fault-tolerant systems across AWS, GCP, and Azure environments Design and implement robust Layer 3/Layer 4 firewall solutions and network security controls Implement and manage intrusion detection systems (IDS) and intrusion prevention systems (IPS) Design and deploy container security strategies for Docker and Kubernetes environments Manage cloud security services including WAF, service mesh, and threat modeling Ensure 99.99% uptime while maintaining strong security posture DevOps & Automation Leverage automation technologies (Ansible, Chef, Puppet, Jenkins) to manage infrastructure and deployment pipelines Develop, deploy, and maintain infrastructure-as-code solutions using Terraform, CloudFormation, and cloud-specific CLIs Build and maintain secure CI/CD pipelines with integrated security testing Identify and implement open-source security tools as alternatives to commercial solutions without compromising reliability or performance Security Compliance & Auditing Ensure compliance with PCI-DSS requirements and prepare systems for PCI audits Participate in security assessments, including threat modeling and vulnerability scanning Document security controls and maintain evidence for compliance requirements Create and maintain security documentation and training materials API & Application Security Implement API security best practices including authentication, authorization, and rate limiting Troubleshoot and resolve SSL/TLS issues across various environments Perform security assessments of applications and APIs Develop secure coding guidelines and review processes Monitoring & Incident Response Lead incident response activities for security events Configure and maintain security monitoring solutions Develop automated security responses to common threats Conduct post-incident analysis and implement improvements Who you are: 7+ years of experience in DevOps, Security Engineering, or similar technical roles Strong hands-on experience with major cloud platforms (AWS, GCP, Azure) Deep understanding of network security concepts including Layer 3/Layer 4 firewalls Experience with intrusion detection systems (IDS) and intrusion prevention systems (IPS) Expertise in container security and Kubernetes security controls (CKA/CKAD/CKS preferred) Experience supporting systems requiring 99.99% uptime or higher Proven ability to implement open-source security tools as alternatives to commercial solutions Experience with PCI-DSS compliance requirements and audit processes Strong knowledge of API security implementation, including rate limiting and authentication Proficiency in troubleshooting SSL/TLS issues and certificate management Experience with infrastructure as code (Terraform, CloudFormation, etc.) Proficiency in at least one scripting/programming language (Python, Bash, Java, C#, etc.) Strong analytical, troubleshooting, and problem-solving skills Excellent communication skills to bridge technical and non-technical teams Proactive approach to identifying and mitigating security risks Ability to work in a fast-paced environment and manage multiple tasks concurrently Passion for continuous learning and staying current with security trends Preferred Qualifications: Security certifications (CISSP, CEH, AWS Security, PCI QSA) Cloud platform certifications (AWS Certified Solutions Architect, Azure Security Engineer, GCP Professional Cloud Security Engineer) Experience with other compliance frameworks (SOC2, ISO27001, NIST) Experience with security monitoring and SIEM tools Knowledge of zero-trust architecture principles Experience mentoring junior team members