163 Sast Jobs - Page 2

Roles and Responsibilities Conduct SAST, DAST, SCA, and PT analysis on software applications to identify vulnerabilities and weaknesses. Collaborate with development teams to remediate identified issues and implement security patches. Develop expertise in multiple programming languages such as Java, Python, C++, JavaScript, HTML/CSS. Provide technical guidance on application security best practices to team members. Participate in code reviews to ensure adherence to coding standards.

Role & responsibilities Experience: At least 6 years in static code analysis/SAST (Static Application Security Testing), secure coding, and software development. Technical Skills: Proficiency in static code analysis tools (e.g., SonarQube, Veracode, Checkmarx) and experience with secure code review of multiple programming languages, including: Java Python .NET/C# C/C++ Code Review Skills: Ability to read and understand source code across various programming languages and tech stacks, troubleshoot false positives, and confirm genuine issues. Secure Coding Knowledge: Strong understanding of secure coding practices, including OWASP Top 10, SANS 25, and CWE, applicable to cloud and non-cloud environments.

locationsGURGAON, IND time typeFull time posted onPosted 4 Days Ago job requisition idR1147923 . We are seeking an experienced DevOps Engineer to join our team. In this role, you will be responsible for designing, implementing, and maintaining secure cloud infrastructure using cloud-based technologies, including Oracle and Microsoft platforms. You will build and support scalable and reliable application systems and automate deployments. Additionally, you will integrate various systems and technologies using REST APIs and automate the software development and deployment lifecycle. Leveraging automation and monitoring tools, along with AI-powered solutions, you will ensure the smooth operation of our cloud-based systems. Key Areas of Responsibility Implement automation to control and orchestrate cloud workloads, managing the build and deployment cycles for each deployed solution via CI/CD. Utilize a wide variety of cloud-based services, including containers, App Services, API , and SaaS-oriented integration. GitHub and CI/CD tools (e.g., Jenkins, GitHub Actions, Maven/ANT). Create and maintain build and deployment configurations using Helm and Yaml. Manage the software change control process, including Quality Control and SCM audits, enforcing adherence to all change control and code management processes. Continuously manage and maintain releases, clear understanding of release management process Collaborate with cross-functional teams to ensure seamless integration and deployment of cloud-based solutions. Problem-solving, teamwork, and communication to emphasize the collaborative nature of the role. Perform builds and environment configurations. Required Skills and Experience 10+ years of overall experience, with at least 5 years in DevOps. Expertise in automating the software development and deployment lifecycle using Jenkins, Github Actions, SAST, DAST, Compliances, and Oracle ERP DevOps tools. Proficient with Unix Shell Scripting, SQL*Plus, PL/SQL, and Oracle database objects. Understanding of branching models is important. Experience in creating cloud resources using automation tools. Strong hands-on experience with Terraform and Azure Infrastructure as Code (IaC). Hands-on experience in GitOps, Flux CD/Argo CD, Jenkins, Groovy. Building and deploying Java and .NET applications, Liquibase database deployments. Proficient with Azure cloud concepts, creating Azure Container Apps, Kubernetes, Load balancers, Az CLI, Kubectl, Observability, APM, App Performance reivews. Azure AZ-104 or AZ-400 Certification is a plus Offers of employment are conditional upon passage of screening criteria applicable to the job.

PREFERENCE: Early joiners preferred This position is strictly Work from Office. Please read this carefully before applying. Working days will be 5 per week. The job location will be Sec 59, Gurgaon Candidates currently based in Delhi-NCR Prior experience in a startup or fast-paced environment Immediate availability for interviews Strong communication skills and team fit Long-term commitment preferred Job Title: DevOps Engineer Location: Sector 59, Gurgaon/Gurugram Experience: 4 to 7 years Industry: BFSI Employment Type: Full-time Work Mode: On-site Job Description: We are hiring a DevOps/Integration Engineer with strong experience in CI/CD , cloud (AWS/OCI) , and DevSecOps tools . The candidate should be skilled in integrating and troubleshooting across build systems, application monitoring, and secure deployments in hybrid (on-prem + cloud) environments. Key Responsibilities: Set up and manage CI/CD pipelines , quality gates, and vulnerability scanning Configure & troubleshoot SAST/DAST tools Manage build/compile tools - Maven, Gradle, etc. Use tools like Prometheus , Grafana , ELK , or Splunk for monitoring/logging Work on cloud (AWS/OCI) and on-prem infrastructure Troubleshoot network issues and maintain system uptime Experience with Hibernate , clusters , and performance tuning Collaborate with development and security teams for smooth delivery Required Skills: CI/CD tools: Jenkins, GitLab CI, Azure DevOps Cloud platforms: AWS or Oracle Cloud Build tools: Maven, Gradle Security: SAST/DAST, DevSecOps integration Monitoring: ELK, Prometheus, Grafana Networking & troubleshooting Hibernate, clustering exposure Good to Have: Certifications (AWS, OCI, DevOps) Docker/Kubernetes knowledge Awareness of OWASP or ISO compliance

Senior Manager, Corporate Security – Application Security Architect Remote Job Description About Corporate Security Cognizant Corporate Security, a key organization within Cognizant Technology Solutions, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks. Position Description Cognizant is searching for an experienced Application Security Architect who can lead application security initiatives for product teams in the Cognizant Healthcare division. This will include day-to-day collaboration with product teams, ensuring that they meet Cognizant Security requirements and architectural standards in addition to regulatory and contractual obligations. This will also include reviewing application designs to ensure security is part of each product from the start. You would ensure solutions are appropriately assessed prior to release, and work with product teams to prioritize remediation of findings from security activities. This is not an assessment/testing role; although testing experience will be beneficial, the role is for design-level review and guidance. To excel in this role, you will need the following: 5+ years of application security and secure coding experience. Expertise in implementing a secure SDLC within an Agile framework for new and existing applications. Expertise in designing and implementing application security controls across complex and diverse environments. Experience reviewing testing/scanning results and communicating the technical implications to development teams. Ability to assess real-world risk and communicate that in technical and business/management contexts. Exceptional verbal and written communication skills, including the development of reports and best practices documents. An attitude of always learning, sharing your knowledge with the team, and collaborating across multiple security teams. Strong attention to detail and self-organization skills. Experience working remotely and with geographically separated teams. Additional preference for candidates who: Have done application development in large-scale environments. Have conducted threat models. Have integrated application security practices into CI/CD pipelines and DevOps environments. Have experience with Java and .NET. Have secured applications in Cloud environments (especially Azure). Understand network and infrastructure security. Have conducted application testing (SAST, DAST, and manual assessments). Obtained relevant GIAC or Offensive Security certifications. About Cognizant Technology Solutions Cognizant is a leading provider of Information Technology, Consulting, IT Infrastructure, and Business Process Outsourcing services. Cognizant’s single-minded mission is to dedicate our business process and technology innovation know-how, deep industry expertise, and worldwide resources to working together with customers to make their businesses stronger. As a customer-centric, relationship-driven partner, we are redefining the way companies experience and benefit from global services. Our unique delivery model is infused with a distinct culture of high customer satisfaction. Cognizant delivers a trusted partnership, cost reductions and business results. Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500. Cognizant is ranked among the top performing and fastest growing companies in the world. Visit us online at http://www.cognizant.com/ or follow us on Twitter: Cognizant. Cognizant is an Equal Opportunity Employer M/F/D/V. Cognizant is committed to ensuring that all current and prospective associates are afforded equal opportunities and treatment and a work environment free of harassment.

Job Purpose (overall high-level summary of the role) Build and lead global relationships for Cybersecurity (sitting within the wider IT organization), representing WPB IT and WPB Cyber interests within the context of transformational and service uplift from central and federated functions. As a senior Cybersecurity SME for WPB, promote the principles of secure development and ensure effective coverage for all Cybersecurity services consumed. The Senior Cyber SME is, among many other things, responsible for the following key activities: Coordinate and manage the relationship between the central Cybersecurity leadership teams, WPB IT leadership and WBP CISO; reporting to WPB IT CISO. Provide specialist technical and process knowledge to influence support and manage the direction of cyber tooling, processes and practices into WPB IT and engineering teams. Lead the Information Security agenda within the central cyber control owners, including driving business/functional stakeholder engagement to ensure delivery of security programmes, tooling, and initiatives. Develop and maintain strong relationships with the cyber control owners and Heads of cybersecurity functions to ensure optimum synergy and collaboration between them WPB IT. Monitor and engage with cyber control owners, heads of cyber practices and central programme managers to shape and represent WPB IT in order to ensure that deliveries align with WPB IT interests and strategic direction. Promote the development and rollout of security tools and processes that aligns with WPB IT engineering strategies and ensure that group security scanning and orchestration tools can be adopted and used within WPB IT s CI/CD pipeline and engineering teams. Work with service line and value stream CIOs and their representatives to ensure that cyber assurance actions, vulnerability remediation and KCI compliance receives the right level of attention and support, and to escalate and highlight blockers if required. Guide the service lines/value streams CIOs and their representatives with respect to compliance with relevant security policies, standards, and governance, including challenging the risk profile, appetite, and control effectiveness, coordinating with embedded WPB Cyber SMEs, Risk Champions, and central Cyber teams required to ensure overall WPB IT operation within appetite. With specific focus ensure that control and risk metrics and related responsibilities for cyber assurance activities, vulnerability, and secure development practices & tooling, third party security reviews are monitored, actioned, and understood by WPB CIOs and their delegates. Ensure that WPB IT and Cyber priorities are communicated to cyber control owners and central cyber functions. Facilitate ongoing cybersecurity awareness within the Service Line to strengthen the responsible culture. Lead Annual Assurance activities (Pen Test & TMA) for WPB and provide oversight responsibility for TPSR Organization structure Reports to the WPB IT CISO Principal Accountabilities: key activities and decision-making areas Typical Targets and Measures Impact on the Business/Function Protect the Bank. Lead Security embedding within WPB IT together with the WPB CISO, owning the relationship with cybersecurity control owners and heads of cyber functions. Uses technical expertise and experience to enable WPB IT and Cybersecurity to develop implementable designs, solutions and operational plans to ensure compliant security is enforced. Leads and drives this change through effective communication, preparation, and implementation. Driving sustainable growth. Drive efficiencies in the SDL through secure from start development, SecDevOps and minimal iterative issue-remediation. Ensure that evolving technologies are embraced with appropriate mitigation controls and contingency planning. Achieving excellence. Promote the understanding of risk in the context of security in order to align WPB security practices with business risk appetite and strategic objectives. Generate an environment in which innovation is supported by security in the working practices. Measures benefits over the short, medium, and long term. Demonstrates a comprehensive WPB IT view when developing solutions. Executes ideas and innovation that are original but remain aligned to business objectives and cybersecurity principles and plans. Customers / Stakeholders Customer focus. Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize strong Cybersecurity principles to improve availability and ensure privacy for customers. Strengthening stakeholder relationships. Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include technology and business heads across WPB and Cybersecurity along with other GB/GF/R counterparts across the globe. Understanding markets and customers Cultivate strong relationships with organizationally important global and/or high value stakeholders with a tailored approach. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets. Promotes the most appropriate security solution even if there are short term additional costs. Demonstrates sensitivity to the realities and concerns of their stakeholders' situation. Analyses and interprets the evolving security threat landscape. Uses innovation to address the needs of customers and stakeholders (building trust). Leadership & Teamwork Drive the development and communication of a clear vision for secure development and maintenance in WPB IT which is aligned to the overall HSBC and Cybersecurity strategy, values and goals in order to inspire and engage people to create an inclusive, high performing, customer-centered culture. Lead, develop and motivate adoption of and compliance with the cybersecurity principles across the lifecycle in the PODs, XFTs, and service Lines / value streams within WPB IT. Lead and encourage constructive teamwork within value streams by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviors that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers. Monitors complex dependencies and respond accordingly to ensure on-going delivery to local and WPB IT goals. Translates the required course of action into a clear and realistic vision. Develops international solutions that are beneficial for the Service Line across its geographies and its customers. Identifies and builds relationships with key contacts and influencers Effectively translates coaching requirements to WPB IT s overall performance requirements. Operational Effectiveness & Control: Lead the continuing development, implementation and improvement of the security processes, understanding of risk and controls, and capabilities needed to deliver agreed plans and targets. Collaborate with control owners and WPB leadership to maximize end-to-end integration, effectiveness, and efficiency. Establish and maintain a robust and efficient control environment across the lifecycle to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise. Lead the implementation and oversight of the Cyber Risk standards and governance frameworks, process and procedures, including adaptation of documentation, to ensure relevance to WPB operations, effective risk management and regulatory compliance. Creates an environment which anticipates risk, ensuring action is taken to quantify and mitigate them. . Coordinate with central cyber teams, 2LOD and control owners to ensure that WPB specific requirements and ways of working are integral to adopted Cyber Policies, Processes, and tooling. Implement IT best practices in risk policies and governance frameworks in areas across WPB IT. Management of Risk (Operational Risk / FIM requirements) The Senior Cyber SME will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation. The Senior Cyber SME will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology. This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department. Observation of Internal Controls (Compliance Policy / FIM requirements) Maintains HSBC internal control standards vis- -vis cybersecurity operations, including coordination and resolution planning of internal and external audit points together with any issues raised by external regulators. The Senior Cyber SME will also manage and coordinate the implementation of new internal control and risk -related metrics relating to cyber and secure development practices (KCIs, KRIs, and GRAS). This will be achieved by service line / value stream adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks. Escalation to CIOs and CISO when required for prompt addressing to relevant risk forum, such as WPB IT Cyber Working Groups, RCMMs to mention some examples. Local Job Requirements (This could include; Job Dimensions, Job Context & Major Challenges) Budget & people. This is a cross-functional and Senior Cyber SME role which supports and represents WPB IT interests against central cyber and group IT initiatives. This is achieved though and with the support of a large number of CIO delegates (risk champions), embedded cyber-SMEs, pod leads and ITSOs within WPB IT. It will secure applications leveraging right tools and processes enabled by Cybersecurity. The indirect headcount which will be supported by this role would be more than 150-200 staff. Relationships. Key relationships include ownership of the relationship with Cybersecurity control owners and Heads of Cybersecurity Functions and extends to peers across other Global Businesses, Global Functions and Regions up to MD levels in HSBC, including relationships with auditors, regulators and external security forums. This may also include external relationships with TPEMs and potentially vendors, focusing on security support to the WPB IT. Regulatory & Risk Management. Working closely with WPB IT Value Streams and governance counterparts (such as 2LOD, RR and CCO), build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc) to understand the IT/Information Security risk profile, monitor compliance with policies and standards, and identify and address WPB IT specific requirements. Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Central Cyber Functions and Leadership to represent and ensure WPB IT strategic outcomes and business goals. Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Good understanding of WPB businesses and general understanding of the bank s businesses and differentiating factors between retail, wholesale, and investment banking A fair understanding of laws and regulations with an emphasis on regulations, rules and standards with global or boarder regional impact (e.g. GDPR, PCI DSS, DORA, HIPAA, etc.) Formal education with a post-graduate degree in IT, Information Security, Risk Management, Business Management or other relevant areas 10+ years of experience in Information Security Management and Cybersecurity High level of personal drive and motivation to ensure delivery of a broad range of outputs simultaneously across WPB IT and HSBC Technology Extensive Programme Management experience and analytical skills. Proven ability to articulate complex issues concisely and in simple language to support problem analysis. Strong knowledge of the external environment regulatory, political, competitors etc. Outstanding relationship management, collaboration and influencing skills. Strong attention to detail and business writing skills and to be able to challenge and shape submissions. Outstanding communication and interpersonal skills with the ability to produce clear and concise reports and communications to senior internal and external stakeholders. Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders. Proven abilities in working across cultures. Familiarity with Information Security Control and Risk Frameworks (e.g., NIST, ISO 27001, COBIT, etc.) Strong familiarity with and competence in application security tools in general and with specific focus on security tooling used in secure development (e.g., SAST, DAST, MAST, FOSS), threat modelling and risk management. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Familiarity with security controls around technologies such as cloud, mobile, social, open-banking, etc. Familiarity with OWASP, Cloud, and SANS guidelines on application-security. Experience in supporting Agile and DevOps methodologies. Experience in lifecycle management across the CI/CD pipeline Excellent understanding of banking and security in context of wider industry trends and direction

Qualifications and Skills: Company Secretary (CS) qualifications and Bachelor's degree in Law (LLB - preferable) 10 - 15 years of relevant work experience in a corporate legal or compliance role. In-depth knowledge of Indian corporate and commercial laws, including the Companies Act, SEBI SAST, FEMA, Lodr. Proven experience in handling regulatory compliance, corporate governance, and statutory filings. Excellent communication skills (both written and verbal) and a sharp analytical mindset. Ability to work independently while effectively collaborating with cross-functional teams. Strong proficiency in MS Office (Word, Excel, PowerPoint) and legal research databases. Role & responsibilities Legal Advisory and Compliance Provide in-depth legal advice and support to various departments, including corporate finance, mergers and acquisitions, regulatory compliance, and dispute resolution. Ensure compliance with all applicable laws, regulations, and industry standards, especially relating to RBI, SEBI, and MCA. Draft, review, and negotiate legal documents, such as contracts, agreements, resolutions, and legal opinions. Conduct thorough legal research and analysis of relevant laws, regulations, and case precedents to inform business decisions. Corporate Governance and Regulatory Filings Advise on corporate governance matters, ensuring the company adheres to best practices. Prepare and organize Board and General Meetings, drafting agendas, minutes, and ensuring timely submission of related documents. Manage all regulatory filings with statutory bodies like the Ministry of Corporate Affairs (MCA), Registrar of Companies (ROC), and Reserve Bank of India (RBI). Ensure compliance with corporate governance reports, statutory filings, and secretarial audits. Litigation and External Counsel Management Represent the company in legal proceedings, including arbitration, mediation, and litigation. Manage relationships with external legal counsel, ensuring alignment with company objectives and legal strategies. Stakeholder Collaboration and Process Improvement Work closely with internal and external stakeholders to align on compliance and regulatory goals. Provide guidance on legal matters and governance principles to internal teams and senior management. Identify opportunities for legal and compliance process improvements and implement strategic initiatives for compliance excellence. Statutory and Corporate Law Management Ensure statutory compliance, including conducting audits and adhering to MOA & AOA requirements. Maintain statutory books and prepare key documents, such as the Directors Report and Annual Return, ensuring legal accuracy and compliance. Process Management and Simplification Lead the development and execution of accurate, efficient legal processes aligned with corporate laws. Simplify and enforce legal and compliance policies across the organization, ensuring best practices are consistently followed. Corporate Transactions and Share Management Handle corporate restructuring, incorporation of firms and management of joint ventures. Oversee share issuance, transfers, and allotments, including preferential allotment and dividends. Draft notices, agendas, and resolutions for Board and Committee meetings, ensuring all statutory requirements are met. Reporting and Documentation Prepare search reports, due diligence reports, and statutory reports in a timely manner. Maintain and update statutory books, balance sheets, and profit & loss accounts, ensuring compliance with XBRL reporting requirements. Preferred candidate profile Previous experience handling legal matters for BFSIs or financial institutions is highly desirable. Hands-on experience with regulatory frameworks governing BFSIs, particularly RBI regulations. Familiarity with legal due diligence, mergers and acquisitions, and fundraising transactions is huge plus. Perks and benefits Opportunity to work in a dynamic, high-growth environment. Exposure to a wide range of legal matters, fostering career growth and development opportunities. This job opening is for a listed company with a common promoter.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

Design, develop, and maintain automated and manual test cases with a focus on security. Perform static and dynamic application security testing (SAST/DAST). Identify, document, and track security-related defects and work with engineering teams for remediation. Conduct threat modeling and risk assessments as part of the software development lifecycle. Validate fixes and patches for known vulnerabilities. Assist in integrating security testing tools (e.g., OWASP ZAP, Burp Suite, SonarQube) into CI/CD pipelines. Stay current with security best practices, industry trends, and vulnerability databases (e.g., CVE, NVD). Collaborate with QA, DevSecOps, and security analysts to promote secure development practices. Participate in code reviews and assist in the development of secure coding guidelines.

Serko is a cutting-edge tech platform in global business travel & expense technology. When you join Serko, you become part of a team of passionate travellers and technologists bringing people together, using the world’s leading business travel marketplace. We are proud to be an equal opportunity employer. We embrace the richness of diversity, showing up authentically to create a positive impact. There's an exciting road ahead of us, where travel needs real, impactful change. With offices in New Zealand, Australia, North America, and China, we are thrilled to be expanding our global footprint, landing our new hub in Bengaluru, India. With a rapid growth plan in place for India, we’re hiring people from different backgrounds, experiences, abilities, and perspectives to help us build a world-class team and product. Requirements We are seeking an experienced and highly skilled Senior Security professional to join our fast moving and enthusiastic team at Serko. The ideal candidate will have a strong background in software engineering and DevSecOps, with a focus on integrating security practices throughout the software development lifecycle. This role involves leading security initiatives, managing risk, overseeing security operations, ensuring compliance, and providing detailed reporting to senior management. Serko has an inclusive, engaging and supportive culture and we need a motivated self-starter who can take the initiative without close supervision to deliver optimal security outcomes for the organisation. Someone who is eager to advance their professional career and play a crucial role in delivering effective security solutions, while collaborating closely with a highly skilled software engineering team that operates at pace. What you'll get to do Integrate Security Practices: Lead the integration of security practices into the DevOps lifecycle, ensuring security is embedded throughout the software development process. Collaborate with Teams: Work closely with development and operations teams to identify and mitigate security risks in software applications, infrastructure, and deployment pipelines. Security Automation: Implement and maintain security automation and orchestration tools to streamline security processes and improve overall security posture. Security Risk Management: Identify, assess, and manage security risks across the organisation. Develop and implement risk mitigation strategies and ensure that risk management practices are integrated into all aspects of the development and operations processes. Security Operations: Oversee day-to-day security operations, including monitoring, incident response, and threat intelligence. Develop and implement operational security strategies and assist with operational security management of the environment. Compliance: Ensure compliance with relevant security policies, as well as external regulations and standards, such as PCI-DSS, and SOC2 Reporting: Prepare and present detailed security reports to senior management, highlighting key risks, incidents, and mitigation strategies. Provide regular updates on the security posture of the organization. Security Awareness: Conduct security awareness campaigns and initiatives to educate staff on emerging threats and mitigation strategies. Emerging Technologies: Stay at the forefront of emerging security trends, technologies, and best practices, particularly in Azure security and DevSecOps domains. Security Tools: Evaluate and recommend new security tools, solutions, and technologies that enhance our security posture and streamline security operations. What you'll bring You will contribute through your expertise in: Experience: 5+ years of experience in a senior role focused on Security Operations, Risk Management, and Compliance, preferably within software engineering environments Security Knowledge: A deep understanding of security attack and defence methods. A demonstrable and hands on knowledge of ethical hacking tools and techniques would be highly beneficial. DevSecOps Tools: Proven experience with DevSecOps tools and services such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). Security Operations: Proven experience in managing Microsoft security products and services, including Azure Security Centre, Defender, Azure Active Directory, and Sentinel. Certifications: Relevant certifications such as CISSP or equivalent are preferred. Communication Skills: Excellent communication, presentation, and documentation skills. Team Collaboration: Ability to work collaboratively with cross-functional teams and lead security initiatives. Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Relevant certifications will be considered in lieu of a degree. Benefits At Serko we aim to create a place where people can come and do their best work. This means you’ll be operating in an environment with great tools and support to enable you to perform at the highest level of your abilities, producing high-quality, and delivering innovative and efficient results. Our people are fully engaged, continuously improving, and encouraged to make an impact. Some of the benefits of working at Serko are: A competitive base pay Discretionary incentive plan based on individual and company performance Focus on development: Access to a learning & development platform and opportunity for you to own your career pathways Family medical coverage, Meal coupons, Transport allowances, Mobile & Internet Reimbursement Flexible work policy Apply Hit the ‘apply’ button now, or explore more about what it’s like to work at Serko and all our global opportunities at www.Serko.com .

Who We Are : Sirion is the worlds leading AI-native CLM platform, pioneering the application of generative AI to help enterprises transform the way they store, create, and manage contracts. The platform’s extraction, conversational search, and AI-enhanced negotiation capabilities have revolutionized contracting across enterprise teams – from legal and procurement to sales and finance. The world’s most valuable brands trust Sirion to manage 7M+ contracts worth nearly $800B and relationships with 1M+ suppliers and customers in 100+ languages. Leading analysts such as Gartner, IDC, and Spend Matters have consistently recognized Sirion as a leader in CLM for its focus on category-leading innovation. What You’ll Do : Experienced in application security testing (source code review and application penetration tests) – web, mobile, API’s, Plugin’s. Experienced in performing Threat Modelling. Experience with Cloud and Container Security. Experience with Secure Development and Testing processes and detection. Experience in automating security testing and remediation through scripting using languages like Bash, Python and VBScript. Knowledge of secure coding concepts. Good knowledge of OWASP and current and emerging threats Good experience in Security testing tools like Burp Suite/Acunetix/Metasploit/Kali. Understands Security testing requirements and testing strategy. Knowledge on capturing and diagnosing logs for application errors. Good understanding of the entire project life cycle, QA methodologies and processes. Experience with web application firewall, encryption, networking, web services. Create detailed, comprehensive and well-structured Security test plans and Security test cases. Estimate, prioritize, plan, and coordinate testing activities. Strong, effective interpersonal and communications skills; able to interact professionally with customers and team members. What You’ll Need : Ability to multi-task effectively and work under pressure Relationship and trust-based information security program (not authority-based) Self-driven and initiator Task finisher Commitment to Diversity and Inclusion: We are an equal opportunity employer committed to diversity and inclusion. We do not discriminate based on race, color, gender, religion, national origin, ancestry, age, disability, medical condition, genetic information, military or veteran status, marital status, pregnancy, gender identity, sexual orientation, or any other protected characteristic. We provide reasonable accommodations for disabled employees and applicants as required by law. These principles apply to all aspects of employment, including recruitment, training, promotions, compensation, benefits, transfers, and social programs. Excited about this opportunity? We’d love to hear from you! To apply, simply visit our Careers Page Careers at Sirion page and follow the easy steps to submit your application.

We are keenly looking for a resource with 10+ years of experience who had both technical and managerial experience to execute a lead position from offshore. Primary Skill: Azure DevOps, Jfrog Artifactory, SonarQ, DevSecOps(SAST & DAST), Azure native App Security Secondary Skill: Containerization and Orchestration tools. Shift details: Day shift overlapping with EST (2PM-10:30PM) Technical Leadership & team management at Offshore: • Technical Leadership: Provide guidance to ensure best practices and quality standard are maintained in deliverables. Understand Selective standards and help ensure deliverables meets and adhere to the standards. If standards are missing collaborate with the core team to build standards as needed/required • Team Guidance: Lead and support DevOps engineers to achieve project goals. • Team Management: Lead and coordinate offshore DevOps teams. • Sprint Planning: Assist with offshore sprint planning, estimates, and timelines for the work aligned. • Work Execution: Run stand-ups and manage work execution. • Resource Optimization: Optimize team member capacity utilization. • Risk Management: Identify and mitigate risks aligned to the work • Documentation: Maintain detailed documentation of processes and projects Mature Offshore-Driven Operations and Operational capabilities : • SOP Development: Create standard operating procedures for operational tasks. • Communication: Establish clear channels with DevOps service consumers and stakeholders. • Continuous Improvement: Encourage innovation and automation. • SRE for key DevOps tooling: Build Site Reliability Engineering around DevOps platforms and tools. Build health checks for the key platforms. • Keeping platforms/tooling evergreen. Report/track on tech currency • Improve & automate operational onboarding - drive platform Self service capabilities for our end customer Collaboration and Coordination: • Stakeholder Updates: Provide regular updates to stakeholders. • Team Collaboration: Work with development, QA, and operations teams. • Performance Tracking: Develop and monitor key performance indicators (KPIs).

Senior Advisor - Business Security Location: Thane/Vikhroli 5 days work from office in a MONTH Shift: 1.30 P.M. to 10.30 P.M. The Company: UK based one of the largest MNCs is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. One of the oldest MNCs, has more than 42,000 employees serving more than 142 countries. Business Unit The mission of the Business Information Security team is to be Information and Cyber Security trusted advisors to senior business and technology stakeholders. When they're forming strategy and delivering business change, we aim to help them ensure that their business continues to be secure and compliant in line with our information and cyber security policies and standards. Job Summary As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices. Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organizations information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. This role resides in our Information & Cyber Security (ICS) team within Corporate IT. Roles & Responsibilities Build and maintain effective relationship with technology teams and ICS stakeholders Foster a culture of information and cyber security best practices though awareness and support Stay up to date with the latest application security developments and security trends to continually improve internal processes Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities Work with development teams to improve the secure software development lifecycle Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats Ability to coordinate and execute security testing for applications and cloud environments Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA Demonstrate a good understanding of security regulations and data privacy laws Support the risk identification & exceptions management process Manage and oversee adhoc projects related to maturing information and cyber security controls across the organizationR. Education Qualification: Degree in a relevant Business or Information Technology area Experience Band: 5 - 12 yrs. Technical Skills: Need to have Degree in a relevant Information Technology area preferably with a focus on information security Significant experience in managing and patching vulnerabilities across a host of assets Expert understanding of all aspects of information security principles, policy and its application in business and technology areas Understanding of core cloud security principles Knowledge and experience on supporting information security audits Technical Skills: Nice to have Client focus: ability to engage positively with clients and business stakeholders. Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH) Full JD will be shared on email Best Regards, Uma SW +91 98 22 780 197 uma@starlighthr.com I https://starlighthr.com/

Senior Advisor - Business Security Location: Thane/Vikhroli 5 days work from office in a MONTH Shift: 1.30 P.M. to 10.30 P.M. The Company: UK based one of the largest MNCs is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. One of the oldest MNCs, has more than 42,000 employees serving more than 142 countries. Business Unit The mission of the Business Information Security team is to be Information and Cyber Security trusted advisors to senior business and technology stakeholders. When they're forming strategy and delivering business change, we aim to help them ensure that their business continues to be secure and compliant in line with our information and cyber security policies and standards. Job Summary As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices. Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organizations information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. This role resides in our Information & Cyber Security (ICS) team within Corporate IT. Roles & Responsibilities Build and maintain effective relationship with technology teams and ICS stakeholders Foster a culture of information and cyber security best practices though awareness and support Stay up to date with the latest application security developments and security trends to continually improve internal processes Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities Work with development teams to improve the secure software development lifecycle Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats Ability to coordinate and execute security testing for applications and cloud environments Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA Demonstrate a good understanding of security regulations and data privacy laws Support the risk identification & exceptions management process Manage and oversee adhoc projects related to maturing information and cyber security controls across the organizationR. Education Qualification: Degree in a relevant Business or Information Technology area Experience Band: 2 - 6 yrs. Technical Skills: Need to have Degree in a relevant Information Technology area preferably with a focus on information security Significant experience in managing and patching vulnerabilities across a host of assets Expert understanding of all aspects of information security principles, policy and its application in business and technology areas Understanding of core cloud security principles Knowledge and experience on supporting information security audits Technical Skills: Nice to have Client focus: ability to engage positively with clients and business stakeholders. Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH) Full JD will be shared on email Best Regards, Uma SW +91 98 22 780 197 uma@starlighthr.com I https://starlighthr.com/

Role: Sr. Cybersecurity Engineer(Embedded) Experience: 6 to 8 Years Location: Ahmedabad or Pune Job Description: Good hands on towards design, development & maintenance of secure software solutions for Linux-based systems on embedded and automotive systems also security controls e.g.,(Secure Boot, secure unlock, secure reprogramming, message authentication) Good understanding on configuration of AppArmor profiles to enforce security policies and mitigate risks in Linux environments. Hands on towards development and integration of Trusted Execution Environment (TEE) solutions Good knowledge of development and implementation in Cryptography and Key Management. Experience in working with Client Product teams and collaboration with hardware and software team members. Incorporate secure coding standards and practices in DevSecOps, conduct security assessment and code reviews, enforce Static Application Security Testing (SAST), Open Source SW vulnerability scanning and license analysis to ensure SW security. Collect, generate, maintain and update SW bill of materials and contribute to GIT repositories Participate in PI planning, provide effort estimation to implement security controls and contribute to the Feature Roll Out Plan (FROP). We are inviting applications from candidates who can join 15 to 30 days notice max. For more details please feel free to reach out Ravi @ 6305363701 or you may mail your latest updated resume to: ravindra.m@creenosolutions.com

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Skill required: Tech for Operations - Microsoft ASP.NET Designation: SW/App/Cloud Tech Support Sr Analyst Qualifications: Any Graduation Years of Experience: 5 to 8 years About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security.Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA platform to create dynamic and interactive Web applications using server-side scripting technology. What are we looking for Job SpecificationOverall Skills to manage & work on SQL & .Net technologies while working in collaborative and high-performance team environment.ResponsibilitiesFull Stack .net, MS SQL, LinQ, SQL Stored procedures, SSRSDev experience around 5+ yearsexperience with DAST/SAST vulnerabilities, scans, APIs etc. QualificationsExpertise & understanding in Full stack technologies with 5+years experience.Analytical, problem-solving skills.Strong empathy in understanding client needs/requirements.Communication and presentation skills.Representative behavior, client-facing experience.Strong team player with drive. Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a highly skilled Lead Application Security & Vulnerability Management to take charge of identifying, assessing, and mitigating security risks across applications and IT infrastructure. As a key security leader, you will oversee vulnerability management operations, lead security assessments, and collaborate with cross-functional teams to ensure robust security posture and compliance with industry standards. This role demands expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to protect critical software assets. Roles & Responsibilities:Leadership & StrategyLead vulnerability management operations and security assessments. Develop and implement strategic security initiatives for application protection. Collaborate with leadership to define security roadmaps and policies. Act as a mentor for junior security analysts, fostering skill development.Vulnerability Management & Security OperationsConduct regular vulnerability scans across applications and infrastructure. Analyze security vulnerabilities, assess impact, and prioritize mitigation strategies. Oversee penetration testing and security assessments to identify weaknesses. Provide detailed reports on security findings, risk levels, and remediation efforts. Ensure compliance with industry security frameworks and standards. Develop and maintain security policies, procedures, and playbooks.Application Security & Secure DevelopmentPerform SAST scans to detect vulnerabilities in source code before deployment. Conduct DAST assessments to identify runtime security issues in web applications. Utilize SCA tools to analyze third-party dependencies for known vulnerabilities. Integrate security testing into CI/CD pipelines for proactive protection. Define secure coding guidelines and conduct training for development teams.Incident Management & Vendor CoordinationInvestigate and resolve false positives and critical vulnerabilities in risk management tools. Manage vendor relationships, escalating and resolving security issues efficiently. Generate monthly security reports and dashboards for leadership insights. Qualifications & Skills: Experience:7+ years in Application Security, Vulnerability Management, and Cybersecurity. Education:Bachelors/Masters degree in Computer Science, Information Technology, or Cybersecurity. Certifications:Preferred CISSP, CEH, CompTIA Security+. Technical Expertise:Strong knowledge of network protocols, operating systems, security testing. Leadership & Communication:Excellent problem-solving, analytical, and collaboration skills. Compliance & Frameworks:Deep understanding of ISO 27001, NIST, OWASP, PCI DSS. Professional & Technical Skills: Vulnerability Management:Brinqa, Qualys VMDR, Qualys WAS, Rapid7 InsightVM, NessusApplication Security:Fortify, Snyk, Trufflehog, SnaffpointSecurity Frameworks:OWASP Top 10, NIST, ISO 27001, PCI DSS Additional Information:- The candidate should have minimum 5 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at Bengaluru, Gurgram, Hyderabad, Mumbai, Noida only- A 15 years full time education is required. Qualification 15 years full time education

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where youll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security . Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Strong leadership qualities, plan, monitor and manage activities for self and team. Passion to deliver the promised service. Motivated, self-starter individual with high level of integrity, intensity, and activity with a can-do attitude. Ability to understand Organization objectives and execute them accordingly. Disciplined process-oriented work style and ability to work independently You are a perfect technical fit if: Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).Proficient in reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.).Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.Understanding of product security practices and secure software development life cycles. You Have All Our Desired Qualities, if: Minimum 5+ years of hands-on experience in penetration testing, security research, or related fields. Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems. Experience with reverse engineering (static and dynamic analysis) of software and binaries. Expertise in threat modelling, risk assessment, and security design for software products. Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms. Deep understanding of: Web application and API vulnerabilities (e.g., SQLi, XSS, IDOR) Mobile app security (reverse engineering, instrumentation) Network and infrastructure testing Cloud security misconfigurations and privilege escalation AI/LLM attack vectors (prompt injection, model extraction, data poisoning, etc.) Your everyday work will look like: Lead penetration tests on cloud infrastructures (AWS, Azure, GCP), thick client apps, and enterprise systems. Conduct security research and vulnerability assessments on cloud platforms. Collaborate with product teams and clients to create threat models, identifying risks, vulnerabilities, and attack vectors with clear, actionable insights. Reverse-engineer binaries, software, and applications to uncover vulnerabilities, develop exploits, and improve product security. Assess and advise on security throughout the product lifecycle, from design to deployment, ensuring robust security measures. Develop custom security tools and scripts to improve testing efficiency and address new vulnerabilities. Stay updated on emerging threats, attack techniques, and security trends, sharing insights with the team to maintain cutting-edge expertise. Certifications : Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.Additional certifications or training in cloud security, reverse engineering, or product security are a plus. Soft Skills: Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.Leadership capabilities to mentor and guide junior security consultants and researchers.Ability to work independently and manage multiple projects effectively under tight deadlines. Preferred Qualifications: Experience in developing custom security tools or exploits.Experience with threat hunting or advanced adversarial techniques.Familiarity with advanced attack frameworks like MITRE ATT&CK.

Role & responsibilities • Opensource/ SAST/ DAST/ Pentest - CVE Vulnerabilities remediation Nexus IQ, Snyk, Bright tool experience required. • Server vulnerabilities clean-up based on Tenable scan reports. • Tech risk remediation/ Exemption management • PAM/ DAP clean ups (Access Management related). • Work experience in security tools like Nexus IQ, Snyk, Bright tools and vulnerabilities fixes • Knowledge of Cyber Security, CVE or IT Risk management space • Experience with exemptions and Tech control remediation from start to finish • Experience working with vendor contacts and business partners. Preferred candidate profile: Job Title: Cyber Security and IT Risk Management Analyst Position: Senior Systems Engineer Experience: 7 10 Years Category: Software Development/ Engineering Shift: Rotational shift Main location: Bangalore/Chennai/ Hyderabad Employment Type: Full Time Education Qualification: Bachelors degree in computer science or related field or higher with minimum 3 years of relevant experience.

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

Competencies: Strong knowledge of cloud platform security (AWS, Azure, GCP), including networking, Storage, Compute, IAM, data encryption, Identity management, Access management, AD, SSO, SAML and securing cloud-native services. Experience with security methodologies (e.g., SAST, SCA, DAST, penetration testing) and tools (Veracode, Qualys, Orca, Black Duck) Strong understanding of network security protocols (firewalls, intrusion detection/prevention systems) Experience automating and integrating security workflows using tools such as Terraform, Ansible, CloudFormation, Jenkins, or similar. Strong hands-on experience remediating code-based vulnerabilities and scripting/automating remediation scripts. Hands-on development experience in Java a strong plus. Experience configuring and using SIEM for security monitoring, log analysis, and threat detection. Strong communication and collaboration skills, especially in cross-functional teams. Ability to explain complex security concepts to technical and non-technical stakeholders. Strong analytical and problem-solving skills with the ability to act quickly in high-pressure situations. Leadership abilities to mentor junior engineers and advocate for security best practices. Requirements: Bachelors degree in computer science, Engineering, or a related field. 6+ years of experience in security engineering or a related field, with a focus on cloud security, vulnerability management, and automation. 4+ years of experience with public cloud platforms (AWS strongly preferred) and securing cloud-native and on-prem infrastructures. Minimum of 3 years of hands-on development experience in a common programming language. (Java strongly preferred). Flexibility to occasionally work US Pacific Standard Time (PST) hours as needed. Regards, Kajal Khatri Kajal@beanhr.com

Introduction A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. Youll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities Information and Data are some of the most important organizational assets in todays businesses. As a Security Consultant, you will be a key advisor for IBMs clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the clients organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. The ability to be a team player, Strong communication collaboration Required education Bachelors Degree Preferred education Masters Degree Required technical and professional expertise Application Security, Threat Modelling, Secure Code Review, Penetration Testing, Vulnerability Testing, SAST (Static Application Security Testing), DAST (Dynamic Application security Testing), DevSecOps Implemented Clean Code principles, JUnits Java development, JavaScript, Python, Ruby, C++/C#, Perl etc Must have strong business acumen with ability to work with application development, QA and security teams. A strong understanding of application security frameworks The ability and skill to train other people in procedural and technical topics As a Security Consultant, you will be a key advisor for IBMs clients, analysing business requirements to design and implement the best security solutions for their needs Preferred technical and professional experience Must have a solid understanding of application security code reviews and penetration testing & Experience with enterprise java technologies: Spring, JUnit, Hibernate 4+ years experience in application development and security. Practical understanding and use of commercial application security tools

Role : Company Secretary Department - CS & Legal Qualification - LLB & CS Experience - 8 - 10 Years Work Location - Gurugram (On Site) Preferred candidate - Equity Listed companies/NBFC Role & responsibilities To ensure compliance of the provisions of Companies Law and rules made thereunder; Thorough compliances with Secretarial Standards for Board / General Meetings. Thorough knowledge and experience of Listing and other SEBI related regulations like NCS Regulations, PIT, SAST and ESOP . Issuance and Listing of Non-Convertible Securities including Non-Convertible Debentures, Foreign Exchange Bonds etc. Involved in Fund raising from Banks/Financial Institutions etc . and interaction with finance department for legal documentation. Well versed with NSDL DLT platform and coordination with depositories for updation of documents. Liaising with MCA authorities, group companies, promoters, statutory and secretarial auditors, law firms. Advising on good governance practices and compliance of Corporate Governance norms Conceptualization, drafting and finalization of Annual Report of the Company. Advising Company and subsidiaries on secretarial matters. Liaising with subsidiaries for compiling data. Responsible for drafting, review and vetting of all legal agreements of the organization related to Vendor Overseeing routine Registrar and Transfer activities such as transfer, transmission and issuing duplicate share certificates and handling problematic cases related to investors grievances, agreement, NDAs, Client agreements, lease deeds etc. Assisting in drafting legal contracts and commercial agreements and ensure that contracts follow legal, regulatory, RBI and organizational policies. This list should not be regarded as exhaustive and the position holder will be expected to deliver other duties that are relevant and appropriate to this scope. Preferred candidate profile Should be well versed in handling MS Excel, MS Office, MCA Portal and Stock Exchanges Excellent interpersonal and relationship building problem-solving skills; A team player and self-motivated person. Strong analytical with Liasoning ability with govt. ministerial, legal authorities. Excellent Communication & writing skills 8-10 years of corporate experience Interested candidates can apply on the same or share their updated cv at Pooja.jain@satincreditcare.com