751 Sast Jobs - Page 22

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabil...

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings...

Required Skills & Experience: 6+ years of experience in DevSecOps, DevOps, or security engineering. Strong hands-on expertise with SAST tools (e.g., SonarQube, Fortify, Checkmarx). Deep knowledge of DAST tools (e.g., OWASP ZAP, Burp Suite, AppSpider). Experience with CI/CD tools : Jenkins, GitLab CI, Azure DevOps, GitHub Actions, etc. Proficient in container security (e.g., Docker, Kubernetes, image scanning). Experience of infrastructure as code (Terraform, Ansible, etc.) and secure cloud deployment. Experience with cloud security (AWS, Azure, or GCP). Strong scripting and automation skills (Python, Bash, etc.). Solid understanding of secure SDLC and OWASP Top 10

Software development support for Windows App Store and automated installation tooling. Responsibilities include creation and maintenance of automation policies for application deployments. Required education Bachelor's Degree Required technical and professional expertise 5+ years of experience in software development. 3+ years of working experience with JAVA/Python/JavaScript/C++ Knowledge with SQL Database implementations Knowledge of SAST/DAST/IAST vulnerability scanning tools such as Mend, SonarQube, Contrast, etc. Preferred technical and professional experience Experience in cloud technologies. Good Communication skills.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModellingAbi...

Role & responsibilities Title: OpenShift Engineer Location: Work location: Gurgaon (Building 5), Bengaluru (Rome North, Bagmane Park) Shift timing: 16*7 support from India, 2 shift (Mon: 7AM to 4PM, Eve: 1:30 PM to 10:30 PM) Vendor Rate range - 1500 - 1700 / hr Seeking for an OpenShift Engineer (Bold are mandatory skills with hands-on experience): Mandatory Skills - Red Hat OpenShift (Hands-on experience MUST) , Jenkins, GitHub Actions with demonstrated skills in creating CI/CD pipelines, Kubernetes, Docker, Helm, Open Shift, EKS experience, security scanning & DevSec Ops SAST, DAST, SCA tools (Snyk, Sonatype, GitLab, Mend & etc.), Linux, Automation, scripting (ansible, bash, groovy), OpenSh...

You will be responsible for conducting application security reviews for Web, Mobile (Android and iOS), and API technologies. Your role will involve assessing and identifying potential vulnerabilities in the technology being developed before implementation. You should have expertise in application security testing methodologies such as SAST, DAST, and MAST, with experience in web application, API security, and mobile application security testing according to industry standards like OWASP top 10, SANS top 25, etc. It would be beneficial to have knowledge of programming and scripting languages such as Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift. Familiarity with tools like Burp Su...

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will includ...

Primary Skill Roles and responsibilities Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure at IKEA. You will partner with and support the IKEA engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud envi...

Job Description As an Application Security Engineer, you will play a critical role in safeguarding the security of our software products and development lifecycle. This role focuses on managing and optimizing code scanning tools, identifying vulnerabilities, and ensuring secure coding practices are embedded into every stage of software development. You will collaborate with engineering teams to provide actionable security guidance, design metrics to measure security effectiveness, and create strategies to continuously improve application security. By integrating cutting-edge tools and techniques, you will ensure that our applications meet the highest standards of security and resilience, ult...

Responsibilities : Conduct security assessments for web, Android, and iOS applications. Identify and remediate vulnerabilities across the platform such java and java script Promote a security-first culture and drive security integration in the SDLC. Maintain and update security policies, standards, and procedures. Support ISMS design, implementation, and maintenance. Assist with ISO 27001 and PCI DSS certification and audits. Manage third-party risk programs, including vendor assessments and ongoing monitoring. Maintain vendor risk register and track remediation actions. Collaborate with internal teams to prepare for audits and ensure compliance. Adapt to new technologies, languages, and fra...

Responsible for implementing the product build requirements & creating the installers Design and implement secure CI/CD pipelines that incorporate security checks at every stage, from code commit to deployment. Automate repetitive security tasks Required Candidate profile Demonstrable experience building and maintaining secure CI/CD pipelines. Knowledge of common security vulnerabilities, attack vectors, and mitigation techniques. Proficiency in Python/Shell

Note : 6 months contract with Vlink based on performance contract can be extended Roles & responsibilities Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, O...

About The Role Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will u...

Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an ena...

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local ma...

As a DevOps/SRE Engineer at Optum, a global organization dedicated to improving health outcomes through technology, your role will be pivotal in building and maintaining the cloud infrastructure to ensure reliability, scalability, and security of applications and services. You will work collaboratively with cross-functional teams to implement and automate CI/CD pipelines, manage cloud resources, and enhance development and deployment processes. Your responsibilities will include designing, implementing, and maintaining CI/CD pipelines using tools like Azure DevOps, Jenkins, and Git. Automating infrastructure provisioning and management through Ansible, Terraform, and Azure Cloud Native servi...

As a Company Secretary within our organization, you will be responsible for various critical tasks to ensure seamless compliance and governance. Your role will encompass drafting agendas and minutes for board, committee, and general meetings. Additionally, you will play a key role in the preparation of the annual report, coordinating with other departments, and organizing virtual AGMs for our listed company. Your primary responsibilities will include managing LODR, SAST, and PIT related time and event-based compliances. This will involve filing board meeting intimations, TW closure intimations, investor call intimations, and quarterly and annual compliances. You will also handle ROC forms fi...

Key Responsibilities: Hands on knowledge of Security testing methodologies like OWASP Top 10 SANS 25 etc Ability to perform automated and manual hands on penetration security testing e g DAST SAST and SCA identifying security risks within applications cloud infrastructure security controls and Network systems Experience with penetration testing tools e g Burp Extensive knowledge of attack payloads for discovering security vulnerabilities Plan execute and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web Thin and Thick Client Mobile and APIs Should have good and effective ...

Experience - 2-4 years Location - Bengaluru/Hyderabad Position Summary We are hiring a Security Analyst to support an enterprise-level initiative focused on identifying, triaging, and remediating exposed secrets across GitHub Enterprise code repositories. This role is part of a multi-location, cross-functional team delivering a secrets burndown strategy for one of the world's leading enterprise IT organizations. As a Security Analyst, you will play a key role in reviewing exposed credentials and other secrets detected in source control systems. You will help categorize findings, initiate remediation workflows, track resolution progress, and collaborate with both local and U.S.-based engineer...

Role Overview The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively. Key Responsibilities 1. SAST & SCA Strategy and Implementation Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications. Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, B...

Strong knowledge of ASP.NET Web Forms, Windows services, C# SQL Server 2008.Hands-on experience Azure DevOps, CICDworking with DevOps Net Framework 4.x and aboveWebAPI, WCF, Microsoft reporting tool (RDL) SSRSIIS SQL designDevSecOps tests: SAST, DAST

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards.Themanageroftheapplicationsecurityprogramwillberesponsible for - 1. To Integratesecuritytools,standards,andprocessesintothe productlifecycle(PLC). 2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatele velofsecurityknowledgetoperformtheir dailyactivities. 3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanal ysisandruntimetestingtools and securedevelopmentstandards. 4. Conduct and...

Job Role : DevOps Engineer Year Of Experience- 23 Years Location: Ghansoli Education: BE/ B.Tech Overview : Looking for a motivated and skilled DevSecOps Engineer with 23 years of hands-on experience in implementing DevSecOps practices, CI/CD pipelines, and integrating security into the development lifecycle. The ideal candidate will have working knowledge of Kubernetes (K8S), cloud platforms like GKE and AKS, and build/deployment automation tools including Azure DevOps and Jenkins. Experience with security scanning tools (SAST, DAST, Fortify, SonarQube) and scripting knowledge in Groovy, ANT, and JavaScript is essential. Job Role: Design, implement, and maintain secure and scalable CI/CD pi...

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite...