239 Sast Jobs - Page 5

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Static Application Security Testing (SAST) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to assess security risks, implementing security measures, and ensuring compliance with industry standards. You will engage in proactive security assessments and work on developing strategies to mitigate potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to enhance overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Static Application Security Testing (SAST).- Strong understanding of secure coding practices and application security principles.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and remediation.- Knowledge of compliance frameworks and regulations related to information security. Additional Information:- The candidate should have minimum 5 years of experience in Static Application Security Testing (SAST).- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure. Perform threat modeling and security risk assessments. Utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. Primary Skills Experience in cloud native environments Azure,Google cloud platform Experience in working with REST APIs and API security. Good infrastructure security experience and are passionate about reducing security risks in the cloud. Experience with threat modeling, security design reviews, and security architecture. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. Experience with Kubernetes,CI/CD practices to Automate security testing tools like SAST,SCA (Software Composition Analysis).

Role & responsibilities Strong knowledge of web application security testing, API security testing Strong knowledge of Industry standard application security tools Burp Suite, Nmap, Zap proxy Strong knowledge of Industry standard DAST tool (example: NetSparker) Strong knowledge in both static and dynamic assessments for desktop and mobile applications Strong knowledge in manual and automated testing process, focusing on OWASP methodology Strong Knowledge of vulnerability identification and remediation methodology. Knowledge of vulnerability assessments of network and security devices Strong knowledge of open source and commercial tools, proficient in Kali Linux based tools Mandatory skill sets: VAPT, web application security testing, API security testing Preferred candidate profile Preferred skill sets: mobile security testing, DAST, penetration testing

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring a SAST, DAST Work Mode: Hybrid Locations: Bengaluru Experience: 3 -8 Years Notice Period: Immediate to 15 days Description: Roles and Responsibilities: Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications Perform threat modeling, evaluate application business logic, and perform application architecture reviews Ability to demonstrate application testing experience in real time via demos to both internal and external audiences Act independently in penetration testing engagements, with minimal oversight and guidance Act as a technical leader and mentor for junior engineers Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Qualifications: Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Static Application Security Testing (SAST) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day involves collaborating with cross-functional teams to ensure security measures are integrated into the development process, conducting assessments to identify vulnerabilities, and providing recommendations for improvements. You will also engage in discussions to enhance security protocols and contribute to the overall security strategy of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify potential vulnerabilities.- Collaborate with development teams to integrate security best practices into the software development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in Static Application Security Testing (SAST).- Strong understanding of secure coding practices and methodologies.- Experience with security testing tools and frameworks.- Knowledge of application security standards and compliance requirements.- Familiarity with threat modeling and risk assessment techniques. Additional Information:- The candidate should have minimum 3 years of experience in Static Application Security Testing (SAST).- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Key Responsibilities: Perform in-depth penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. Identify, exploit, and document security vulnerabilities across systems and provide remediation recommendations. Simulate sophisticated attacks to test the strength of security controls and identify potential areas of compromise. Collaborate with development, infra, and DevOps teams to integrate security into the development lifecycle and Infrastructure-as-Code (IaC) security. Develop comprehensive security test plans, methodologies, and tools to ensure effective assessment of systems. Create detailed reports that outline vulnerabilities, risks, and recommended mitigations. Perform threat modeling and risk assessments to prioritize testing efforts. Monitor network traffic for threats and respond to security incidents. Ensure security best practices in Cloud environments, security controls for cloud workloads, IAM policies, and network security. Monitor and respond to cloud security incidents using SIEM and cloud-native security tools. Integrate and automate security testing and compliance checks into CI/CD pipelines using tools like SAST, DAST, and IAST . Experience Range: 3 - 5 years Educational Qualifications: -B.Tech/B.E in Computers , -B.Tech/B.E in IT Job Responsibilities: Required Skills & Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field . 2-3 years of experience in cybersecurity with a focus on Penetration testing or Ethical Hacking , Application Security, Cloud Security, and DevSecOps . Experience with security tools such as Burp Suite, Metasploit, Nessus, Wireshark, SonarQube, AWS WAF, Google WAF, Kali Linux, and other vulnerability scanning tools, etc. Knowledge of SIEM , EDR , NIST, CIS, and OWASP security frameworks. Proficiency in scripting (Python, Bash, PowerShell) for security automation. Industry certifications like CEH, Security+, AWS/GCP Security, or any DevSecOps-related certification (preferred but not mandatory). Excellent written and verbal communication skills to effectively report vulnerabilities and collaborate with stakeholders.Qualifications: Bachelors degree in computer science . Skills Required: DevOps , Linux , PHP , Python

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring an Associate Consultant_Penetration Testing_ Web Application Location: Bengaluru Work Mode: Hybrid; 2 days WFO Geography they support: US Shift Time: 12-9 PM Experience: 4 -9 Years Notice Period: Immediate to 15 days Requirements: Web Application Penetration Testing (Mandatory): Candidates must have strong experience in web application penetration testing. While a combination of web and mobile application testing is acceptable, their recent and primary experience should be focused on web applications. CSRF (Cross-Site Request Forgery) Boolean SQL Injection DOM XSS (Cross-Site Scripting) CSV Injection Coding and auditing expertise Mandatory technical & functional skills Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Roles & responsibilities •Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications •Perform threat modeling, evaluate application business logic, and perform application architecture reviews •Ability to demonstrate application testing experience in real time via demos to both internal and external audiences •Act independently in penetration testing engagements, with minimal oversight and guidance •Act as a technical leader and mentor for junior engineers •Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options •Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

6-9 years of software development experience, with 23 years in the automotive domain. Hands-on in SonarQube Administration : Integration with Jenkins, Git, GitLab, Maven, Gradle, Docker, Kubernetes CI/CD pipeline knowledge and DevOps best practices. User & permission management , License/plugin handling . Scripting knowledge: Shell, Python, Groovy . Performance tuning and scalability of SonarQube. Understanding of Linux/Windows servers and PostgreSQL . Expertise in Static Code Analysis , SAST , OWASP security standards. Experience configuring quality gates, rules, and code profiles . Familiarity with supported languages like Java, Kotlin, Python, Android . Role & responsibilities Preferred candidate profile

My profile - linkedin.com/in/yashsharma1608 Walkin on 5th july - banglore Role - SonarQube Admin Experience - 6+ Years Client - MBRDI Location- Bangalore [on-site] Budget - 15L [Max] Job Description: * 6-9 years of software development experience along with 2-3 years of automotive domain experience * Experience in agile development environments. SonarQube Administration: * Proficiency in integrating SonarQube with tools like Jenkins, Git, GitLab, Maven, Gradle, Docker, Kubernetes, etc. * Strong knowledge of CI/CD pipelines and DevOps principles. * User and permission management * License and plugin management * Experience with scripting and automation (e.g., Shell, Python, Groovy). * Monitor and optimize the performance and scalability of the SonarQube setup. * Working knowledge of infrastructure platforms (Linux, Windows) and databases used by SonarQube (e.g., PostgreSQL). * Solid understanding of static code analysis and security scanning concepts (e.g., OWASP, SAST). * Generate and present reports to stakeholders on code quality trends." "* Configuring quality gates, rules, projects * Define and manage quality gates, rules, and profiles for different programming languages. * Familiarity with programming languages like Android, Java, Kotlin, Python etc. supported by SonarQube."

Gist about our company: A leading venture capitalist (VC) in Silicon Valley commented that Evergent is a diamond in the rough. Evergent today manages over 560M+ user accounts in over 180+ countries on behalf of our customers. Globally Evergent is working with 5 of the top 10 carriers (AT&T, Etisalat, SingTel, Telkomsel, and AirTel) and 4 of the top 10 media companies (HBO, FOX, SONY and BBC). We are not surprised by the VC comment. We have done this with an amazing global team of 600+ professionals. Evergent is recognized as the global leader for Customer Lifecycle Management for launching new revenue streams without disturbing the inflexible legacy systems. The need for digital transformation in this subscription economy and our ability to launch services in weeks is what sets Evergent apart. We welcome you to come and meet with us. Job Title: Cloud & IT Security Analyst Location: Hyderabad Job duties include planning and implementing security measures to protect Evergent SaaS systems, Internal networks, and data Platform. Must have experience and be up-to-date on the latest Information Security intelligence, including hackers methodologies, to anticipate security breaches. You will be responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Roles and Responsibilities: Monitor and protect organizational cloud infrastructure and IT systems Conduct security assessments and vulnerability scans Conduct Pen Testing, DAST and SAST Analyze security logs and investigate potential threats Implement and maintain security controls and policies Manage cloud security configurations Respond to and mitigate security incidents Assist with annual Security Audits for PCI-DSS, SSAE18, GDPR and more Respond to Client RFP/RFI as it relates to Evergent Security Protect system by defining access privileges, control structures, and resources Recognize problems by identifying abnormalities; reporting violations Implement security improvements by assessing current situation; evaluating trends anticipating requirements . Required Skills: - Cloud platform knowledge (AWS, Azure, Google Cloud) - Cybersecurity principles Typical Certifications: - CompTIA Security+ - AWS Certified Security - Specialty Qualifications and Education Requirements: BE, B.Tech, M.Tech, MCA, or any Bachelor computer degree Preferred Skills: 4 to 8 years of experience in information technology or security Strong communications skills, both written and oral Organized, responsive and highly thorough problem solver Minimum Certification of Associate’s degree in Computers, Technology or related field Technical Knowledge: UNIX, AIX, Linux, Cisco Network IDS, Cisco Host-based IDS, eTrust Access Control, ESM, and IDS. DES encryption, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, mySQL, subversion, AntiVirus,..

Work Location- Gurugram(Sector-65) Mode- Hybrid Shift Timings- 10 AM IST to 7 PM IST Role & responsibilities Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand. Aligning with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritise, and remediate vulnerabilities in mobile and web applications across YUM! systems. These include e-commerce websites, e-commerce mobile apps, and restaurant operations apps. Leveraging established YUM! security services, review vulnerability scanner reports/results and work with application and/or engineering teams to communicate and address/remediate issues. This includes ensuring adherence to established remediation timelines, including recommending and monitoring remediation activities. Maintain the brands application security scan profiles and scan policies as per baseline standards across scanning tools for containers, SAST, DAST, and crowd sourced pen testing. This will include reviewing findings of security scans and on boarding new applications into scanning tools or services. Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management development standards. Continuously monitor published vulnerabilities for various applications, operating systems, and databases. Based on the publicly disclosed vulnerabilities determine the remediation priority and engage the stakeholders. Review the solution by re-scanning the disclosed vulnerabilities. (Familiar with OWASP Top 10, etc.) Conduct threat modelling exercises to identify potential risks at the design and architecture stages and provide guidance to development teams in secure design and best practices. Coordinate with incident response teams to contain, remediate, and perform root cause analysis on security incidents affecting applications. Preferred candidate profile Qualification and Experience Bachelor's degree and at least 6 years of experience in cyber security and/or software development. Additional years of relevant cyber security or development experience may be considered in lieu of bachelor's degree. Experience with reviewing application cyber security vulnerabilities for risk and relevance as well as in vulnerability mitigation/remediation planning, for identified vulnerabilities Able to successfully communicate with technical personnel and third parties. Knowledge of continuous integration and continuous delivery platforms Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes. Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc) Technical Qualification Knowledge of cloud environment topics including secrets management, infrastructure as code, and server less technologies Knowledge of CI/CD techniques and build/deployment pipeline technologies Knowledge of application scanning tools using both dynamic and static techniques Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments. Knowledge of HTTP communication Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum)

Skill required: Tech for Operations - Security Governance Designation: Security Delivery Associate Manager Qualifications: BE/Master of Engineering Years of Experience: 10 to 14 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA process of establishing and maintaining a security governance framework. Support management structure and processes to provide assurance that information security strategies are aligned with and support business objectives are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, metrics, reporting all in an effort to manage the risk and compliance requirements. What are we looking for Commitment to qualityExperience in research and developmentNegotiation skillsProblem-solving skillsRisk managementThe role demands Indepth knowledge in application security area. Candidate should have hands on experience in SAST, DAST, Penetration testing. DevSecOps and Software composition analysis are other areas where the candidate should have experience in.The role also demands capability of scripting using Python and other related required knowledge of database and networking.Certifications like CISSP, CCSP, CISM, CEH, ECSA etc. will be added advantage. Roles and Responsibilities: In this role you are required to do analysis and solving of moderately complex problems Typically creates new solutions, leveraging and, where needed, adapting existing methods and procedures The person requires understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor or team leads Generally interacts with peers and/or management levels at a client and/or within Accenture The person should require minimal guidance when determining methods and procedures on new assignments Decisions often impact the team in which they reside and occasionally impact other teams Individual would manage medium-small sized teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Qualification BE,Master of Engineering

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional : Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Job Purpose As a Senior DevSecOps Engineer, you will be responsible for integrating security into the development, deployment, and maintenance of our software products, ensuring the highest standards of security and reliability. Key Activities / Outputs • Develop and implement security solutions throughout the software development lifecycle, from design to deployment and maintenance, using methodologies such as STRIDE, DREAD, CVSS, and the OWASP ASVS. • Work closely with developers, IT operations, and security governance and operations teams to ensure security is integrated into all aspects of the development pipeline. • Automate security processes and tools to enable continuous integration, continuous delivery, and continuous monitoring (CI/CD/CM) of applications and infrastructure. • Develop and implement metrics, reporting, and monitoring processes to track the effectiveness of DevSecOps practices, using tools like Dynatrace, ELK, Splunk, AWS CloudWatch and Sonatype Examples of metrics include vulnerability remediation times, security incidents, and code review coverage. • Establish a governance, review, and continuous improvement process for DevSecOps practices, ensuring alignment with organizational goals and industry best practices. • Perform risk assessments and threat modelling to identify potential vulnerabilities and provide recommendations for mitigation strategies. • Develop and enforce security policies and guidelines for application and infrastructure development, based on industry best practices and standards such as OWASP Top Ten, CWE/SANS Top 25, NIST SP 800-53, and OWASP ASVS. • Train and mentor developers in secure coding practices, emphasizing areas such as input validation, output encoding, and least privilege principles, as well as conducting regular security awareness sessions. • Conduct regular security audits, vulnerability assessments, and penetration tests to identify and remediate potential threats. • Stay current with industry trends, emerging threats, and best practices in DevSecOps to continuously improve our security posture. • Develop and maintain documentation related to security practices, policies, and procedures. Technical Skills or Knowledge Strong understanding of software development processes, CI/CD principles, and Agile methodologies, Expertise in various security frameworks, tools, and technologies such as OWASP, SAST, DAST, IAST, RASP, and familiarity with toolsets such as SonarQube, Veracode, Checkmarx, and Fortify, Proficient in scripting languages such as Python, Ruby, or Shell, Experience with containerization and orchestration technologies, such as Docker and Kubernetes, Familiarity with cloud platforms (AWS, Azure, GCP) and their respective security services and tools, Knowledge of networking protocols, firewalls, intrusion detection systems, and encryption technologies, Strong analytical, problem-solving, and communication skills, Software Development: This includes proficiency in programming languages such as Python, Java, JavaScript, or C#, as well as familiarity with software development methodologies like Agile or DevOps, Security Knowledge: They should be familiar with security frameworks such as OWASP (Open Web Application Security Project) and have experience in implementing security controls and practices within software development processes, DevOps Practices: This includes experience with continuous integration and continuous deployment (CI/CD) pipelines, configuration management tools like Ansible or Chef, containerization technologies such as Docker or Kubernetes, and infrastructure-as-code (IaC) tools like Terraform or CloudFormation, Security Tools and Technologies: This may include vulnerability scanning tools like Nessus or Qualys, security testing frameworks such as Burp Suite or ZAP, security information and event management (SIEM) tools like Splunk or ELK stack, and other relevant security tools, Cloud Computing: Experience with cloud security best practices, configuring and securing cloud resources, and managing cloud-based deployments is highly valuable Preferred Technical Skills (Would be advantageous) This position is a hybrid role based in Hyderabad which requires you to be in the office on a Tuesday, Wednesday and Thursday.

Role & responsibilities Project Management: Lead and manage multiple projects from inception to completion, ensuring timely delivery, budget adherence, and quality standards. Develop project plans, timelines, and resource allocation strategies. Coordinate with cross-functional teams including marketing, IT, and customer service to ensure seamless project execution. Technical Expertise: Work on .NET or JAVA-based applications, providing technical guidance and support. Implement and manage DevSecOps practices, integrating security into the CI/CD pipeline. Conduct security assessments, vulnerability scanning, and penetration testing. Develop and maintain security policies, procedures, and standards. Application Security: Monitor and respond to security incidents, conducting incident investigations and providing remediation plans. Implement and manage security tools and technologies such as DAST, SAST, and container security. Collaborate with development teams to ensure secure coding practices and perform code reviews.

Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH.

Dear Candidate, We are hiring a Software Security Engineer to secure applications throughout the software development lifecycle. Ideal for developers with a strong grasp of secure coding and threat modeling. Key Responsibilities: Identify and remediate application-level vulnerabilities Conduct code reviews, static/dynamic analysis, and fuzz testing Collaborate with developers on secure architecture and coding practices Develop security tools, libraries, and automated scans in CI/CD pipelines Required Skills & Qualifications: Experience with secure coding in Java, Python, C/C++, or JavaScript Familiarity with OWASP Top 10, SAST/DAST tools (e.g., SonarQube, Veracode) Understanding of authentication, authorization, and secure APIs Bonus: Knowledge of bug bounty platforms or offensive security techniques Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Dear Candidate, We are hiring a Cloud Security Specialist to secure cloud infrastructure and applications across AWS, Azure, or GCP. Ideal for professionals skilled in cloud-native security controls and monitoring. Key Responsibilities: Implement cloud security policies, IAM, and encryption Monitor cloud environments for threats and misconfigurations Conduct security assessments and remediation Collaborate with DevOps and compliance teams on secure deployments Required Skills & Qualifications: Experience with AWS, Azure, or GCP security services (e.g., GuardDuty, Security Center) Knowledge of network security, IAM, and cloud audit logs Familiarity with DevSecOps practices and IaC security scanning Bonus: Certifications like AWS Security Specialty, CCSP, or AZ-500 Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing). NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at?www.netspi.com/careers.. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.. Responsibilities. Conduct in-depth penetration testing and secure code review assessments on web applications. Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities. Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Train and assist developers in writing secure software and remediating existing vulnerabilities. Provide oversight to peers on service lines through QA process. Mentor and assist team members in effectively delivering assessments and enhancing skillsets. Present detailed penetration test findings to clients and assist in remediation planning. Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques. Contribute to the cybersecurity community through tools, presentations, white papers, and blogging. Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.). Minimum Qualifications. Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing. Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred. Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code. Ability to explain risk and business impact of security vulnerabilities to variety of audience. Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.. Preferred Qualifications. Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++. Experience in software development in at least one server-side programming language. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.. Show more Show less

What You'll Do. Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.. You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.. You will report to security leadership at Avalara. This is a remote position.. Job Responsibilities. What Your Responsibilities Will Be. You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.. Promote security by design across the organization, and help foster a security-first culture.. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.. What You’ll Need To Be Successful. Required Qualifications. 8+ years of experience in application security, secure software development, or security engineering.. Strong programming proficiency in Python and GoLang (hands-on).. Experience with secure SDLC practices and CI/CD pipeline integration.. Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.. Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.. Familiarity with Git, modern source control practices, and agile development methodologies.. Experience working with a broad range of security tools, including:. Tenable, Wiz (Cloud Security Posture Management). Checkmarx, Mend (SAST, SCA). Acunetix, Burp Suite (DAST). CrowdStrike (EDR/XDR). Bachelor's Degree in Computer Science, Engineering, or a related field.. Proven experience contributing to security automation efforts within a security organization like Avalara Security.. Experience with AI/ML tools and frameworks applied to application security or behavior analytics.. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.. Passion for enabling developer-friendly security solutions and maximum automation.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable. Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity. We are seeking an experienced Security Engineer with a strong background in DevOps, DevSecOps, and cloud infrastructure management. The ideal candidate will have hands-on expertise in AWS, GCP, Azure, and microservices architecture, combined with a deep understanding of security principles and best practices. You will be responsible for implementing and securing cloud-based environments, deploying infrastructure with automation tools, and ensuring that security is embedded throughout the development lifecycle. What youll be doing: Cloud Infrastructure & Security Architect and secure highly available, scalable, and fault-tolerant systems across AWS, GCP, and Azure environments. Design and implement cloud security solutions, focusing on compute, network, storage, content delivery, administration, and security. Implement security controls for Kubernetes clusters, containerized applications, and cloud-native services. DevOps & Automation: Leverage automation technologies (Ansible, Chef, Puppet, Jenkins, Docker) to manage infrastructure and deployment pipelines. Develop, deploy, and maintain infrastructure-as-code solutions with tools such as CloudFormation, Terraform, and AWS/GCP/Azure CLI. Enable CI/CD pipelines for secure application delivery while ensuring security is integrated into the build and deployment processes. Programming & Application Security: Implement and secure microservices architecture using tools such as AWS Lambda, Docker, Kubernetes, and serverless technologies. Develop and maintain secure, scalable applications using programming languages such as C++, C#, Java, and Python. Monitoring & Threat Detection: Continuously monitor cloud environments to identify and mitigate security threats and vulnerabilities. Conduct risk assessments and threat modeling for cloud applications and infrastructure. Use monitoring tools (e.g., AWS CloudWatch, GCP Stackdriver, Azure Monitor) to detect and respond to potential security incidents. Collaboration & Reporting: Collaborate with cross-functional teams including business leaders, engineers, and other security professionals to design and implement security solutions. Communicate security risks, mitigations, and incident reports to both technical and non-technical stakeholders. Produce detailed documentation of security policies, procedures, and technical implementations. Who you are: 3+ years of IT experience with a strong focus on DevOps, DevSecOps, and cloud security engineering. Strong hands-on experience with cloud platforms such as AWS, GCP, and Azure, and familiarity with their foundational services (e.g., EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, etc.). Strong experience in Kubernetes security controls is a must. CKA/ CKAD/ CKS preferred. In-depth knowledge of Kubernetes, microservices, container orchestration, and security controls. Experience designing, deploying, and securing cloud-native applications with a focus on scalability, high availability, and load balancing. CISSP (Certified Information Systems Security Professional) or equivalent industry-recognized security certifications. Or AWS Associate or higher certifications (e.g., AWS Certified Solutions Architect Associate). Or equivalent certifications would work Technical Skills : Expertise in implementing security best practices in cloud environments and DevOps pipelines. Familiarity with container security tools and methodologies. Strong analytical, troubleshooting, and problem-solving skills with the ability to quickly identify and address security threats. Excellent verbal and written communication skills to effectively engage with stakeholders at all levels. Strong teamwork orientation, collaborating with multidisciplinary teams to achieve organizational goals. Additional Requirements: Ability to work in a fast-paced environment and manage multiple tasks concurrently. A proactive approach to learning new technologies and staying up-to-date with industry trends in cloud security. FourKites is the #1 supply chain visibility platform in the world, extending visibility beyond transportation into yards, warehouses, stores and beyond. Tracking more than 2.5 million shipments daily across road, rail, ocean, air, parcel and courier, and reaching over 185 countries, FourKites combines real-time data and powerful machine learning to help companies digitize their end-to-end supply chains. More than 1,000 of the worlds most recognized brands including 9 of the top-10 CPG and 18 of the top-20 food and beverage companies trust FourKites to transform their business and create more agile, efficient and sustainable supply chains. Benefits Medical benefits start on the first day of employment 36 PTO days (Sick, Casual and Earned), five recharge days, two volunteer days Home Office setups and Technology reimbursement Lifestyle & Family benefits Ongoing learning & development opportunities (Professional development program, Toast Master club, etc.)

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note: - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OSBurp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications(if required) CSSLP/CEH or equivalent certification preferred Skills Referential BehaviouralSkills(Please select up to 4 skills) Transversal Skills: (Please select up to 5 skills)Education Level:Bachelor Degree or equivalentExperience LevelAt Least 3 years

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years

OPENTEXT OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. Your Impact: Fortify is the industry-leading provider of Application Security solutions that empower organizations to develop secure software. Fortify offers a comprehensive portfolio of application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Over 80% of security breaches exploit application vulnerabilities, and at Fortify, you will be at the forefront of one of the fastest-growing segments in the security market. Fortify is ranked market leader in Application Security by Gartner. What the roles offer: You drive the expansion of Fortify Aviator by creating more test cases for Fortify Aviator. A test case for Fortify Aviator is a Fortify SAST scan result, with added knowledge of whether this result is a true or false positive, why that is, and what should be done to remediate it. Fortify Scan results may be provided directly from the testing process. In other cases, youll scout for open-source code and scan this with Fortify. Regardless, you will need to do the auditing of the results. In those cases where relevant test code cant be found in the wild, youll need to write small test cases yourself (synthetic code) in a wide variety of languages. Youll work with the Fortify Aviator prompt engineers and help them to make Fortify Aviator predict your test cases correctly. Youll also work with product management, tool engineers, and Fortify SAST researchers. What you need to succeed: Bachelor's or Masters degree in computer science, Information Systems, or equivalent. At least 8+ years of experience in software development as a Security Champion Youre an expert in application security ( OWASP Top-10, CWE, secure coding practices, etc.) . Youve previously worked as a security champion, security auditor, or penetration tester. You have experience with at least one SAST tool, and dealing with false positives coming from such a tool. You know at least one programming language well. With Fortify supporting 33+ programming languages, its even more important that you are willing and able to learn the essentials of any programming language in an on-demand way. Strong communication and analytical skills Work independently, and deliver on expectations Data science or AI experience is desirable. Python experience is desirable.

1. Experience in the following process areas: Secure SDLC Methodologies for Waterfall/ Agile software development (Mandatory) Should be well-versed with Security best practices like OWASP and NIST guidelines (Mandatory) Ability to perform security review of microservices architecture, API Security (Mandatory) Hands on experience on Source Code reviews - SAST solution (Mandatory) Hands on experience on Dynamic Application Security Testing - DAST (Mandatory) Hands on experience in Software Composition Analysis - SCA (Mandatory) Hands on experience in performing Tech Stack Review -(Mandatory) Comfortable working in an environment that practices Agile development, engaging Product Owner and other stakeholders Good knowledge of Cloud platform/VMware Ability to identify vulnerabilities & threat actors in the application cycle and communicate effectively to the stake holders. Threat Modelling PASTA ,STRIDE etc (Good to Have) 2. Possesses ability to quickly understand the technical and functional aspects of the project to be able to communicate effectively with different stakeholders. 3. Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. 4. Ability to work effectively in a fast-paced, project-oriented environment 5. Ability to prioritize and execute tasks 6. Ability to handle sensitive and confidential information Strong analytical and problem-solving skills