163 Sast Jobs - Page 5

Job ID/Reference Code INFSYS-NAUKRI-210551 Work Experience 3-6 Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Job ID/Reference Code INFSYS-NAUKRI-210555 Work Experience 5-9 Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Why you'll LOVE Sagent: You could work anywhere. We know you are talented and looking for something inspiring and impactful; a place where you will make a difference and have a great time doing it! By choosing Sagent, you can be part of our mission to make loans and homeownership simpler and safer for all consumers. Sagent powers servicers and consumers. You power Sagent! About the Opportunity: Sagent is seeking an Experienced AppSec SR Engineer to join a growing information security team responsible for securing next-generation, cloud-native financial technology systems, used by some of the largest mortgage lenders and loan servicers in the Chennai India. As our Senior Application Security Engineer, you will be responsible for owning Sagents application security program. This role will entail delivering application security standards and solutions, driving engineering teams to evolve towards a DevSecOps model, building security automation wherever possible, and serving as formidable force for the secure by default vision across the enterprise. This role will have abundant opportunities to challenge the status-quo and work with cutting-edge technologies, tools, and platforms across all 3 major cloud providers (Azure, GCP, AWS). What your day-to-day will look like: Develop and update application security standards, secure coding principles, and threat modeling processes. Maintaining CI/CD integrated application security solutions, web application firewall technologies, and related Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance. Integrate and mature application security testing and controls into different phases of teams development lifecycles. Coordinate application security program metrics and reporting. Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system. Develop application security training methods and mentoring of security champions. Partner with third party vendors to deliver software security tools and services. Coordinate and partner with third party offensive security (manual pen test) engagements. Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design. Partner closely on security operations tasks with cross-functional teammates in Information Security, IT, DevOps, Engineering, and Quality Assurance. Engage with product owners, project managers and developers to integrate security best practices into product design. Working Model : 16/5. We'd love to hear from you if you have: Extensive combined hands-on experience in application security and software development. Experience building, deploying, and maturing CI/CD integrated application security tools. Solid understanding of web-based application technologies, web services/APIs, web-based authentication/single sign-on protocol and technologies. Deep experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling. Ability to read and understand code at a high-level across most common programming languages, with any C#, Java, Javascript and NodeJS experience a plus. Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies. Fundamental understanding of major cloud providers (Azure, GCP, AWS). Strong knowledge of software security risks and threats (OWASP top 10). Familiarity with secure by design and “shift left” security principles. Strong understanding of development methodologies, particularly Agile and DevOps. Able to explain impact of vulnerabilities and mitigating strategies to both technical and non-technical stakeholders. Capable taking ownership of the application security function, ability to work independently with minimal guidance and act as coach to other team members as necessary. Strong communication & interpersonal skills, and experience working cross-functionally with various teams--this will be critical to success in this role. Perks! As a Sagent Associate, you will be eligible to participate in our benefit programs beginning on Day #1! We offer a comprehensive package including Hybrid workplace options, Group Medial Coverage, Group Personal Accidental, Group Term Life Insurance Benefits, Flexible Time Off, Food@Work, Career Pathing and much, much more!

Roles and Responsibilities : Lead the development of SAST (Static Application Security Testing) tools and frameworks to identify vulnerabilities in software applications. Collaborate with cross-functional teams to integrate DAST (Dynamic Application Security Testing) into the CI/CD pipeline, ensuring seamless integration with existing processes. Develop and maintain relationships with vendors to stay up-to-date on emerging trends and best practices in application security testing. Provide expert guidance on secure coding standards, OWASP guidelines, and industry regulations to ensure compliance across all projects. Job Requirements : 13-20 years of experience in IT Services & Consulting industry. Strong understanding of DAST, SAST, VAPT technologies and their applications. Experience working with various programming languages such as Java, Python, C++, etc.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of four (4) years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 4+ years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Job Summary This role involves collaborating with different teams to develop and maintain secure cloud architectures in line with best practices. It includes setting up continuous asset monitoring, administering security controls across cloud infrastructure, and implementing secure practices in development lifecycle and containerization platforms. The role also requires developing automated security tools for integration into the CI/CD pipeline, conducting regular security testing and vulnerability scanning, and assessing data flows for potential security risks. Furthermore, the role involves providing guidance to other teams, managing vulnerability resolution, and participating in incident response efforts. Understanding of secure software development practices and DevSecOps methodologies. Job Requirements Experience in security engineering and DevSecOps. Lead and oversee all aspects of the Secure Software Development Lifecycle. Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices. Conduct threat modeling, design, and architectural reviews to identify potential risks. Support third-party penetration testing by analyzing vulnerabilities and assessing their potential impact and exploitability. Possess a foundational understanding of web application security. Demonstrate strong knowledge of cloud computing platforms like AWS, Azure, GCP and their associated security services and features. Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas. Understand runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle. Knowledgeable in Kubernetes and the implementation of best practices. Proven expertise in using Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices. Handle vulnerability management for images. Adaptable and capable of exploring various products with a wide range of tools and pipelines. Familiarity with CI/CD tools such as GitHub Actions, Jenkins or TeamCity. Stay informed about emerging security threats and technologies, offering recommendations for security enhancements. Experience in automating security controls. Understanding of networking and communication protocols like TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP. Proficiency in scripting or programming languages like Python, Gol, Ruby for security automation and integration. Education Required 4 years of experience in the security domain. Bachelor's degree in computer science, Information Security, or a related field.

Role: AWS DevOps Architect Lead Exp.: 15+ years Job Description: Overall, 15+ years of experience with 5 years of hands-on experience in deployment automation using IaC, Configuration management, Orchestration, Containerization, and running a complete CI/CD pipeline on both cloud and on-prem. Thorough understanding and hands-on skills in the below Infrastructure as Code: Terraform, AWS CloudFormation, Puppet. Source control: GitLab, GitHub. CI/CD: Jenkins, GitLab CICD. Containerization/Orchestration: Kubernetes, AWS ECS, AWS EKS, Docker. CDN: Akamai, AWS CloudFront. Monitoring: AWS Cloud watch, New Relic. Security: AWS Code Guru, Guard Duty, Security Hub, Snyk, Veracode, Rapid7. Programming/Scripting: Python, Shell scripting Good understanding of networking, security rules, firewalls, WAF, API gateways, and auto-scaling principles. Hands on experience using AWS (VPC, Subnets, ALB/NLB, RDS, ECS, SQS, Cognito, Lambda, Memcached ) is required. Understanding of Programming concepts and best practices is required. Experience dealing with production incidents in multi-tier application environment is required. Experience managing production workloads with Site Reliability Engineering best practices. Good understanding of various deployment strategies (Rolling updates, Blue/Green, Canary) Strong exposure on DevSecOps testing methods SAST, DAST, SCA is preferred.

DevSec Ops Engineer (Hardware Embedded) - J48812 About the Role : We are seeking a highly skilled DevSecOps Engineer with experience in embedded hardware systems. The ideal candidate will play a pivotal role in integrating security practices into the development and operations of embedded hardware systems, ensuring the design, implementation, and deployment processes follow the best practices in terms of security, performance, and reliability. As a DevSecOps Engineer, you will work closely with software, hardware, and security teams to automate security controls, continuously assess vulnerabilities, and create a seamless environment for embedded system development. Key Responsibilities: 1. Security & Compliance Strong knowledge of security best practices in hardware and embedded systems. Experience with firmware security, secure boot, and TPM (Trusted Platform Module). Proficiency in threat modelling and risk assessment for hardware-based environments. Understanding of Zero Trust Architecture (ZTA) and network segmentation for IoT and embedded systems. Experience with secure coding practices for low-level programming (C/C++, Rust). Knowledge of security frameworks such as NIST, ISO 27001, CIS Benchmarks, and OWASP Firmware Security. Experience with HSM (Hardware Security Modules), cryptographic libraries (OpenSSL, BoringSSL), and secure key management. 2. Infrastructure & Automation Strong experience with Infrastructure as Code (IaC) tools like Terraform, Ansible, and CloudFormation. Hands-on experience with CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, ArgoCD) for firmware and embedded software releases. Knowledge of automated security testing tools (e.g., SAST, DAST, fuzzing tools for firmware). Experience with container security (Docker security, Kubernetes security best practices). Proficiency in log management & SIEM (Splunk, ELK Stack, Graylog). 3. Hardware & Embedded Systems Security Understanding of hardware attack vectors (e.g., side-channel attacks, JTAG debugging vulnerabilities, bootloader exploits). Experience with reverse engineering hardware and firmware analysis using tools like Ghidra, IDA Pro, or Radare2. Knowledge of secure firmware development (e.g., Yocto, Buildroot, UEFI security). Familiarity with embedded OS security (e.g., Linux, RTOS, QNX, FreeRTOS). Hands-on experience with chipset security (ARM TrustZone, Intel SGX, AMD SEV). 4. Networking & Cloud Security Strong understanding of network protocols (TCP/IP, MQTT, CoAP) and their security implications for embedded devices. Experience with VPNs, TLS, and IPSec for securing hardware communications. Knowledge of cloud security for IoT platforms (AWS IoT, Azure IoT Hub, Google IoT Core). Familiarity with IoT security frameworks (e.g., ETSI EN 303 645, IoT Security Foundation). 5. Monitoring, Incident Response & Forensics Experience with SIEM tools for real-time threat detection in hardware environments. Knowledge of endpoint detection and response (EDR) solutions for embedded devices. Familiarity with memory forensics and firmware anomaly detection. Experience conducting post-mortem security analysis after breaches in IoT/hardware products. 6. Programming & Scripting Proficiency in scripting for automation and security hardening (Python, Bash, PowerShell). Strong knowledge of C/C++ and Rust for firmware security audits and patching vulnerabilities. Experience with kernel debugging tools (GDB, LLDB) and debugging secure boot issues. 7. Compliance & Regulatory Knowledge Familiarity with hardware security standards (e.g., FIPS 140-2/140-3, Common Criteria, TCG standards). Experience with GDPR, HIPAA, and CCPA compliance for data security in embedded systems. Understanding of safety-critical certifications (e.g., ISO 26262 for automotive, IEC 62443 for industrial IoT). Required Candidate profile Candidate Experience Should Be : 3 To 6 Candidate Degree Should Be : BE-Comp/IT,BEd

Hiring: Principal Cybersecurity Engineer Medical Devices | Pune, India Looking for an experienced Cybersecurity Engineer (P5 level) with 10-15 years in medical device cybersecurity . Ideal candidates will have expertise in: Secure architecture design & implementation Threat modeling, risk assessment & penetration testing Compliance with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 Secure coding & vulnerability management Strong cross-functional collaboration Location: Pune (Gurgaon profiles can be considered) Core Cybersecurity Expertise: Secure Architecture & Design Experience in designing security controls for connected medical devices. Threat Modeling & Risk Assessment – Identifying vulnerabilities and mitigating risks in medical device environments. Penetration Testing & Vulnerability Management – Hands-on experience with security testing tools and techniques. Secure Coding Practices – Strong knowledge of software security and secure development methodologies. Regulatory Compliance & Standards – Familiarity with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 , and other medical device cybersecurity regulations. Technical & Soft Skills: Cryptography, Authentication & Data Protection – Deep understanding of encryption, access controls, and data security. Network Security – Securing communication channels and mitigating network threats. Cross-functional Collaboration – Working with R&D, regulatory, quality assurance, and clinical teams. Mentoring & Leadership – Guiding junior engineers and shaping cybersecurity strategies. Preferred (But Not Mandatory): Certifications: CISSP, CISA, OSCP (highly desirable). Medical Device Experience: Strong plus for candidates with prior experience in medical device cybersecurity. Preferred: CISSP, CISA, OSCP certifications Ready to make an impact in medical device cybersecurity ? Apply now!

Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional Requirements: Security testing(3-5 years exp) - SAST/ DAST/API, Network, Mobile Security/ DevSecops/Cloud Security/ Threat Modelling/ Vulnerability Management/ Logging & Audit/ GRC/ Security Operations/ IAM. Individual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology->Application Security->Application Risk Profiling Threat Modeling Technology->Application Security->Ethical Hacking Technology->Application Security->Penetration Testing (Black/White/Grey Box Testing) Technology->Application Security->Vulnerability Management->Qualys Technology->Security Testing->Security Testing - ALL Technology->Application Security->DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Should have working knowledge in Web Application security, SAST , Manual Secure code review , OWASP Top 10, and Vulnerability assessment. Should have working experience in Java/Python Programming Should have knowledge in GitHub repository usage. Should be able to find out the fix commits for existing CVE's in GitHub source repositories. Having knowledge in other programming languages will be an added advantage.

Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional Requirements: Security testing(6-8 years exp): SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMIndividual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology->Application Security->Application Risk Profiling Threat Modeling->Threat Modeller Technology->Application Security->Ethical Hacking Technology->Application Security->Penetration Testing (Black/White/Grey Box Testing) Technology->Application Security->Vulnerability Management->Qualys Technology->Security Testing->Security Testing - ALL Technology->Application Security->DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

Job Description We're looking for a full-time phenomenal Application Security Engineer II to identify and assist in the mitigation of application vulnerabilities discovered in the Phenom ITX platform. This includes prioritization of vulnerabilities according to the threat vectors and attack techniques, the orchestration of remediation plans and the vulnerability remediation progress tracking via reports and dashboards. Additionally, the Application Security Analyst will participate in the continuous improvement and innovation of Phenoms vulnerability management program and help on the deployment of Phenom Secure Architecture & Software Development program. What You’ll Do Research, identify and analyze and triage vulnerabilities that could affect Phenom ITX Platform and its supporting infrastructure, and determine its severity, exploitability and corrective action recommendations, summarizing and reporting results. Collaborate with engineering/development teams to evolve software assurance processes to address security risks, and help teams learn and adopt shift-security-to-left practices. Work on implementing the required fixes to remediate the vulnerabilities in collaboration with the engineering team Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to identify and communicate security vulnerabilities to Phenom production teams Maintain and report progress on the state of application vulnerabilities and escalate as necessary to ensure vulnerability issues are closed and handled in a manner consistent with Phenom standards Work closely with the business, support and production teams to provide input and guidance on development of planned remediation plans and strategies to solve identified vulnerabilities Use technical writing and effective communications to prepare and deliver vulnerability assessment result reports to all levels of audiences (peers and or leadership). Drive compliance support and improvements over time through the management, analysis and tracking of vulnerabilities discovered through audits, products or collaborations. Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Phenom’s Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design. Help in the deployment of Phenom Secure Architecture & Software Development program to support the best cybersecurity development practice, and ensure Phenom ITX Platform is highly secure, resilient and aligned with business and product development strategy. Continuously review and identify security improvement opportunities in existing processes, services, and workflows to ensure Phenom ITX platform is robust against current and future cybersecurity threats. Support cybersecurity process activities including security requirements definition, threat modelling, code reviews and cyber risk assessment. Support on development and maintenance of a “security by default” standard to be used in the development, infrastructure, or any other technology project. Deliver training on Security Development Lifecycle to engineering/development teams Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation. Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security. Provide analytic support to answer questions about vulnerabilities, and general threat intelligence trends Must Have Bachelor’s degree or higher in related field 3 to 5 years’ hands-on technical expertise as Application Security Engineer Specialized Knowledge Experience with Amazon Web Services cloud environments and its security controls and their corresponding challenges. Experience with microservices architectures & distributed Platforms especially in the SaaS businesses Experience using Agile software development Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.) Knowledge of information security principles (Confidentiality, Integrity, Availability Authentication & Public Key Infrastructure (PKI), Data Security or Cryptography), and understanding of common exploitation techniques and mitigation. Experience implementing, managing, and supporting a vulnerability management program (process and technology). Experience and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs. Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.) and how they help to protect an application. Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation. Thought leadership, critical thinking, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask Benefits We want you to be your best self and to pursue your passions! Health and wellness benefits/programs to support holistic employee health Flexible hours and working schedules, as well as parental leave for new parents Growing organization with career pathing and development opportunities Tons of perks and extras in every location for all Phenoms! Diversity, Equity, & Inclusion Our commitment to diversity runs deep! Diversity is essential to building phenomenal teams, products, and customer experiences. Phenom is proud to be an equal opportunity employer taking collective action to build a more inclusive environment where every candidate and employee feels welcomed. We recognize there is more to be done. Our teams are committed to continuous improvement until these powerful ideas are ingrained in our culture for Phenom and employers everywhere!

? Duties and Responsibilities A strong and thorough understanding of Application Security with a passion to innovate Strong knowledge experience with Vulnerability Assessment and Penetration Testing Strong knowledge to automate DAST/SAST solutions scanning and reporting Performing Manual Secure Code Review and Secure Design Review Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams Good understanding of Java, Python, etc. Hands-on experience of Web Application Scanning Tools (both Open Source and Commercial) Knowledge of performing Threat Modeling and Application Design Reviews Good understanding of SSDLC and Secure Software Delivery Frameworks Provide guidance to development teams for remediating application security vulnerabilities Should have at least one professional certification but not limited to CEH/Security+/eJPT or equivalent Good to have certifications like OSCP/eWAPTX/OSCE/CRTE/eCPTX or equivalent Leading the functions as an individual, performing below assignments Responsible for performing and overseeing Penetration testing, SAST, DAST, Manual Secure Code Review and Secure Design Review Make suggestions for security improvements. Enhance existing methodology material Mentoring Junior Resources Good to have working experience on: Good understanding of Cloud Security Concepts AWS/Azure Should have Project Management Skills (using Jira / Confluence / SNOW

Must have : Application Security/SAST/DAST/SCA Overall 8+ years of IT experience • 7+ years of application security Experience • 5+ years of Application Security testing Experience • Bachelor's degree required. • Deep familiarity with the OWASP Top 10 and other security concerns for web applications • Deep Understanding of OWASP Application Security Verification Standards (ASVS) • Deep understanding of SAST, DAST, SCA Scanning practices • Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. • Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. • Understanding of SAST, DAST tools and dependency scanning tools • Experience working/integrating with secret management systems. • Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) • Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. • Strong documentation skills • Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) • Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. • Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Roles and Responsibilities: • Perform SAST/SCA/DAST scans using industry vulnerability scanner • SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE’s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. • DAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.

Dear Candidate, We are seeking a skilled DevOps Engineer to join our team. The ideal candidate will be responsible for streamlining the software development and deployment process, automating workflows, and ensuring that our systems are scalable, secure, and reliable. You will collaborate closely with development, operations, and product teams to build and maintain infrastructure and ensure continuous integration and delivery. Role & Responsibilities: Automation & Scripting : Design and implement automated systems for deployment, monitoring, and infrastructure management using tools like Terraform , Ansible , or Chef . Continuous Integration/Continuous Deployment (CI/CD) : Develop and manage CI/CD pipelines using tools like Jenkins , GitLab CI , or CircleCI to enable rapid and reliable software deployment. Infrastructure Management : Manage and maintain cloud infrastructure (AWS, GCP, Azure) and on-premise systems, ensuring high availability, scalability, and security. System Monitoring & Performance : Monitor system performance, including application uptime, server health, and resource utilization. Use monitoring tools like Prometheus , Grafana , or Datadog to ensure smooth operation. Collaboration with Development Teams : Work closely with development teams to ensure the continuous delivery of high-quality software and streamline the development process. Security & Compliance : Implement and maintain security practices such as automated patch management, vulnerability scanning, and encryption to safeguard infrastructure. Version Control & Repository Management : Utilize version control systems like Git and repository management tools like GitHub or Bitbucket for code collaboration and management. Required Skills & Qualifications: DevOps Tools & Technologies : Strong experience with DevOps tools such as Jenkins , Docker , Kubernetes , Terraform , Ansible , Chef , and Puppet . Cloud Platforms : Extensive experience with cloud services like AWS , GCP , or Azure to build, manage, and scale infrastructure. Automation & Scripting : Proficiency in scripting languages like Python , Bash , or Ruby to automate repetitive tasks and streamline workflows. Containerization & Orchestration : Hands-on experience with Docker , Kubernetes , or other container orchestration tools for building and managing containers. CI/CD Practices : Expertise in setting up and maintaining CI/CD pipelines to automate the build, testing, and deployment processes. Infrastructure as Code (IaC) : Experience with Terraform or CloudFormation to manage infrastructure resources as code. Version Control : Proficiency in version control systems, specifically Git , for managing codebases and collaborating with teams. Monitoring & Logging : Familiarity with monitoring tools like Prometheus , Grafana , Datadog , or New Relic to ensure system health and performance. Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Overview Cigna International Health is initiating a project to modernise its portal and self-service application to bolster the expansion of our health businesses across the globe. Were actively seeking accomplished leaders to champion our vision and steer us towards building a mobile platform for serving Cignas customers all over the world . We are seeking an experienced Software Engineer to drive our DevSecOps efforts in creating high-quality , scalable applications . The ideal candidate will engineer CI/CD solutions, produce clean code, and ensure successful delivery of software solutions aligned with business goals. Responsibilities Mentoring : Lead and mentorjunior software development team members, fostering a culture of innovation, automation, collaboration, and excellence. Take active part in career development and performance of junior software development teammembers. Project Delivery: Execute software projects, ensuring they are delivered on time, within budget, and meet quality standards. Develop solutions using in test-drivenmethodology. Support and own the DevSecOpsto ensure projects are aligned with standards and IT strategy. Architecture and Development: Guide the design principles, and development processes to ensure scalable, secure, and efficient solutions, collaborating with other senior leads. Operational Efficiency: ImplementDevSecOps to streamline processes, tools, and workflows to optimize engineering operations and enhance productivity. Requirements Experience: Proven experience (6+ years) in a role within software development building pipelines for modern, cloud-native and digital applications. Technical Acumen: Extensive knowledge of software development methodologies, source code management strategies, design patterns, automation, and best practices. Ability to translate non-functional requirements such as availability, flexibility, stability, ease of maintenance and security. Technologies covered: AWS Cloud Services (API Gateway, CloudFront, Lambda, S3, EC2, VPC, DynamoDB and Cloudwatch). Experience with Terraform and/or any Infrastructure-as-Code tool. Experience in integrating with SAST and DAST tools for code quality and security. Experience in using containers and Kubernetes for hosting highly scalable applications on AWS EKS or any other Kubernetes engines. Experience with building and deploying application code with CI/CD pipelines using tools such as Jenkins, GitHub Actions, GitLab CI, Bamboo CI. Strong experience in Linux and Scripting languages such as Python to automate any redundant application components for faster path-to-production. Experience with working in agile teams and understood the concepts of iterative delivery, fail-early & fail-fast, continued improvements. Leadership Skills: Good leadership, mentoring, and communication skills to guide and inspire junior technical team members. Education: Bachelors or Masters degree in Computer Science, Software Engineering, or a related field. Aware of the concrete effects of architectural decisions specifically microservice architecture at the code level, in collaboration with other team members. Desirable Experience of using Jira

The Information Protection Associate Advisor is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization. This role will support in enforcing standard information protection controls through infrastructure, application and third-party security assessments . You will work with development teams to ensure they are using the appropriate application security tooling correctly through their SSDLC . Balance multiple project priorities appropriately. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits. Support the Management team (Regional Information Security Officer and Senior Manager) on dashboard reporting, coordination of incident responses, risk assessments and CIP led initiatives. Job Description: Infrastructure / Application reviews: Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements Communicates risk assessment findings to information security customers, or business partners. Explore risk mitigation controls Serves as an information security expert and trusted advisor to partners in IT and the business Evaluate compliance of operation processes with Information Protection policies and related government regulations Identifies and implements appropriate controls to effectively manage information risks as needed Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk Maintains strong working relationships with individuals and groups involved in managing information risks across the organization Stays abreast of current and emerging security threats and designs security architectures to mitigate them Service Partner Security Assessment: Perform general walkthrough evaluations of new applications and processes under consideration. Provide recommendation to business. Meet with vendors and employees to resolve or track compliance issues. Attend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issues. Review any regular security reports for abnormality. Work with supplier chain management on contracts to include security terms. Escalation to the fellow CIP team on security issues related to service partners. Provide development teams with application security vulnerability validation and remediation guidance from various application security tooling (SAST, SCA, IAC, DAST, MAST, etc) Support the Management team (Regional Information Security Officer and Senior Manager): Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standards Work with the RISO on managing security incidents Regular risk & activity reporting Issue tracking with local security teams Review and approval of application/infrastructure changes in terms of security Coordinate CIP initiatives with other countries as required Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Partner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Stay abreast of current and emerging security threats and security architectures to mitigate the threats Skills Needed: Health Insurance or Health Care Industry experience preferred Ability to multitask and timely execute Ability to grasp and understand complicated relationships Proven Communication skills, able to write and verbally communicate effectively Organizational courage to escalate and resolve risk issues Flexible can adapt to changing organization changing business needs, technological advances and agile methodology Demonstrates technical skills in infrastructure, application and third party security assessments. Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Experience with assessing and mitigating risk Experience with contracting and negotiations Travel required, approximately 10% Qualifications: BS degree or equivalent experience CISSP, CISA, CISM, CRISC or similar certifications preferred Broad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, application security Strong written and spoken English skills Qualified candidates will typically have 8 to 11+ years of professional IT experience work experience, and 4 years in information security Experience with process and change management, reporting and incident handling. Demonstrated ability to communicate at high levels, both verbally and in reporting Excellent problem identification, solving and critical reasoning skills. Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment. Techno Functional role Cyber security Analysts SDLC must have At least 1+ yrs of working experience SAST, DAST, MAST, SCA: Application Security scanning Tools must have Check vulnerability assessments. Help Developers to check if the integration process is aligned with the results. Check if the team is using the right tools and review the results. Threat Model & Programming languages is good to have not mandate. Software Development Lifecycle

About Zscaler Serving thousands of enterprise customers around the world including 40% of Fortune 500 companies, Zscaler (NASDAQ: ZS) was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. As the operator of the world’s largest security cloud, Zscaler accelerates digital transformation so enterprises can be more agile, efficient, resilient, and secure. The pioneering, AI-powered Zscaler Zero Trust Exchange™ platform, which is found in our SASE and SSE offerings, protects thousands of enterprise customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Named a Best Workplace in Technology by Fortune and others, Zscaler fosters an inclusive and supportive culture that is home to some of the brightest minds in the industry. If you thrive in an environment that is fast-paced and collaborative, and you are passionate about building and innovating for the greater good, come make your next move with Zscaler. Our Engineering team built the world’s largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy. We're looking for an experienced DevSecOps Engineer to join our team reporting to a Director of Engineering, you'll be responsible for: Designing/Architecting, Implementing, and supporting end to end CI/CD systems for mission critical distributed application deployments on Zscaler Private and Public clouds such as AWS, GCP Assisting developers with merging, resolving conflicts, creating and managing pre-commit hooks and own administration for DevSecOps tools such as (GitLab, GitHub, Bitbucket, Bamboo, Jenkins, Grafana, Prometheus, Artifactory, ArgoCD/Flux, etc) Security of the code, applications and infrastructure with a strong working experience in Security scanning (SAST/SCA/DAST) tools such as SonarQube, Snyk, BlackDuck, Coverity, CheckMarx, TruffleHog, etc Automating infrastructure provisioning and configuration (IaC) using tools like Terraform, Chef, Ansible, Puppet, etc Tracking and monitoring build metrics such as code coverage, build times, build queue times, usage/consumption for build agents, and chart them over time using tools such as Prometheus, Grafana, CloudWatch, Splunk, Loki, etc What We're Looking for (Minimum Qualifications) You would need a Bachelor of Engineering/Technology degree in Computer Science, Information Technology, or related field with at least 4 years hands-on experience in managing AWS, Google Cloud (GCP) and/or Private Cloud Environments Strong application development/Automation experience with one of the OOPS languages C/C++/Java/Python/GO Experience with SAST, SCA, DAST, Secret scans and familiarity with scanning tools such as SonarQube, Snyk, Coverity, BlackDuck, CheckMarx, TruffleHog, etc Experience with container orchestration technologies such as Docker, Podman, Kubernetes, EKS/GKE and proficiency in automation using tools such as Terrafrom, CloudFormation, Ansible, Chef, Puppet, etc Experience with Git and GitOps based pipelines using GitLab, GitHub, Bitbucket and CI automation tools like Jenkins, GitHub actions, Bamboo What Will Make You Stand Out (Preferred Qualifications) Experience writing and developing yaml based CI/CD Pipelines using GitLab, GitHub and knowledge of build tools like makefiles/gradle/npm/maven etc Experience with Networking, Load Balancers, Firewalls, Web Security Experience with AI and ML tools in day to day DevSecOps activities #LI-Onsite #LI-AC10 At Zscaler, we believe that diversity drives innovation, productivity, and success. We are looking for individuals from all backgrounds and identities to join our team and contribute to our mission to make doing business seamless and secure. We are guided by these principles as we create a representative and impactful team, and a culture where everyone belongs. For more information on our commitments to Diversity, Equity, Inclusion, and Belonging, visit the Corporate Responsibility page of our website. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: Various health plans Time off plans for vacation and sick time Parental leave options Retirement options Education reimbursement In-office perks, and more! By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is proud to be an equal opportunity and affirmative action employer. We celebrate diversity and are committed to creating an inclusive environment for all of our employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status or any other characteristics protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. For additional information about the federal requirements, click here . Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

Key Responsibilities: Perform in-depth penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. Identify, exploit, and document security vulnerabilities across systems and provide remediation recommendations. Simulate sophisticated attacks to test the strength of security controls and identify potential areas of compromise. Collaborate with development, infra, and DevOps teams to integrate security into the development lifecycle and Infrastructure-as-Code (IaC) security. Develop comprehensive security test plans, methodologies, and tools to ensure effective assessment of systems. Create detailed reports that outline vulnerabilities, risks, and recommended mitigations. Perform threat modeling and risk assessments to prioritize testing efforts. Monitor network traffic for threats and respond to security incidents. Ensure security best practices in Cloud environments, security controls for cloud workloads, IAM policies, and network security. Monitor and respond to cloud security incidents using SIEM and cloud-native security tools. Integrate and automate security testing and compliance checks into CI/CD pipelines using tools like SAST, DAST, and IAST . Experience Range: 3 - 5 years Educational Qualifications: -B.Tech/B.E in Computers , -B.Tech/B.E in IT Job Responsibilities: Required Skills & Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field . 2-3 years of experience in cybersecurity with a focus on Penetration testing or Ethical Hacking , Application Security, Cloud Security, and DevSecOps . Experience with security tools such as Burp Suite, Metasploit, Nessus, Wireshark, SonarQube, AWS WAF, Google WAF, Kali Linux, and other vulnerability scanning tools, etc. Knowledge of SIEM , EDR , NIST, CIS, and OWASP security frameworks. Proficiency in scripting (Python, Bash, PowerShell) for security automation. Industry certifications like CEH, Security+, AWS/GCP Security, or any DevSecOps-related certification (preferred but not mandatory). Excellent written and verbal communication skills to effectively report vulnerabilities and collaborate with stakeholders.Qualifications: Bachelors degree in computer science . 80% or above in 10th and 12th Skills Required: DevOps , Linux , PHP , Python Job Code: KL-XYEQQGD5

Description Cloud Engineer - GCP Strong expertise in cloud platforms engineering on GCP Strong experience with Service Orientated Architecture Cloud & Kubernetes Knowledge of one or more programming language such as Go Python or JavaScript Experience working with infrastructure as code config as code tooling and methodologies (i.e. Terraform etc) Experience with different Continuous Integration (CI/CD) tooling used at ANZ such as CodeFresh and Google Cloud Build Experience with different Monitoring and APM tools used at ANZ such as Prometheus Grafana Splunk and Dynatrace Experience or knowledge of Site Reliability Engineering practices. Experience building self-service alerting functionality on top of different Monitoring and APM tools (Slack/ServiceNow etc) Ability to work with a DevOps mindset Senior / Lead GCP Platform Engineer - Skills Breakdown Large Organisation Experience oExperience using multi-project organisational structures. Strong knowledge of GCP services including but not limited to oHands-on GCP networking skills (e.g. Shared Virtual Private Cloud (VPC) subnetworks Firewall Rules Cloud Router Cloud DNS Load Balancing Interconnect etc.). oThorough understanding of networking concepts especially TCP/IP IP addressing and subnet calculation. oSolid experience with GCP Security services; Identity and Access Management (IAM) Cloud Identity-Aware Proxy (IAP) Key Management Service (KMS) Cloud Security Command Center Secrets Manager Resource Manager etc. oGood knowledge of various GCP Integration patterns Cloud Functions with Cloud Pub/Sub Cloud Storage and Cloud SQL. oAny workload-related experience is a bonus e.g. Kubernetes Engine Google Compute Engine App Engine etc. oContainerization experience with Docker and GKE (preferred) Infrastructure as a Code and Scripting oSolid hands-on experience with declarative languages Google Cloud Deployment Manager (& Terraform preferred) and their capabilities oComfortable with Bash scripting and at least one programming language (Python or Go preferred). oSound knowledge of secure coding practices and configuration/secrets management oKnowledge in writing unit and integration tests. oExperience in writing infrastructure unit tests; Terratest preferred Solid understanding of CI/CD oSolid understanding of zero-downtime deployment patterns oExperience with automated continuous integration testing including security testing using SAST tools oExperience in automated CI/CD pipeline tooling; oCloud Build preferred Experience in creating runners Docker images Experience using version control systems such as Git oExposed to and comfortable working on large source code repositories in a team environment. oSolid expertise with Git and Git workflows working within mid to large (infra) product development teams General / Infrastructure Experience oExperience with cloud ops (DNS Backups cost optimization capacity management monitoring/alerting patch management etc.) oExposure to complex application environments including containerized as well as serverless applications oWindows and/or Linux systems administration experience (preferred) oExperience with Active Directory (preferred) oExposure to multi-cloud and hybrid infrastructure oExposure to large-scale on-premise to cloud infrastructure migrations oSolid experience in working with mission-critical production systems Named Job Posting? (if Yes - needs to be approved by SCSC) Additional Details Global Grade C Level To Be Defined Named Job Posting? (if Yes - needs to be approved by SCSC) No Remote work possibility No Global Role Family 60236 (P) Software Engineering Local Role Name 6504 Developer / Software Engineer Local Skills 58565 Cloud Languages RequiredEnglish Role Rarity To Be Defined

Description ExperienceSoftware developer with 4-8 years of experience Primary Skills Core Java, Spring Boot, Microservices, REST API Secondary Skills Angular / React Technical ExpertiseProficiency in Java and GoLang in an event driven microservices architecture and/or Hands-on experience with MongoDB and PL/SQL for data modelling and query optimization. Exposure to security tools like SAST, DAST, and SCA, from an use case perspective, and understanding of secure coding principles. Familiarity with DevOps principles, CI/CD pipelines and tools (e.g., Jenkins, GitHub, K8s, SonarQube, etc..). Experience with working in Agile/Scrum teams Be a Confident, and Vocal team members to work on Challenging projects, and timelines Overall Responsibilities Collaborate with cross-functional teams, including Program managers, Tech Leads, UI/UX designers, Product owners, Stakeholders, and End users to deliver end-to-end solutions. Design, develop, and maintain scalable, secure, and efficient backend systems using Java and GoLang. Build dynamic and user-friendly frontend applications using AngularJS and React. Develop and optimize database solutions using MongoDB and PL/SQL. Implement secure coding practices and integrate/work with security tools for SAST, DAST, and SCA need into the development process. Build and maintain CI/CD pipelines for streamlined deployment and integration. Participate in code reviews, mentoring team members, and improving overall code quality. Troubleshoot, debug, and enhance application performance to meet business needs Named Job Posting? (if Yes - needs to be approved by SCSC) Additional Details Global Grade C Level To Be Defined Named Job Posting? (if Yes - needs to be approved by SCSC) No Remote work possibility No Global Role Family To be defined Local Role Name To be defined Local Skills Java;MongoDB;Spring Boot;Spring Cloud Languages RequiredENGLISH Role Rarity To Be Defined

Mandate Skill- UI Testing, API test, Sonar Qube OR SAST, SQL, Manual test, load test We are looking for a Senior QA Engineer Responsibilities Automated and manual testing preparation Follow the Agile methodology with the teams having the goal of automating most of the testing associated with Sprint deliverables. Troubleshoot bugs and errors and document on tools like Jira and Confluence. Mentor junior team members doing manual QA so that they can start working on automation. Requirements: 5+ years of Relevant experience in QA automation Experience in testing API & Web applications Expertise in DB testing and back end (Cron, Batches) testing Expertise in testing micro services & able to analyze logs Expert on API Automation using Rest Assured with Java Expert on Web Automation using Selenium with Java Experience in using tools like Postman, JMeter, Jenkins, Git, Jira, Confluence, Swagger Able to query data with databases such as MySQL & Mongo Able to do post production analysis & finding root cause for production bugs Can think in "out of box" test scenarios & good with exploratory testing. Experience working in an Agile/Scrum development process Experience with performance (Jmeter) and/or security testing is a plus. Good communication skills. Analytical mind and problem-solving aptitude. English fluency both written and spoken

About Zscaler Serving thousands of enterprise customers around the world including 40% of Fortune 500 companies, Zscaler (NASDAQ: ZS) was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. As the operator of the world’s largest security cloud, Zscaler accelerates digital transformation so enterprises can be more agile, efficient, resilient, and secure. The pioneering, AI-powered Zscaler Zero Trust Exchange™ platform, which is found in our SASE and SSE offerings, protects thousands of enterprise customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Named a Best Workplace in Technology by Fortune and others, Zscaler fosters an inclusive and supportive culture that is home to some of the brightest minds in the industry. If you thrive in an environment that is fast-paced and collaborative, and you are passionate about building and innovating for the greater good, come make your next move with Zscaler. Our Engineering team built the world’s largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy. We're looking for an experienced DevSecOps Engineer to join our team reporting to a Director of Engineering, you'll be responsible for: Designing/Architecting, Implementing, and supporting end to end CI/CD systems for mission critical distributed application deployments on Zscaler Private and Public clouds such as AWS, GCP Assisting developers with merging, resolving conflicts, creating and managing pre-commit hooks and own administration for DevSecOps tools such as (GitLab, GitHub, Bitbucket, Bamboo, Jenkins, Grafana, Prometheus, Artifactory, ArgoCD/Flux, etc) Security of the code, applications and infrastructure with a strong working experience in Security scanning (SAST/SCA/DAST) tools such as SonarQube, Snyk, BlackDuck, Coverity, CheckMarx, TruffleHog, etc Automating infrastructure provisioning and configuration (IaC) using tools like Terraform, Chef, Ansible, Puppet, etc Tracking and monitoring build metrics such as code coverage, build times, build queue times, usage/consumption for build agents, and chart them over time using tools such as Prometheus, Grafana, CloudWatch, Splunk, Loki, etc What We're Looking for (Minimum Qualifications) You would need a Bachelor of Engineering/Technology degree in Computer Science, Information Technology, or related field (or equivalent work experience) with at least 4 years hands-on experience in managing AWS, Google Cloud (GCP) and/or Private Cloud Environments. Strong application development/Automation experience with one of the OOPS languages C/C++/Java/Python/GO Experience with SAST, SCA, DAST, Secret scans and familiarity with the scanning tools such as SonarQube, Snyk, Coverity, BlackDuck, CheckMarx, TruffleHog, etc Experience with container orchestration technologies such as Docker, Podman, Kubernetes, EKS/GKE and Proficiency in Infrastructure and Configuration automation using tools such as Terrafrom, CloudFormation, Ansible, Chef, Puppet, etc Experience with Git and GitOps based pipelines using GitLab, GitHub, Bitbucket and CI automation tools like Jenkins, GitHub actions, Bamboo What Will Make You Stand Out (Preferred Qualifications) Experience writing and developing yaml based CI/CD Pipelines using GitLab, GitHub and knowledge of build tools like makefiles/gradle/npm/maven etc Experience with Networking, Load Balancers, Firewalls, Web Security Experience with AI and ML tools in day to day DevSecOps activities #LI-Onsite #LI-AC10 At Zscaler, we believe that diversity drives innovation, productivity, and success. We are looking for individuals from all backgrounds and identities to join our team and contribute to our mission to make doing business seamless and secure. We are guided by these principles as we create a representative and impactful team, and a culture where everyone belongs. For more information on our commitments to Diversity, Equity, Inclusion, and Belonging, visit the Corporate Responsibility page of our website. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: Various health plans Time off plans for vacation and sick time Parental leave options Retirement options Education reimbursement In-office perks, and more! By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is proud to be an equal opportunity and affirmative action employer. We celebrate diversity and are committed to creating an inclusive environment for all of our employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status or any other characteristics protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. For additional information about the federal requirements, click here . Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

Experience with vulnerability management, secure coding practices, and the OWASP Top 10 vulnerabilities. compliance standards (SOC 2, ISO 27001, PCI-DSS, GDPR). Experience with threat modelling, penetration testing, and security risk assessments. Required Candidate profile Proven experience with end-to-end security in cloud and containerized environments. Experience in leading security initiatives and guiding teams toward better security practices. CISSP