163 Sast Jobs - Page 6

Exp; 4 -6 Yrs Location: PAN INDIA (Base location Hyd) Mode: Remote/ Job Description: We are seeking an SecDevOps Senior Developer to join our team. The ideal candidate will have experience in security operations, incident response, and automation within cloud environments. You will play a critical role in developing security solutions and enhancing our cybersecurity posture. Key Responsibilities: Develop and secure AWS services and implement automation solutions for cloud security events. Utilize Splunk for security monitoring, data analysis, and incident investigation. Collaborate with SOC teams for incident response (IR) and security operations. Develop security automation using Python and Splunk Search Processing Language (SPL) . Work in an Agile development environment and contribute to CI/CD security best practices. Identify, assess, and mitigate security threats in a cloud environment. Communicate complex security issues effectively through reports, presentations, and discussions. Required Qualifications: Bachelors degree with 4+ years of experience in Information Security, Cyber Intelligence, or a related field. (In lieu of a degree, 6+ years of experience is required.) Splunk experience & certification is mandatory. Minimum 2 years of experience in SOC/Incident Response (IR) . Strong knowledge of Python and Splunk SPL for automation and analysis. Hands-on experience in securing AWS services and developing security automation. Familiarity with Agile methodologies and CI/CD pipelines. Strong communication and problem-solving skills. Preferred Qualifications: Security certifications such as SANS, AWS Security, or Developer-based certifications . Experience with DevOps principles and CI/CD pipelines . Prior experience in SOC, Cyber Intelligence, or Incident Response is a plus. Knowledge of Cloud Foundry/Docker is an added advantage.

Job Description: Proven work experience as a DevSecOps Engineer or similar role in development, operations, and security. Knowledge of cloud technologies and architectures (Azure, AWS, Google Cloud). Experience in secure coding practices and automating security testing tools. Understanding of network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols). Proficient with containerization technologies like Docker and orchestration tools like Kubernetes. Experience with automation scripts and configuration management tools. Excellent communication skills with the ability to explain complex security topics in an understandable manner. DevSecOps person with both SecOps & DevOps skillset, Security Appsec & Cloudsec experience, VAPT, Burb suite, DevOps (CI/CD), IAM DevOps – AWS Cloud, CloudFormation, Github workflows/actions, AZDO Pipeline, Dockers/Containers.

Please dont call me if anyone intrested who is an immediate joiner or serving notice period is below 15 days , please watsapp me your details with resume -9003993690 or send me your resume with the below email id -sushma.v@bct-consulting.com - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note:

Your Impact: We are OpenText-Fortify and we specialize in Enterprise Application Security. Our product helps you manage, measure and integrate security for the entire software lifecycle. What the role offers: Develops product architectures and methodologies for software applications design and development across multiple platforms and organizations within the Global Business Unit. Identifies and evaluates new technologies, innovations, and outsourced development partner relationships for alignment with technology roadmap and business value; creates plans for integration and update into architecture. Reviews and evaluates designs and project activities for compliance with development guidelines and standards; provides tangible feedback to improve product quality and mitigate failure risk. Leverages recognized domain expertise, business acumen, and experience to influence decisions of executive business leadership, outsourced development partners, and industry standards groups. Provides guidance and mentoring to less-experienced staff members to set an example of software applications design and development innovation and excellence. What you need to succeed: Strong programming experience in Java Experience/Knowledge of SAST/static code analysis algorithms/Application Security Domain Background in Code Analysis/Application Security/Compiler internals/construction in one or more programming languages is preferred Background in the OWASP/software security domain is preferred Design and implement static analysis algorithms based on recent relevant computer science research and literature. Develop new analysis features and add support for new languages and language features.

Application Security (DevSecOps) Specialist About The Role : Primary responsibilities will be assisting with the delivery of DevSecOps and strategic AppSec projects. This includes performing DevSecOps/Agile and AppSec Program Assessments, performing Architecture Reviews and Threat Modeling, designing DevSecOps pipelines, assisting with large scale DevSecOps transformations, performing secure configuration reviews, and providing technical leadership within our Application Security team. The Application Security Specialist will deliver the aforementioned services, deliver comprehensive reports, and provide thought leadership within the Application Security and DevSecOps space. You will spend your time focusing on challenging projects and solving complex problems. Role Requirements Assist with the performance of Application Security services, including but not limited to DevSecOps and Application Security Program Assessments, Application Architecture Reviews, Threat Modeling, designing industry leading Application Security programs, Secure SDLC Implementation, Security Configuration Reviews, AppSec related training Contribute to comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies Awareness and understanding of the rapidly changing application security landscape, including open source and commercial tools, assessment methodologies and approaches, and strategy frameworks, such as OWASP SAMM, and BSIMM Familiarity with common Agile development methodologies, such as the Scaled Agile Framework Familiarity with common DevSecOps related tooling including but not limited to continuous integration tooling (AzureDevOps, Jenkins, Bamboo), QA testing frameworks and tools (Cucumber, NUnit, JUnit), automated application security testing tools (SAST, DAST, IAST, OSA), defect tracking systems (JIRA, Azure DevOps), and containerization technologies Understanding of a broad range of application security issues, mitigation strategies, and common application security controls Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry Foster stakeholder relationships with the development teams by providing support, information, and guidance Maintain a strong desire to learn, adapt, and improve Perform other duties as assigned Education, Credentials, and Experience Direct hands on experience (8+ years) in performing Application Security service offerings, including but not limited to DevSecOps implementations, tool automation, application threat modeling, application architecture reviews, and program assessments Experience and working knowledge of Application Security controls, application architectures, database architectures, security requirements, and industry standards and frameworks Operational DevSecOps experience Hands on experience with a broad range of DevOps tooling that is necessary to support scalable application security, such as containerization technologies, continuous integration tools, source code repositories, defect tracking systems, and QA testing tools Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information during live conversations and formal deliverables Bachelors degree in a relevant discipline or equivalent experience

Role: Application Penetration Tester Exp: 3+ years Location: Bangalore Send resumes to: mounika-d@hcl.software Job description: HCL Software is an exciting place to work, with a wide variety of applications developed across multiple global geographic locations. We are seeking multiple Application Penetration testers for our Product and Infrastructure Security team. Key Responsibilities: Support the companys commitment to protect the confidentiality, integrity, and availability of systems and data. Perform penetration testing and security assessments of products and other applications to identify complex vulnerabilities and drive through to remediation. Drive development of new vulnerability discovery and exploitation techniques. Collaborate with stakeholders to create remediation strategies that will help improve the overall security posture. Write and deliver security assessment reports. Oversee remediation of all findings and recommendations. Help develop security practices and provide guidance to security teams for implementation. Additional security tasks as needed. Skills and Qualifications: Expert knowledge of OWASP Top 10 vulnerabilities, testing procedures, and remediation recommendations. Strong experience with SAST, DAST, and IAST tools. Advanced experience with BurpSuite a must. Experience working with information security frameworks such as SANS and NIST. Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C#, or Java. Strong knowledge of penetration test and assessment procedures, as well as expert knowledge of remediation best practices. Good knowledge of TCP/IP, networking, web applications, databases, mobile, desktop, containerized applications, and cloud applications. Ability to communicate technically with software engineers and development leads, and effectively translate issues and risks into clear and understandable business language. Ability to build network and foster an atmosphere of teamwork within the larger security team and across various business units. Bachelor of Science in Computer Science or related field. GWAPT or OSCP or CEH certification strongly preferred. Strong troubleshooting and analytical skills.

Job Description : Total IT experience ranging from 3.5 to 9 years. At least 4 years of experience in application security testing (Web/ Thick client), Infra Penetration Testing, mobile security testing and secure code review, DAST,SAST . Perform secure code review of software applications, developed in various languages (i.e. Java, ASP, .NET, C++, C#, PHP etc.) Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc. Co-ordinate with multiple Development Teams to understand application architecture, perform threat profiling, to be able to perform a comprehensive manual code review. Should be proficient in Application Security Concepts, familiar with OWASP Top 10, SANS top 25 and other security best practices. Basic understanding of the following protocols/technologies HTTP, SOAP/REST, SSL/TLS. Experience in work with relational databases like ORACLE, MS-SQL, MySQL etc. Analyze vulnerabilities, perform an impact analysis and risk determination. Successfully lead and execute projects, mentor and train resources with focus on enhancing their skill sets. Should have excellent communication Written, Oral and presentation skills. Security certifications CISSP, CEH is desirable Experience in secure software development standards, process, techniques and tools. Security Consulting Tools : Proficiency in most of the tools in each category Secure code review Checkmarx, HPFortify, IBMAppScan Source edition. Web application vulnerability scanning tools - IBM AppScann, HPWebInspect, Burpsuite Pro High level programming languages :Java, C, C++, .NET Development Knowledge ASP.NET, ASP, PHP, J2EE, JSP Database scanning : NGS & Scuba Vulnerability scanning tools : Qualys & Nessus

1. Good understanding of OWASP top10 vulnerabilities 2. Burp scanning procedures. 3. Penetration testing skills, 4. In-depth understanding between risk severity and probability 5. Describe specific steps or methodology for identified risk remediation. 6. Vulnerability identification and remediation , 7. Risk frameworks, 8. Mitigation and remediation strategies, 9. Concepts of SAST, DAST, DEVSECOPS. optional Responsibilities and Day-to-Day View • Execute vulnerability assessment of applications via automated and manual techniques to understand the risk and security posture of the applications in pre-prod and prod envs. • Perform security analysis and identify new engineering standards for cloud, on-prem, and/or mobile applications based on modern HTTP based web applications and microservices that improves security posture. Analyze HTTP request/response data and collaborate knowledge with technology teams to find root cause and hardening opportunities. • Conduct, lead and handoff incident response activities (triage, communications, containment, root cause analysis, remediation) • Assess, triage and prioritize security detections from logs and monitoring alerts for suspicious or anomalous activity including bot traffic • Review application design, architecture and configuration from security standpoint and provide recommendations based on security best practices • Research, design, and develop solutions meeting internal and external compliance, security requirements and standards for Site Security & Reliability Engineering • Drives defense-in-depth security for the organization to protect critical IT assets and data • Understands cryptography and encryption of data stored and transmitted. • Logging, monitoring, and responding to detected incidents. • Serving as the voice of the customer to the development and system support teams in implementing new features or resolving security issues that exist in technology implementations. Required Qualifications • Ability to conduct creative and in-depth manual security testing (ethical hacking). • Identifies critical security gaps and drives them to resolution within required timelines. • Ability to write and develop security and infrastructure Security standards and requirements • Ability to use automated scans to identify security vulnerabilities and configuration gaps • Exceptional ability to communicate and drive progress on compliance by influencing action owners and tracking progress with reports, dashboards and other tracking mechanisms. • Ability to program and automate communications and notifications to action owners • At least 2-4 years experience in working in Azure cloud, information security, PCI and SOC compliance • Perform security analysis of cloud configurations • Experience in Application Security Testing, using automated SAST Scanners (Veracode Preferred), DAST Scanners (AppScan Enterprise Preferred) and Pen Testing tools, like BurpSuite. • Familiarity with investigative technologies such as log analysis, HTTP debugging tools • Familiarity with tools such as Splunk, EFK, Dynatrace, QuantumMetric, and any Web Application Firewall (WAF) Mandatory Skill - Must Have - Application security & testing Good to have - SAST + DAST.

Seeking 8 contract resources in Hyderabad and Bangalore for performing SAST (Static application security testing), SCA (Software Composition Analysis) and DAST (Dynamic application security testing) to perform identification and remediation of vulnerabilities in Applications. About the Job: This position is a Contractor at Senior Specialist Cyber Security role for performing Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by performing remediation validation of vulnerabilities identified during the testing process. While doing so they will also be identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers. Roles and Responsibilities: • Perform SAST/SCA/DAST scans using industry vulnerability scanner • SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWEs as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. • DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. • This person will be primarily tasked to execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. • During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities. • Tester must ensure results from scanner are present in Vulnerability reporting platforms and visible to approved app users. • Perform manual validation and false-positive analysis on the automated scan results. • Provide remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Primary / Mandatory skills: Overall - 8+ years of IT experience • 7+ years of application security Experience • 5+ years of Application Security testing Experience • Bachelor's degree required. • Deep familiarity with the OWASP Top 10 and other security concerns for web applications • Deep Understanding of OWASP Application Security Verification Standards (ASVS) • Deep understanding of SAST, DAST, SCA Scanning practices • Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. • Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. • Understanding of SAST, DAST tools and dependency scanning tools • Experience working/integrating with secret management systems. • Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) • Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. • Strong documentation skills • Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) • Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. • Proven ability to communicate, collaborate, and present effectively with team. Mandatory Skill - Must Have - Application security & testing Good to have - SAST + DAST.

Role & responsibilities SecOps Standards: Develop and update application security standards, secure coding principles, and threat modelling processes. Application Security Support: Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance. Vulnerability Assessment: Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and engage in security automation efforts and process improvements. Penetration Testing: Exposure to web application and APIs application penetration tests. And conduct network and cloud penetration tests to identify security weaknesses. Security Monitoring & Incident Response: Deploy and manage security tools, detect threats, prevent sensitive data leaks and address incidents. Infrastructure & Cloud Security: Safeguard infrastructure on AWS, GCP, or Azure, focusing on encryption, IAM, and network security. \Security Automation: Integrate security into CI/CD pipelines and automate compliance checks. Compliance & Governance: Ensure adherence to security regulations (e.g., GDPR, SOC 2, ISO 27001). Threat Intelligence: Stay updated on emerging threats and apply security best practices. Preferred candidate profile Experience: Minimum of 3-5 years in DevSecOps or security engineering, with a focus on cloud security. Proficiency in DevSecOps operations and Application Security. Familiarity with secure by design and “shift left” security principles. o Strong knowledge of software security risks and threats (OWASP top 10) Secure Software Development Lifecycle (SDLC) knowledge. o Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Strong scripting skills (Python, Bash) for security automation. Proficient with cloud-native and containerized platforms with proven experience on Kubernetes (EKS), Jenkins, Docker, Terraform, etc. Excellent communication skills for cross-functional collaboration. Perks and benefits

About the role: We're looking for an experienced Staff Application Security Engineer for our Product Security team. Reporting to the Director of Vulnerability Management, you'll be responsible for: Conducting thorough static and dynamic analysis of our applications to identify and remediate security vulnerabilities early in the development process (SAST/DAST) Implementing SCA tools to identify and manage open-source components, ensuring that all third-party libraries and frameworks used in our codebase are secure and up-to-date (Software Composition Analysis) Assessing and securing our containerized environments and IAC deployments, ensuring that security best practices are followed to protect our infrastructure from potential threats (Container and Infrastructure as Code Security) What We're Looking for (Minimum Qualifications) Expertise in Application Security, encompassing over 4 years of hands-on experience in deploying and overseeing security protocols like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), or Infrastructure as Code (IaC) Proficiency with application security tools such as Snyk, Semgrep, Coverity, Checkmarx, Burp Suite, OWASP ZAP, and dependency management tools Strong understanding of secure coding practices, vulnerability management, and remediation techniques with expertise in source control (Github, Bitbucket) and CI pipelines (ArgoCD, Jenkins) Experience in identifying and addressing security vulnerabilities within codebases, ensuring prompt and efficient management throughout the CVE/CWE lifecycle What Will Make You Stand Out (Preferred Qualifications) Experience as a software developer or within a DevSecOps position, with proficiency in programming languages such as Java, Python, JavaScript, C/C++, and Golang Extensive experience in Cloud Security, adept at securing cloud environments including AWS, Azure, and Google Cloud, with comprehensive knowledge of cloud-native security tools and methodologies

Role: AWS DevOps Lead Exp.: 8+ years Job Description: Overall, 8+ years of experience with 5 years of hands-on experience in deployment automation using IaC, Configuration management, Orchestration, Containerization, and running a complete CI/CD pipeline on both cloud and on-prem. Thorough understanding and hands-on skills in the below Infrastructure as Code: Terraform, AWS CloudFormation, Puppet. Source control: GitLab, GitHub. CI/CD: Jenkins, GitLab CICD. Containerization/Orchestration: Kubernetes, AWS ECS, AWS EKS, Docker. CDN: Akamai, AWS CloudFront. Monitoring: AWS Cloud watch, New Relic. Security: AWS Code Guru, Guard Duty, Security Hub, Snyk, Veracode, Rapid7. Programming/Scripting: Python, Shell scripting Good understanding of networking, security rules, firewalls, WAF, API gateways, and auto-scaling principles. Hands on experience using AWS (VPC, Subnets, ALB/NLB, RDS, ECS, SQS, Cognito, Lambda, Memcached ) is required. Understanding of Programming concepts and best practices is required. Experience dealing with production incidents in multi-tier application environment is required. Experience managing production workloads with Site Reliability Engineering best practices. Good understanding of various deployment strategies (Rolling updates, Blue/Green, Canary) Strong exposure on DevSecOps testing methods SAST, DAST, SCA is preferred.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment ..Interested candidate can share resume to ankita.patari@happiestminds.com Work Location: Belapur, Navi Mumbai Experience: 11-15 Years General Shift who can join with 30 days notice period Skills: Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10,OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation Job Description: Project Management - Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Bank and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management B.Sc (IT/CS) / B.Tech in Computer Science, Information Technology, or related field. CISSP, CISA, CISM, CRISC 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Thanks And Regards, Ankita Ghosh ankita.patari@happiestminds.com

About The Role : Minimum 5 years of technical experience in DevOps Minimum of 3 years of experience in information security and/or computer science Bachelors degree in computer science, engineering, applied information technology or related subject matter. Experience of working in a challenging work environment and track record of meeting project timelines Experience leading a DevOps transformation across the pillars of people, process, and technology. Primary Skills Familiar with secret management using tools like Hashicorp Vault and AWS Secrets Manager Strong experience designing and implementing CI/CD pipelines across multiple tools, such as Terraform, Packers, GitLab, Jenkins Familiar with automating application security controls. using techniques such as SCA, SAST, DAST, and supply chain management Strong experience with scaling Observability in an organization . Strong grasp of at least one programming language (JavaScript, Python preferred)

- Define and document best practices for engineers to consume and operate platform services. - Build and maintain an infrastructure as code module library. - Support deployments in cloud and at the edge. Required Candidate profile - Knowledge of building module libraries using infrastructure as code tools such as Terraform, Cloud Formation, etc. - Detailed understanding of Identity & Access Management in AWS, or Google Cloud.

Preferred candidate profile: Notice period: Looking for immediate joiners only. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actor. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management. Preferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS Security

Role: DevSecOps Engineer Primary Skills : Sound knowledge and working experience with application technologies such as Github, Gerrit, Jenkins, Bamboo, Bitbucket , Jira, Confluence & Artifactory tools . 6+ yrs Exp in CI/CD processes , Build , Test & Deploy ( SAST Code review Codesonar , FOSS- Synopsys Detect ). Proficiency on Scripting/programing languages JavaScript, Perl, PowerShell, Bash, Python to automate the CI/CD pipeline. Good understanding of distributed version control systems like GIT ,Kubernetes Kafka, Ansible playbooks & Docker. Exp in designing, developing, and implementing the best practices and automation for the DevSecOps pipeline. Ability to work with large and complex data sets ,Proficiency in MS Excel & data Visualisation tools (Power BI ,etc ). Implement Infrastructure as Code ( IaC ) security best practices . Job Key Responsibilities: Defining the best class in DevOps process, analysing DevSecOps process and gaps. Stay Updated on emerging Security threats and t echnologies . Utilize the various open source secure technologies . Develop the scripts and automate different efforts using PowerShell/Python/Bash/Linux . Manage source control including Gerrit, Bitbucket and GIT . Develop automation that flow through a complete end-to-end process. Knowledge of Agile methodologies such as SCRUM & KANBAN , Capable of developing, analysing specifications and requirements Exp and sound knowledge of software development tools , SCM , Release Management , Unit Test , Integration Test , SW Validation , emulators, compilers , Software testing Note : Looking for Immediate & Max 45 Days Notice period Interested can send their Updated CV to ambika.dongre@harman.com

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 5 Years Skills Source Code :- Secure Code Review / Static Application Security Testing Software Composition Analysis AppSec (Web, Mobile, Thick Client) & API :- Web Application & Thick Client Penetration Testing (DAST) API Security Testing Mobile Application Security Testing (MAST) Network Security:- Network Security VAPT IT Infrastructure VAPT Network Security Configuration Review Process/Architecture Review :- Secure SDLC Process Review Network Security Architecture Review SCD/VA/DFRA/DB Review ;- Database Security Configuration Review Digital Forensics Readiness Assessment Secure Configuration Document Vulnerability Assessment Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

When you join Verizon You want more out of a career. A place to share your ideas freely even if theyre daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life. What youll be doing The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Principal Security Architect, you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group. Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible Work with the product development teams to perform security design/code reviews and vulnerability assessment. Provide security guidance to Engineering and Product teams. Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology Contribute to security policy, standards, and guidelines related to Information Security Evaluate and operationalize new technologies for securing the organization Create security user stories and security test cases for products that are tailored to the product attributes and technology Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. What were looking for You'll need to have: Bachelors degree or four or more years of work experience. Experience in cybersecurity. Experience with security requirements analyses, building threat models, performing security design reviews, applying zero trust principles. Knowledge of application security vulnerabilities, secure coding, attack surfaces and countermeasures. Knowledge of S-SDLC, best practices for secure coding, understanding of OWASP Top 10, CIS Top 20 Even better if you have one or more of the following: Understanding of Docker, Kubernetes, container security best practices. Experience with Threat Management and Monitoring tools (like CrowdSrike, GuardDuty, Tenable, CloudTrail, Cloudwatch) and container security tools. Experience with building security and hardening Cloud Containers, Cloud OS, on-premise/cloud storage, like Cassandra, MongoDB, Data Warehouse and Object-Based storage. Hands on experience on security testing like SAST, DAST, SCA and Pen testing Understanding of authentication protocols like OID, OAuth2.0, SAML Hands-on experience in securing software development projects using iOS/Android platforms Familiar with Content Streaming Services Security like DRM, CA (Widevine, Playready, FairPlay) Experience with application programming (C/C++/Java/Kotlin/Swift/JavaScript or any other languages) and the overall software development life cycle. Written and verbal skills for communicating security concepts and solutions. Ability to prioritize between and execute on multiple work streams. Excellent organizational and interpersonal skills. One of more of the following certifications: CISSP, CISM, SANS, CCSK.

Essential Functions: Duties and Responsibilities Take charge of strategic and tactical responsibilities in the team and bring them to completion Investigate and identify the root cause for escalated issues Contribute towards leading and influencing experienced and accomplished software engineers inside and outside of the Fleet and Mobility development team Drive results with clearly defined priorities, effective resource allocation, and communication of goals. Work with customer support to address escalations, participate in the on-call rotation for production issues and escalations, and identify the root cause for escalated issues Perform other duties as assigned. Required Skills/Abilities: 9 years of enterprise software development experience using .Net Core on Linux and Angular in an Agile environment. Practical experience designing, building and maintaining enterprise software at scale in Azure Prior practical Azure SQL DB experience with performance tuning and optimization is required Hands-on experience implementing REST APIs (with .Net Core on Linux) Experience with Docker: creation, deployment, lifecycle, debugging and AKS Excellent written & oral communication and interpersonal skills and ability to create and maintain technical documentation Practical development experience working on integrations with payment processing vendors. Highly independent and able to effectively self-organize and prioritize work Strong creative logical problem-solving skills required Strong planning, organizing, and coordinating skills required Strong verbal and written English skillsIt is an added bonus if you have Experience using the latest software tools including JIRA, Confluence, Azure DevOps, Azure CI/CD Experience with payment (i.e. commercial cards), fintech, or B2B services Working in a PCI compliant environment Experience working with mobile project Mentality to Automate Everything within a software project and bring modern ways of automating test execution and delivering components to Production Previous experience collaborating with a security team to address results of SAST, DAST, SCA Education: Bachelors degree in a related field. Equivalent combination of education and experience will be considered

About the Role You will be joining our Application Development team managing the cyber security, infrastructure, and pipelines. You will work in a challenging, consumer-facing problem space, where you can make an immediate impact. You will get to work with the latest technologies, learn to use new tools and get the opportunity to have your say in the final product. Youll work alongside a great team in an open, collaborative environment. We are part of Vimo, a well-funded, stable mid-size company with excellent salaries, medical coverage, and perks. Vimo is an Equal Opportunity Employer. We are bringing modern technologies such as microservice based architecture, Kubernetes, cloud native development to the field of Health and Human Services in the Public Sector. Towards this, we are looking for multifaceted, multi-skilled cyber security experts who can help build out and enhance our platform while adopting many of these technologies. Senior Cyber Security Engineer Responsibilities: Collaborate with cross-functional teams to integrate security practices into the software development lifecycle. Must have one of the following certificates: CEH, Security+, or equivalent. Defines best practices, performs software security architecture, and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms. Supports development of technical security safeguards to protect information systems from intentional or accidental access/destruction Liaison between development teams and stakeholders to understand and formulate security requirements Defines, maintains, and enforces application security best practices. Conduct pen test assessment and manual/automated code reviews Demonstrate vulnerabilities to application owners and provide mitigation recommendations Experience with SAST, DAST, and OSA tools. Performs and conducts penetration tests and manual/automated code reviews Experience with any programming language like Java, .NET, C#, etc. Knowledge about Secure Coding best practices and OWASP top 10, SANS 25, CVE, etc. Identify AppSec related tools/conduct tool analysis, and provide recommendations Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support Conduct regular security assessments and vulnerability scans on applications and infrastructure. Implement and manage security tools, such as static code analysis, dynamic application security testing (DAST), and container scanning. Automate security testing and monitoring processes to identify and remediate vulnerabilities. Maintain and improve security policies, procedures, and standards. Participate in incident response and root cause analysis. Provide guidance and training to development and operations teams on security best practices. Stay current with industry trends, emerging threats, and best practices in DevSecOps. Working in close collaboration with multi-functional teams Collaborate with clients and internal staff. Function within a team and be a self-directed individual contributor. Requirements & Qualifications: Degree in Computer Science or related field (Master / Bachelor level); Experience 7+ years Knowledge of Prisma cloud, SIEM, SOC, Nesus, Crowd strike, IDS/IPS, WAF, or similar services. Familiarity with API Security, Container Security, AWS Cloud Security. Knowledge of HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes. Familiarity with Amazon AWS policy, configuration, and security management tools. Experience with security automation. Proven experience in software development and scripting (e.g., Python, Bash, PowerShell). Strong knowledge of DevOps and CI/CD concepts. Familiarity with cloud platforms (e.g., AWS, Azure, GCP). Experience with containerization and orchestration (e.g., Docker, Kubernetes). Knowledge of security frameworks and standards (e.g., OWASP, NIST). Understanding of encryption, authentication, and access control. Certifications such as CISM, CISSP, or Certified DevSecOps Engineer (CDSE) is a plus. Excellent problem-solving and communication skills. Strong attention to detail and a proactive mindset. Additional Experience We Would Love to Have Background in design and development of Technology for Government Health and Human Services Experience with design and development of SaaS solutions

Qualifications and Skills: Company Secretary (CS) qualifications and Bachelor's degree in Law (LLB - preferable) 5 - 10 years of relevant work experience in a corporate legal or compliance role. In-depth knowledge of Indian corporate and commercial laws, including the Companies Act, SEBI SAST, FEMA, Lodr. Proven experience in handling regulatory compliance, corporate governance, and statutory filings. Excellent communication skills (both written and verbal) and a sharp analytical mindset. Ability to work independently while effectively collaborating with cross-functional teams. Strong proficiency in MS Office (Word, Excel, PowerPoint) and legal research databases. Role & responsibilities Legal Advisory and Compliance Provide in-depth legal advice and support to various departments, including corporate finance, mergers and acquisitions, regulatory compliance, and dispute resolution. Ensure compliance with all applicable laws, regulations, and industry standards, especially relating to RBI, SEBI, and MCA. Draft, review, and negotiate legal documents, such as contracts, agreements, resolutions, and legal opinions. Conduct thorough legal research and analysis of relevant laws, regulations, and case precedents to inform business decisions. Corporate Governance and Regulatory Filings Advise on corporate governance matters, ensuring the company adheres to best practices. Prepare and organize Board and General Meetings, drafting agendas, minutes, and ensuring timely submission of related documents. Manage all regulatory filings with statutory bodies like the Ministry of Corporate Affairs (MCA), Registrar of Companies (ROC), and Reserve Bank of India (RBI). Ensure compliance with corporate governance reports, statutory filings, and secretarial audits. Litigation and External Counsel Management Represent the company in legal proceedings, including arbitration, mediation, and litigation. Manage relationships with external legal counsel, ensuring alignment with company objectives and legal strategies. Stakeholder Collaboration and Process Improvement Work closely with internal and external stakeholders to align on compliance and regulatory goals. Provide guidance on legal matters and governance principles to internal teams and senior management. Identify opportunities for legal and compliance process improvements and implement strategic initiatives for compliance excellence. Statutory and Corporate Law Management Ensure statutory compliance, including conducting audits and adhering to MOA & AOA requirements. Maintain statutory books and prepare key documents, such as the Directors Report and Annual Return, ensuring legal accuracy and compliance. Process Management and Simplification Lead the development and execution of accurate, efficient legal processes aligned with corporate laws. Simplify and enforce legal and compliance policies across the organization, ensuring best practices are consistently followed. Corporate Transactions and Share Management Handle corporate restructuring, incorporation of firms, and management of joint ventures. Oversee share issuance, transfers, and allotments, including preferential allotment and dividends. Draft notices, agendas, and resolutions for Board and Committee meetings, ensuring all statutory requirements are met. Reporting and Documentation Prepare search reports, due diligence reports, and statutory reports in a timely manner. Maintain and update statutory books, balance sheets, and profit & loss accounts, ensuring compliance with XBRL reporting requirements. Preferred candidate profile Previous experience handling legal matters for BFSIs or financial institutions is highly desirable. Hands-on experience with regulatory frameworks governing BFSIs, particularly RBI regulations. Familiarity with legal due diligence, mergers and acquisitions, and fundraising transactions is a plus. Perks and benefits Opportunity to work in a dynamic, high-growth environment. Exposure to a wide range of legal matters, fostering career growth and development opportunities. This job opening is for a listed company with a common promoter.

Cloud Infra Engineer: Design and implement scalable, secure, and cost-effective cloud infrastructure solutions using Azure. Develop and maintain architecture blueprints, reference models, and design patterns for Azure cloud solutions. Collaborate with stakeholders to understand business requirements and translate them into technical specifications. Lead the deployment and migration of applications to the Azure cloud environment. Automate infrastructure deployment using Infrastructure as Code (IaC) tools such as ARM templates, Terraform, or Azure Blueprints. Ensure compliance with industry standards and best practices during implementation. Implement security best practices for Azure infrastructure, including identity and access management, network security, data protection, and monitoring. Monitor and manage security incidents and vulnerabilities within the Azure environment. Ensure compliance with relevant regulations and organizational policies. Optimize Azure resources for performance, cost, and reliability. Set up and manage monitoring and alerting systems using Azure Monitor, Application Insights, and Log Analytics. Conduct performance tuning and capacity planning for cloud resources. Provide expert-level troubleshooting and support for Azure infrastructure issues. Serve as the primary point of contact for Azure-related issues and escalations. Collaborate with cross-functional teams, including development, operations, and security, to ensure seamless integration of cloud solutions. Contribute to the strategic planning of cloud initiatives, aligning with organizational goals. Identify opportunities for innovation and improvement in cloud infrastructure and service delivery. Technical Skills: Expertise in Azure services, including Compute, Storage, Networking, Security, and Identity Management. Proficiency in scripting and automation using PowerShell, Azure CLI, or similar tools. Proficiency with IaC (Terraform/Bicep) Experience with CI/CD pipelines, DevOps practices, and tools like Azure DevOps. Strong understanding of networking concepts, VPNs, ExpressRoute, and load balancers. Familiarity with containerization technologies such as Docker and Kubernetes. Cloud DevOps Engineer: Build and manage CI/CD pipelines using Azure DevOps for efficient software delivery. Implement containerization and orchestration solutions using Docker, Kubernetes, and AKS. Configure and manage networking, security, and monitoring components within the cloud infrastructure. Develop and maintain data pipelines using Azure Data Factory and Databricks.. Design and deploy highly available, scalable, and secure cloud infrastructure on Azure using industry best practices and frameworks such as WAF and CAF. Ensure adherence to cloud governance policies, cost optimization, and security best practices. Technical Skills: Expertise in Docker, Docker Compose, Kubernetes, and AKS. Experience with Prometheus, ElasticSearch, Grafana, Loki, and Dynatrace. Knowledge of Istio, Linkerd, Kong Mesh, NGINX, Traefik, and Kong ingress controllers. Understanding of networking concepts related to container orchestration and microservices. Proficiency in Azure infrastructure components (VMs, Storage Accounts, Networking, etc.). Experience with Azure DevOps, CI/CD pipelines, and artifact repositories. Knowledge of build and test systems (CMake, Makefile, cmocka, Maven, MS Build, NPM, SCA). Understanding of Azure Policy, RBAC, cost management, monitoring, and alerting. Strong knowledge of DevSecOps practices and WAF/CAF application. • Proficiency in Python, Golang, Shell, and Bash scripting. Cloud Migration Engineer: Migration Planning skills in Assessing current infrastructure, applications, and data to determine migration readiness. Develop detailed migration strategies and plans, including timelines, resource requirements, and risk management. Collaborate with stakeholders to define migration objectives and success criteria. Conduct a thorough assessment of existing environments, including hardware, software, and network configurations. Identify dependencies and potential challenges related to migration. Perform a cost analysis and create a migration budget based on Azure pricing. Lead the migration of workloads to Azure using tools such as Azure Migrate, Azure Site Recovery, and third-party solutions. Ensure data integrity and security during the migration process. Perform data and application validation post-migration to ensure successful transition. Develop and utilize automation scripts and tools to streamline migration tasks and reduce manual effort. Good to have - Implement Infrastructure as Code (IaC) practices using tools like ARM templates, Terraform, or Azure DevOps. Automate post-migration activities such as performance tuning and resource optimization. Optimize migrated resources for performance, cost, and reliability in the Azure environment. Troubleshoot and resolve migration-related issues in real-time, ensuring minimal disruption to business operations. Monitor migrated systems to ensure they meet performance and availability SLAs. Document the migration process, including architecture diagrams, configurations, and lessons learned. Create and maintain runbooks and operational guides for post-migration support. Ensure that migration processes adhere to organizational security policies and compliance requirements. Implement security best practices during the migration, such as encryption, identity management, and access controls. Perform security assessments and audits post-migration to ensure ongoing compliance. Transfer knowledge of migration tools, best practices, and potential challenges to other team members. Stay updated on the latest Azure migration tools, techniques, and best practices. Provide post-migration support to address any issues or optimization needs that arise. Collaborate with the operations team to ensure a smooth handover and ongoing support of the Azure environment. Conduct post-migration reviews to evaluate success and identify areas for improvement. Proven experience with large-scale migration projects, including data center to cloud and application migrations. Technical Skills: Expertise in Azure services, including Virtual Machines, Storage, Networking, and Security. Proficiency with Azure migration tools such as Azure Migrate, Azure Site Recovery, and Azure Database Migration Service. Proficiency in Migration methods like Rehost, Rebuild, Re-platform and Rearchitect. Strong understanding of networking concepts (UDRs, Private DNS resolvers and DNS forwarding's), VPNs(S2S and P2S), ExpressRoute, and load balancers. Proficiency in Azure Monitor, Application insights, Azure KQL and Network Insights. Experience with scripting and automation using PowerShell, Azure CLI, or similar tools. Familiarity with database migration tools and methodologies. About Neudesic Passion for technology drives us, but its innovation that defines us. From design to development and support to management, Neudesic offers decades of experience, proven frameworks, and a disciplined approach to quickly deliver reliable, quality solutions that help our customers go to market faster. What sets us apart from the rest is an amazing collection of people who live and lead with our core values. We believe that everyone should be Passionate about what they do, Disciplined to the core, Innovative by nature, committed to a Team and conduct themselves with Integrity. If these attributes mean something to you - we'd like to hear from you. Neudesic is an Equal Opportunity Employer Neudesic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by local laws. Neudesic is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organization. Neudesic will be the hiring entity. By proceeding with this application, you understand that Neudesic will share your personal information with other IBM companies involved in your recruitment process, wherever these are located. More Information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here: https://www.ibm.com/us-en/privacy?lnk=flg-priv-usen

IMMEDIATE JOINERS Job Title: Devsecops (Asp.Net + Azure DevOps) Location :Bangalore, Mumbai India Hiring Work Mode: Hybrid JOB DESCRIPTION DevSecOps Overall 6* years of experience Strong knowledge of ASP.NET Web Forms, Windows services, C# and SQL Server 2008. Hands-on experience on Azure DevOps, CICD Pipeline and working with DevOps based deployments. Very strong fundamentals on .Net Framework 4.x and above Strong understanding and application in C# and .Net enterprise patterns and usage of Microsoft Enterprise Library Experience on WebAPI, WCF, Microsoft reporting tool (RDL) SSRS Basic knowledge of HTML, CSS3 Good understanding of IIS configuration Good expertise in SQL design (normalization, index design, data modeling) and programming (stored procs, functions), with development Good debugging/troubleshooting skill on both front end and back end Experience of writing & optimizing queries that access/process millions of records Good communication skills verbal/written Designing and implementing DevSecOps tests: SAST, DAST Supporting DevOps operations by integrating developed SAST and DAST tests into CI/CD pipeline builds Creating and managing CI/CD pipelines using Azure DevOps Continuous Integration & Continuous Deployment with Security mindset and focus. Leveraging DevSecOps principles, designs and implementing Security solutions based on these Performing DevSecOps maturity assessments Working as security champion for application development teams. Nice to Have Exposure to Agile methodology Exposure to Banking domain Exposure to Build and Release/Deployment Ashwini HR - Talent Acquisition Bangalore, India +91 7349259313 Aswiniv@quinnox.com

Job Purpose • Experience band of 5-8 years • Design and develop web applications, system applications, observability independently • Follows industry trends in platform engineering space • Handles security best practices on authentication & authorization best practices • Good with general scripting usage to solve pipeline and automation problems • Maintains and improves codebase, CI/CD pipelines • Mentor Juniors in the team & provide visibility on deliverables to leadership on need basis Job Responsibilities: Develop frontend in frameworks like Vue/React/NextJs/Svelte Develop frontend in frameworks like Vue/React/NextJs/Svelte Have experience working with any SQL, NoSQL and/or NewSQL based databases like MySQL, Postgres, YugaByte, Aerospike Have experience working with Ci/CD pipelines, SAST/DAST/SCA tools in the pipeline Have experience working in containerized environments like Kubernetes Have experience working on Messaging systems like PubSub/Kafka/Solace Have scripting experience in Bash for automating tasks Mentor Juniors and command best practices for the team in terms of design & implementation of various software artifacts Actionable ; Need experience on any one frameworks from the listed one for atleast 3-4 years. Need experience on the mentioned backend tech for atleast 3-4 years Need experience on the mentioned backend tech for atleast 3-4 years. Need experience on the mentioned backend tech for atleast 1-3 years. Need experience on the mentioned backend tech for atleast 1-3 years. Need experience on the mentioned backend tech for atleast 2 -4 years Need experience on the mentioned backend tech for atleast 3-5 years. Need experience on the mentioned backend tech for atleast 2-4 years.