157 Sast Jobs - Page 7

Dear Candidate, We are hiring an Application Security Developer to integrate security into software development. Ideal for developers who understand both coding and security risks. Key Responsibilities: Perform secure code reviews and static analysis Implement security features in web and mobile applications Collaborate with DevOps to automate security in CI/CD Conduct developer training on secure coding Required Skills & Qualifications: Experience with static/dynamic analysis tools (SonarQube, Checkmarx) Knowledge of web security standards (OWASP, CWE) Strong programming skills (Java, Python, JavaScript) Bonus: Familiarity with DevSecOps practices Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Dear Candidate, We are hiring a Security Engineer to design and implement secure systems across cloud and application environments. Ideal for engineers excited about threat modeling and proactive defense. Key Responsibilities: Perform security assessments and code reviews Develop security policies and incident response procedures Implement security controls in cloud and on-prem environments Monitor for vulnerabilities and recommend mitigation Required Skills & Qualifications: Knowledge of OWASP Top 10, secure coding practices Experience with SIEM, IDS/IPS, and vulnerability scanners Familiarity with cloud security (AWS, Azure, GCP) Bonus: Certifications (CISSP, CEH, OSCP) Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. 1. Web Application Security Assessment 2. Mobile Application Security Assessment 3. API Security Assessment 4. Network Vulnerability Assessment & Penetration Testing 5. Understanding vulnerabilities in depth, along with mitigating them - Experience: 2-4 years - Relevant certifications are an advantage - Notice Period: 30 days - Job Location: Navi Mumbai - Work Mode: Work from Office We are looking for immediate Joiner Only

About the Opportunity Job TypePermanent Application Deadline31 May 2025 About The Role Title Technical Analyst Application Security Department Global Cyber & Information Security Location Bengaluru, India Reports To Senior Technical Consultant - Application Security Level Security Analyst -2 Were proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our GCIS - Application Security team and feel like youre part of something bigger. Department / Team Description The Global Cyber & Information Security (GCIS) department is a part of the Global Technology department. The Technology function globally provides IT services to the Fidelity International business. These include development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Applications, and Infrastructure services that the FIL relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. About role As Technical Analyst, one would be responsible to understand technical and architectural implementation. Use this understanding to conduct the Design, Code review and Penetration Testing. The role will involve working closely with development groups to securely design, develop and implement services and components. This role demands interaction with development groups, Enterprise Architecture, Information Security Officer (ISO) and vendors. Aim is to ensure applications are compliant with FIL Information Security Standards. The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology, implementation, adoption and problem solving. The candidate shall display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. Key Responsibilities Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Code Review, Software Composition Analysis, Penetration testing (Ethical Hacking), Vendor Risk Assessment. Liaise with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed. Understand the business requirements, evaluate potential products / solutions and provide technical recommendations. Be hands on with technology and to contribute to the design, development and support of projects with the Security recommendations. Review design and development artefacts to ensure security quality in the products being developed. Evolve security review processes in accordance with Information Security Standards and market best practices. Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards. Experience and Qualifications Required Must Have 2-3 years of conducting application security assessments i.e. Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment. Knowledge of attack vectors from OWASP, WASC and mitigation of the same, open-source software security assessment tools. Knowledge of web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.). Good understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols Working knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) Working knowledge of executing source code analysers to unearth security vulnerabilities in the source code Run and analyse security Penetration testing and pinpoint security issues and suggest mitigations. Capable of understanding end user requirements from security perspective Sound business and technical acumen Good to Have Excellent problem-solving and critical-thinking skills Understanding of emerging technologies and corresponding security threats Self-motivated, flexible, with a can do attitude. Feel rewarded For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

Role & responsibilities Job Title: Senior Lead Engineer - Product Cyber Security Years Of Experience: 8-12 Years Role Overview: The Security Sr Lead Engineer/Tech Specialist works with product development teams across all regions globally to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks by ensuring adherence to the integrated secure development lifecycle process, which embodies a secure-by-design defense in depth philosophy. You will be a strong technical expert in matters related to pentesting and cyber controls and will report to a team manager responsible for product architecture review and testing. This role is part of the Product Cyber team (under the Global DT Cyber team) which focuses on continuously improving the cyber posture of products that are often installed in customer's environments. On a typical day you will: Perform DAST, SAST & Pentest for different products Perform Threat Modeling and Architecture reviews for new products and design changes with existing products Handle Product Cyber Incident Response activities and Active contribution to Risk Management Work with product development teams towards secure DevOps activities and CI/CD integration issues with Security tools Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle. Coordinate with quality and product development teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification. Interface with global teams and share best practices and lessons learned Refine and support the standard work associated with product cyber security incident response management Work closely with the product testing teams to validate recommended security controls Continually enhance the capabilities of the Cyber security team: Identification of technology and methodology gaps Participation and leading technical and industry committees Creation of discipline health score card. Work in an environment of continuous improvement and lean process and product development. good to have knowledge in Agile methodologies. Stay updated on latest cyber security hacking news, technologies and methodologies including: The latest attack methodologies include penetration testing and red-team methodologies. Latest forensic and incident response methodologies. Attend security or hacker conferences and stay on the cutting edge What You Will Need to be Successful: Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 8+ years of product cyber security engineering and software systems development experience; at least 4 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment Preferred candidate profile

Job Description Design, develop, troubleshoot and debuSaaS Security Testing Services team is looking for Security Testing and Tools Engineers with various degree of experience in AppSec/Product Security field in Oracle India Development Center under the Oracle SaaS Cloud Security (SCS) organization. Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will get the opportunity to join our efforts to reshape not only future of security testing and automation for Fusion App SaaS Services at Oracle but influence the security testing landscape across all the SaaS offerings. We are seeking hands-on, senior security analyst with the depth and breadth to evaluate complex web applications and technology stacks for security and build/code to address the security threats. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to growing threats to cloud services. SaaS STS team will optimally engage in conducting white box/grey box application security testing - complementing what the development teams do in a more integrated and more coordinated setting through the security automation and tooling. SaaS STS team responsibilities will include implementation of Static Code Analysis, Dynamic App Security Testing/Fuzz Testing, Interactive / manual App security testing, facilitate automation of security verifications in CI/CD pipeline and evidence capturing for compliance audits. This position requires technical security knowledge and Cloud/DevSecOps or product development experience. Career Level - IC4 Responsibilities Job Requirements: MS or equivalent degree in computer science, or equivalent 6+ years of software engineering and technical leadership with proven results in software development, appsec and pen-testing Detailed exposure to web application pen test, forensics and intrusion handling The ideal candidate will have the following skills: Experience in product development or Security QA or penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services preferred Web application pen test, intrusion detection, vulnerability assessment Proficiency with Java, RESTful API, micro-services, Python. Experience in file system and operating system security analysis and attack vector detection Experience in database encryption methods and implementation, DB fuzzing and DB pen test Hands-on expertise on pen-testing of cloud applications and related infrastructure Understanding exploit mechanisms using CVEs for web services and microservices Should have worked on industry standard tools for security BURP, Web Inspect, Qualys, Nessus, REST API fuzzer, SAST tools etc. Ability to work in an agile and continuous software integration model. Security certifications like OSCP, LPT, ECSA, CISSP would be an added advantage Key Responsibilities You will work with Oracle Fusion Apps and other SaaS Services development teams to identify gaps in security testing and implement scalable solutions to improve security testing You will perform appsec and pen-testing of Oracle SaaS applications and infrastructure. You will implement automated security processes and security tooling in CI/CD pipeline. You will work with development teams and provide remediation mentorship to address any security findings You will evaluate and deploy new security tools and technologies to handle constantly evolving security threats landscape and support hyper-scale SaaS growth.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.