3 Sast Tools Jobs

Are you ready to make an impact at DTCC Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. Pay And Benefits Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact You Will Have In This Role Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from exisiting and emerging security risks & improve application risk posture. Your Primary Responsibilities Set up, customize, and maintain SAST tools (e.g., SonarQube, Fortify, Checkmarx, Veracode) to align with project-specific requirements. Perform manual and automated code reviews to identify and advise on secure coding issues. Integrate SAST tools into CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI, etc.) to support shift-left security. Work with development teams to fine-tune SAST rules, reduce false positives, and ensure meaningful results. Assist developers in understanding and fixing security issues by providing actionable feedback. Implement basic security checks for Infrastructure as Code (IaC) and secrets detection in repositories. Collaborate with DevOps teams to ensure security tooling is seamlessly embedded into build and deployment workflows. Qualifications Minimum of 4 years of related experience Bachelor&aposs degree preferred or equivalent experience Talents Needed For Success Fosters a culture where honesty and transparency are expected. Stays current on changes in his/her own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date. Collaborates well within and across teams. Communicates openly with team members and others. Resolves disagreements between colleagues effectively, minimizing the impact on the wider team. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Show more Show less

Security Analyst/ Pen Tester Join us as a Security Analyst at Dedalus , one of the Worlds leading healthcare technology companies, at our team in Chennai, India to do the best work of your career and make a profound impact in providing better care for a healthier planet. LINK TO APPLY : https://tinyurl.com/2x9mn999 What youll achieve As a Security Analyst , you will be part of our highly successful team, utilising your skills for Security Vulnerability Analysis/ Penetration Testing where you will test, assess, exploit & report the security vulnerabilities in the software application, infrastructure and provide recommendations for the suitable solution/ remedy. Working with an extended highly skilled team, you will be making a profound impact throughout the healthcare sector. You will: Security Vulnerability Analysis/ Threat Modelling & Risk Assessment Executing static code review using automated SAST tools & False Positive Analysis Performing dynamic testing (DAST) using automated tools like Burp-suite, Invicti/ Nessus Manual Penetration Testing and Ethical Hacking technics to exploit vulnerabilities Prepare assessment & validation report on the vulnerabilities & risks with impact, artifacts, recommended solution/ mitigation and POCs Explain threats & present assessment reports to Developer/ Architect community Take the next step towards your dream career. At Dedalus Life flows through our software. Every day we do something special by helping caregivers and health professionals deliver better care to their served communities. Take the next step in your career that will make a profound impact. Here’s what you’ll need to succeed: Essential Requirements: Minimum four-year experience in security vulnerability analysis and Pen testing (VAPT) on cloud services, web products/ enterprise applications. Ability to execute Appsec tools; Mandatory to know industry standard tools like – Burp-suite, Invicti & Fortify (or any SAST tool), Cloud-Native tools and open-source tools like - Kali, Nmap, Wireshark, Metasploit, ZAP, Echo Mirage. Technical Knowledge on SDLC and implementation essentials of various application types - Desktop, Web, API, Mobile (Hybrid/ Native) & Cloud (AWS, Azure, or GCP). Ability to understand & review Java or .NET (must have), Angular (nice to have) code with respect to security vulnerability. Clear understanding on OWASP, GDPR/ ISO Security standards. Exposure to DevAppSec automation & scripting is preferred. Valid Certification in VAPT/ Ethical Hacking in Mobile /Web /Cloud security is must. Knowledge of AI tools & securing Docker containers like Kubernetes are advantages. Understanding of real world threats & data protection acts are preferred We are Dedalus, come join us Dedalus is committed to providing an engaging, rewarding work experience that reflects the passion our employees bring to our mission of helping clinicians and nurses deliver better care to their served communities. Our company fosters a culture where employees are encouraged to learn and innovate, and to enable and enhance clinical co-operation and processes while making a meaningful difference for millions of people around the world. Each person is the end point and the starting point of the Group’s activities and the ultimate beneficiary. For this reason, we are so proud of doing our very special jobs each day. Our company is enriched by a diverse population of 7,600 people in more than 40 countries that work together to innovate and drive better healthcare options for millions of patients around the world. We are the people of Dedalus. Application Closing date: 18th August 2025 Our Diversity & Inclusion Commitment sets out Dedalus’ approach to ensuring respect, inclusion and success for all our colleagues and the wider communities we operate in. It is imperative for us to share our commitment and dedication to ensure an inclusive and diverse workplace. We recognise that we have improvements to make and on this journey, we must remain authentic and realistic but also ambitious. Our diversity & inclusion commitment – Dedalus Global Life Flows Through Our Software

Manage a team of DevSecOps security analysts and implementation engineers Implement DevSecOps tools in all product dev environments Follow up with staff members to ensure completion of security-related tasks Manage and maintain Security health check of the integrated automation. Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs. Analyze the implementation needs and provide effort estimation to the users Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality. Liaise with development and infra teams to get the defect resolutions Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge. Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned Maintaining hardware and software deployment and POC planning 3+ years of experience in leading a team (team of security analysts is preferrable) 5+ years of relevant experience in information Security DevSecOps Total experience - 6-8 years Extensive expertise in Application security and security architecture area. Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz) Expertise in Security code reviews and onboarding process for managing false positives 5+ years experience in FOSS security issues and security hardening (CIS benchmarks) 3+ years experience in setting up continuous integration and continuous delivery systems 2-3 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts Great Communication skills - (Ability to communicate with a Developer, a Manager or Director level). Project Management Skills 2-3 years basic understanding of Cloud Platforms BS in Computer Science, or equivalent Working in Agile/Scrum team Nice to have: Familiarity with REST Services, Service Oriented Systems and Micro-services architecture Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh) Knowledge in distributed systems, software and network security preferred. Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. 2+years of experience on docker /k8S