32 Sca Jobs

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

Join us as an Application Security Consultant at Barclays, where you will play a key role in supporting the successful delivery of Location Strategy projects while adhering to plan, budget, agreed quality, and governance standards. You will be at the forefront of evolving our digital landscape, driving innovation, and ensuring excellence in our digital offerings to provide unparalleled customer experiences. To excel in this role, you should possess a strong understanding of CVEs, CWEs, and their impact on applications. Additionally, you must have in-depth knowledge of various AppSec technologies such as SAST, DAST, SCA, IAST, and RASP. Proficiency in at least one programming language and framework, as well as experience in writing scripts in languages like Python and JavaScript, are essential skills for this position. Desirable skill sets to have include the ability to showcase expertise in low-level technical topics, such as native development on any platform, and experience with languages used in modern mobile development like Java+JNI, Objective C, and Swift. Familiarity with concepts like reverse engineering, assembly, and mobile code hardening techniques will be beneficial. Furthermore, the ability to replicate vulnerabilities in a lab environment is a plus. As an Application Security Consultant, you will be based in Pune and will be responsible for supporting various business areas with day-to-day tasks, including processing, reviewing, reporting, trading, and issue resolution. You will collaborate with teams across the bank to align operational processes, identify areas for improvement, and implement operational procedures and controls to mitigate risks while maintaining efficiency. In this role, you will also develop reports and presentations on operational performance, identify industry trends, and participate in projects to enhance operational efficiency. As an Assistant Vice President, you will consult on complex issues, advise People Leaders on escalated matters, and contribute to risk mitigation and policy development. You will take ownership of managing risk, collaborate with other business areas, and engage in data analysis to creatively solve problems and communicate complex information effectively. Your role will also involve influencing stakeholders to achieve desired outcomes. All colleagues at Barclays are expected to embody the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as the Barclays Mindset of Empower, Challenge, and Drive. Your commitment to these values and mindset will serve as our moral compass and guide our behavior within the organization.,

We are seeking a highly skilled and proactive Senior Consultant to implement security-as-code principles and automate security controls within CI/CD pipelines at Inspira Enterprise India. In this role, you will be instrumental in conducting secure code reviews, assisting developers in adopting secure coding practices, and deploying and managing a suite of security tools to enhance our overall security posture. Roles and Responsibilities: Implement security-as-code principles to embed security practices directly into the development workflow. Automate security controls within Continuous Integration/Continuous Delivery (CI/CD) pipelines to ensure continuous security validation. Conduct thorough secure code reviews to identify vulnerabilities and provide actionable feedback to development teams. Assist and guide developers in adopting and implementing secure coding practices. Deploy and manage various security tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and container security solutions. Skills Requirement: Proven experience in implementing security-as-code principles. Expertise in automating security controls within CI/CD pipelines. Strong experience in conducting secure code reviews. Ability to guide and assist developers in secure coding practices. Hands-on experience with deploying and managing security tools such as SAST, DAST, SCA, IAST, and container security solutions. QUALIFICATION: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

As an IT Security Senior Analyst, you will be responsible for performing penetration testing (PT), SAST, and articulating findings in an easily comprehensible manner to asset owners. Collaborative skills are essential for this role. Your key responsibilities will include building a Secure Development Lifecycle (SDLC) by embedding SAST, SCA, DAST, and penetration testing into the development pipeline. You will conduct penetration testing of various component types such as web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Additionally, you will run SAST & DAST scans, analyze tool results, provide remediation support, and review open-source components. It will be your responsibility to assess, report, and close identified vulnerabilities and validate issues as part of the responsible disclosure program. You will be required to provide status reports to the PT Service owner and other stakeholders related to key metrics, risk indicators, trending, and compliance. Furthermore, you will analyze security assessment results and threat feeds to appropriately react to security weaknesses or vulnerabilities. Supporting the Automation of Vulnerability Management program to achieve efficiency and effectiveness, as well as configuring and maintaining regular and ad-hoc vulnerability scans using SAST & DAST tools against internal and external applications are also part of your role. To be successful in this position, you should have a minimum of 1.5 years of experience in performing penetration testing of web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Experience working with SAST & DAST programs, developing and communicating SDLC processes, and performing manual source code reviews is required. Proficiency in using tools like Burp Suite and exposure to platforms such as Veracode, Acunetix, Kali Linux, and Android Studio (AVD) are preferred. A good understanding of Windows, Linux, Active Directory, and networking protocols is also necessary.,

Job Description Strategy is a pioneering organization dedicated to transforming businesses into intelligent enterprises through data-driven innovation. As a market leader in enterprise analytics and mobility software, we have revolutionized the BI and analytics space, empowering individuals to make informed decisions and reshaping the operational landscape of businesses. Additionally, Strategy is at the forefront of a groundbreaking shift in treasury reserve strategy by boldly adopting Bitcoin as a key asset, solidifying our position as an innovative force in the market. Join us in our mission to redefine financial investment and push the boundaries of analytics. At Strategy, we value our people as the cornerstone of our success. Join a team of smart, creative minds engaged in dynamic projects with cutting-edge technologies. Our corporate values bold, agile, engaged, impactful, and united form the foundation of our culture. As we navigate the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued. Become a part of an organization that thrives on innovation and challenges the status quo every day. Job Location: Pune, India (Full-time in person from Strategy Office, European Hours) Join Strategy's IT Security group as a Senior Application Security Engineer and play a pivotal role in safeguarding Strategy's software applications using modern security and AI tools. In this role, you will be responsible for implementing innovative security practices throughout the software development lifecycle to ensure the resilience of our software products against emerging threats and vulnerabilities. Your responsibilities will include: - Designing and implementing application security architecture and processes aligned with industry best practices and regulatory requirements. - Managing a risk-balanced Secure Software Development Life Cycle (SDLC) by incorporating threat modeling, secure code reviews, and security testing. - Identifying, triaging, and remediating security vulnerabilities through various security testing tools. - Performing advanced penetration testing and red teaming across web, mobile, and cloud applications. - Analyzing source code and providing security recommendations to developers to ensure adherence to secure coding best practices. - Leading and enhancing DevSecOps initiatives by integrating security automation within CI/CD pipelines. - Leading security incident response related to applications and collaborating with engineering teams for effective threat remediation. - Developing and leading customized security training programs for engineering teams. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field. - Minimum 5 years of software development or software security experience in an agile environment. - Hands-on experience with various security testing tools. - Deep knowledge of API security, containerized applications, AI/ML security risks, and infrastructure as code security. - Fluent in programming languages such as Python, Java, JavaScript. - Strong understanding of secure coding principles, application security frameworks, and security standards. - Experience with cloud security best practices in AWS, Azure, or GCP. - Strong interpersonal skills and ability to collaborate effectively with technical and non-technical stakeholders. - Experience mentoring junior engineers and leading security champions within development teams. Join Strategy and be a part of an organization that values innovation, excellence, and collaboration in shaping the future of analytics and financial investment.,

The role of an Application (software) Security Engineer is an entry-level, hands-on, engineering-focused position with the responsibility of fostering a Secure SDLC and secure by design approach and practice across all software engineering teams. You must possess a good combination of problem-solving and communication skills to effectively support the Application Security, InfoSec, and Software engineering teams. Your main responsibilities will include configuring and fine-tuning Application Security tests and vulnerability scans, integrating security testing into CI/CD pipelines, and collaborating with Senior Application Security engineers on Penetration tests set up and validation. Additionally, you will be expected to document and update processes and procedures, conduct research and consultations with colleagues, deliver secure software development training such as OWASP Top10, and collaborate with Security Analysts on software vulnerabilities and security issues. This will involve determining scope, severity, and potential impact of security issues, recommending next steps, and following through with risk treatment and mitigation. You will also be required to appropriately escalate issues to various teams and levels of authority within the organization. To qualify for this role, you must have a Bachelor's degree in a relevant business or technical discipline, along with a minimum of 3 years of relevant work experience. Demonstrated knowledge of application security concepts, best practices, and methods is essential, as well as experience with various application security tools including SAST, SCA, and DAST. Experience with Web Application security testing like Web Pentesting, Fuzzing, and Automated tests is also required. Ideally, you will also have experience securing cloud infrastructure and cloud applications, working knowledge of various architectures and design patterns, ability to code in at least one programming language (such as python, javascript, or go), familiarity with AWS native security tools, and knowledge of current and emerging security technologies and threats. Experience with threat analysis methodologies and tools, developer tools, project management, bug tracking systems, and integrating security tools into CI/CD pipelines would be considered advantageous for this role. This is a challenging yet rewarding opportunity for an individual with a passion for application security and a drive to contribute to the implementation of secure software practices within a dynamic organization.,

Role & responsibilities Perform vulnerability assessments using tools like SAST, DAST, SCA, and manual techniques. Should have hands-on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Check marx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux, etc. Conduct technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them. Manage and improve application security tools (e.g., Check marx, Veracode, Fortify, Burp Suite, OWASP ZAP). Participate in incident response and forensics in the event of a security breach involving application layer components. Contact Person: Divya R Email ID: rdivya@gojobs.biz

Preparing detail loan proposal document, financial and credit Analysis, Co ord with Banks & NBFCs SCA/CMA/CA Finalist/CMA for writing Project loan Proposals Account Finalization

Responsibilities : Conduct security assessments for web, Android, and iOS applications. Identify and remediate vulnerabilities across the platform such java and java script Promote a security-first culture and drive security integration in the SDLC. Maintain and update security policies, standards, and procedures. Support ISMS design, implementation, and maintenance. Assist with ISO 27001 and PCI DSS certification and audits. Manage third-party risk programs, including vendor assessments and ongoing monitoring. Maintain vendor risk register and track remediation actions. Collaborate with internal teams to prepare for audits and ensure compliance. Adapt to new technologies, languages, and frameworks as needed. Requirements : Minimum 3 years of experience in Application Security. CEH and OSCP Certification Strong knowledge of security frameworks - Owasp top10 , secure coding, and threat modeling. Deep understanding of SDLC application security threats (e.g., XSS, SQL Injection, CSRF, buffer overflows, business logic flaws, brute force). Strong understanding of Java, Java script and python Experience with security tools (Static Code Analysis, DAST, Penetration Testing) Hands-on experience with security assessments in microservice architectures. Familiarity with authentication flows, payment gateway integration, and business logic security. Experience supporting ISO 27001 and PCI DSS compliance. Ability to work independently in a fast-paced environment. Passionate and practical approach to security challenges Strong Problem Solving and analytical skills. Accustomed to dealing with ambiguity in a fast-paced environment Proven ability to collaborate successfully across cross functions..

Key Responsibilities: Hands on knowledge of Security testing methodologies like OWASP Top 10 SANS 25 etc Ability to perform automated and manual hands on penetration security testing e g DAST SAST and SCA identifying security risks within applications cloud infrastructure security controls and Network systems Experience with penetration testing tools e g Burp Extensive knowledge of attack payloads for discovering security vulnerabilities Plan execute and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web Thin and Thick Client Mobile and APIs Should have good and effective communication skills in English Oral and written Technical Requirements: The successful candidate must be highly motivated fast learner flexible willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements Exposure to scripting languages e g Shell Knowledge on DevSecOps Preferred Skills: Technology->Security Testing->Security Testing - ALL

Role Overview The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively. Key Responsibilities 1. SAST & SCA Strategy and Implementation Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications. Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, Black Duck) into CI/CD pipelines. Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities. 2. Vulnerability Management & Risk Mitigation Oversee the assessment, triage, and remediation of vulnerabilities identified through SAST & SCA scans. Establish risk-based prioritization for vulnerabilities, collaborating with development teams for timely fixes. Ensure compliance with industry standards (OWASP, NIST, ISO 27001, PCI-DSS) and internal security policies. 3. Collaboration & Stakeholder Management Work closely with development, DevOps, and security teams to promote secure coding practices Collaborate with third-party vendors for security tool management and support Present vulnerability trends, remediation progress, and risk insights to senior leadership and risk committees. 4. Governance, Training & Awareness Develop and enhance secure coding guidelines and best practices for development teams. Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices. Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs. Qualifications & Experience 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security**, with a strong focus on SAST and SCA. Deep understanding of secure SDLC, DevSecOps, and CI/CD integration. Hands-on experience with **SAST & SCA tools** (Fortify, Veracode, Checkmarx, Snyk, Black Duck, SonarQube, etc.) Strong knowledge of **secure coding practices**, vulnerability remediation, and risk management Comprehensive Experience with **programming languages** (Java, .NET, Python, JavaScript) and their security implications Able to write secure code Experience in **regulatory compliance** frameworks (OWASP Top 10, NIST, ISO 27001, PCI-DSS, RBI Guidelines) Strong leadership and stakeholder management skills Certifications preferred:** CISSP, OSWE, OSCP, CSSLP or any relevant security certification

My profile - linkedin.com/in/yashsharma1608 only those who can come walkin on 5th july - banglore Role - Android Developer (Kotlin programming) Experience - 6+ Years Client - MBRDI Location- Bangalore [on-site] Budget - 13L [Max] Job Description: (Kotlin Programming)" "Kotlin Programming: Strong experience in Kotlin, specifically for Android development. Static Code Analysis (SCA): Hands-on experience with SonarQube, including writing custom rules and plugins. SCA Framework Development: Ability to design and maintain a scalable SCA framework tailored for Android projects. Automotive Compliance Standards: * Understanding of MISRA guidelines (adapted for Kotlin). * Familiarity with ISO 26262 (functional safety). * Knowledge of ASPICE process compliance. Governance Rule Definition: Ability to define and enforce coding standards and quality gates. CI/CD Integration: Experience integrating SCA tools into CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions)." "Secure Coding Practices: Awareness of CERT and OWASP guidelines for secure software development. Code Quality Metrics: Understanding of code smells, technical debt, and maintainability indices. Cross-functional Collaboration: Ability to work with DevOps, QA, and development teams to ensure compliance and quality. Documentation & Reporting: Experience in documenting rules, compliance reports, and audit trails. Tool Customization: Ability to extend or tailor SonarQube plugins for domain-specific needs."

Coffee Roaster @ Nagpur 1yr+ experience in coffee roasting (light/medium/dark), cupping, sensory, analysis 15-35kpm Applicant will be trained and guided by SCA Certified Trainer on job Call SNEHA @ 9175447859 SPOT OFFERS! APPLY NOW!!!

About the role As a Software Composition Analysis Specialist, you will play a crucial role in ensuring the integrity, security, and compliance of software components used in our projects. Your responsibilities will include identifying and mitigating vulnerabilities, ensuring adherence to licensing requirements, and promoting best practices for secure software development. Key Responsibilities Component Analysis Conduct thorough analysis of software components to identify vulnerabilities and potential security risks. Evaluate open source and third-party libraries for their impact on overall system security. License Compliance Assess software components for compliance with licensing agreements. Provide guidance on licensing implications and ensure adherence to legal requirements. Tool Utilization Utilize industry-standard Software Composition Analysis tools to identify, track, and manage software components. Stay updated on the latest SCA tools and technologies to enhance analysis capabilities. Collaboration Work closely with development teams to communicate analysis findings and collaborate on remediation strategies. Provide guidance to ensure secure coding practices and prevent future vulnerabilities. Support Maintain comprehensive documentation of software components, vulnerabilities, and remediation efforts. Create reports for stakeholders, including executive summaries and technical details Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent Certifications Certified Ethical Hacker (CEH) Compliance Knowledge of security best practices and methodologies. Familiarity with open source software and licenses. Technical Skills Experience with Software Composition Analysis tools (e.g., WhiteSource, Kiuwan, Black Duck, Snyk, etc). Proven experience in software development and a strong understanding of various programming languages. Communication skills Strong communication and collaboration skills. Ability to prioritize and manage multiple tasks in a dynamic environment.

Location: Bangalore (Remote) Budget : upto 30 LPA Shift timings: 3pm to 12 / 4pm to 1 am Notice period- 60 days Imp. Note- The candidate have to come to Bangalore on the day of his/her joining and also have to be there in Bangalore for meetings. Required Candidate profile CyberArk Secure Cloud Access, Cloud Infrastructure Entitlement Management Zero Standing Privileges (ZSP) Just-in-Time Access On-demand access Cloud Identity Security Cloud Entitlements Management

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL

About the Company: At AT&T, we re connecting the world through the latest tech, top-of-the-line communications and the best in entertainment. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication and entertainment experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create a better customer experience. As we move into 2024, the digital transformation will revolutionize the digital space and you can build a career that will propel your future. About the Job: This position is a Senior Specialist Cyber Security for performing Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers. Experience Level: 8+ years Location: Hyderabad or Bengaluru Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users Perform manual validation and false-positive analysis on the automated scan results. Provide remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelors degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas Technical Skills: SAST, DAST, SCA Additional information (if any): Flexible to provide coverage in US morning hours upon need. Certification : CSSLP or equivalent #Cybersecurity Location: IND:KA:Banglaore / Intl Tech Park, Whitefield Rd - Storage: Innovator Building, Itpb, Whitefield Rd

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS. Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelors degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team.

What You'll Do Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer , you'll work with world-class engineers and architects to ensure security is embedded in everything we buildboth in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense . You'll help shape the future of Avalara Security , driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale. Job Responsibilities You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting. Promote security by design across the organization, and help foster a security-first culture. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable. What You'll Need to be Successful Required Qualifications 8+ years of experience in application security, secure software development , or security engineering. Strong programming proficiency in Python and GoLang (hands-on). Experience with secure SDLC practices and CI/CD pipeline integration. Strong hands-on experience with Kubernetes , container security, and cloud infrastructure security preferably AWS and GCP . Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT , etc. Familiarity with Git , modern source control practices, and agile development methodologies. Experience working with a broad range of security tools , including: Tenable , Wiz (Cloud Security Posture Management) Checkmarx , Mend (SAST, SCA) Acunetix , Burp Suite (DAST) CrowdStrike (EDR/XDR) Bachelor's Degree in Computer Science, Engineering, or a related field. Proven experience contributing to security automation efforts within a security organization like Avalara Security . Experience with AI/ML tools and frameworks applied to application security or behavior analytics. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist. Passion for enabling developer-friendly security solutions and maximum automation.

T itle- Security SAST/SCA/DAST Job Description- Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Must have skills: Application Security/SAST/DAST/SCA

Senior Data Engineer - Enterprise Data Platform Get to know Data Engineering Okta s Business Operations team is on a mission to accelerate Okta s scale and growth. We bring world-class business acumen and technology expertise to every interaction. We also drive cross-functional collaboration and are focused on delivering measurable business outcomes. Business Operations strives to deliver amazing technology experiences for our employees, and ensure that our offices have all the technology that is needed for the future of work. The Data Engineering team is focused on building platforms and capabilities that are utilized across the organization by sales, marketing, engineering, finance, product, and operations. The ideal candidate will have a strong engineering background with the ability to tie engineering initiatives to business impact. You will be part of a team doing detailed technical designs, development, and implementation of applications using cutting-edge technology stacks. The Senior Data Engineer Opportunity A Senior Data Engineer is responsible for designing, building, and maintaining scalable solutions. This role involves collaborating with data engineers, analysts, scientists and other engineers to ensure data availability, integrity, and security. The ideal candidate will have a strong background in cloud platforms, data warehousing, infrastructure as code, and continuous integration/continuous deployment (CI/CD) practices. What you ll be doing: Design, develop, and maintain scalable data platforms using AWS, Snowflake, dbt, and Databricks. Use Terraform to manage infrastructure as code, ensuring consistent and reproducible environments. Develop and maintain CI/CD pipelines for data platform applications using GitHub and GitLab. Troubleshoot and resolve issues related to data infrastructure and workflows. Containerize applications and services using Docker to ensure portability and scalability. Conduct vulnerability scans and apply necessary patches to ensure the security and integrity of the data platform. Work with data engineers to design and implement Secure Development Lifecycle practices and security tooling (DAST, SAST, SCA, Secret Scanning) into automated CI/CD pipelines. Ensure data security and compliance with industry standards and regulations. Stay updated with the latest trends and technologies in data engineering and cloud platforms. What we are looking for: BS in Computer Science, Engineering or another quantitative field of study 5+ years in a data engineering role 5+ years experience working with SQL, ETL tools such as Airflow and dbt, with relational and columnar MPP databases like Snowflake or Redshift, hands-on experience with AWS (e.g., S3, Lambda, EMR, EC2, EKS) 2+ years of experience managing CI/CD infrastructures, with strong proficiency in tools like GitHub Actions, Jenkins, ArgoCD, GitLab, or any CI/CD tool to streamline deployment pipelines and ensure efficient software delivery. 2+ years of experience with Java, Python, Go, or similar backend languages. Experience with Terraform for infrastructure as code. Experience with Docker and containerization technologies. Experience working with lakehouse architectures such as Databricks and file formats like Iceberg and Delta Experience in designing, building, and managing complex deployment pipelines.

2. CyberArk Implementation SME Location: Remote,Delhi NCR,Bengaluru,Chennai,Pune,Kolkata,Ahmedabad,Mumbai, Hyderabad Position Type: Contract Experience: 10+ years JD: Work with architects on solution integration. Deep skills in SIA, SCA, PCloud, REST API. Handle scaling for large, expanding infra. Drive SIT & UAT. Create training materials. Work with RUN team in handover. Must have: CyberArk Defender, Sentry, CDE certifications. 7 years in CyberArk Privileged Cloud. 3. SAP BASIS Consultant

Roles and Responsibilities Conduct SAST, DAST, SCA, and PT analysis on software applications to identify vulnerabilities and weaknesses. Collaborate with development teams to remediate identified issues and implement security patches. Develop expertise in multiple programming languages such as Java, Python, C++, JavaScript, HTML/CSS. Provide technical guidance on application security best practices to team members. Participate in code reviews to ensure adherence to coding standards.

CyberArk Architect Location : - Mumbai,Delhi / NCR,Bengaluru, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune,Remote Position Type: Contract Experience: 10+ years Lead and coordinate implementation work. Collaborate with Automation Architect to build and test automations. Expertise in SIA, SCA, PCloud, and REST API. Lead integration with infrastructure/applications. Scale implementation for large, growing environments. Drive SIT & UAT. Create end-user training material. Collaborate with the RUN team during handover/onboarding.

3+ yrs in specialty coffee roasting, roast development, green coffee characteristics, post-roast quality evaluation + roasting software (e.g., Cropster, Artisan) and quality control tools. Sensory skills, SCA cupping protocols M: SNEHA-9175447859