24 Sca Jobs

What You'll Do Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer , you'll work with world-class engineers and architects to ensure security is embedded in everything we buildboth in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense . You'll help shape the future of Avalara Security , driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale. Job Responsibilities You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting. Promote security by design across the organization, and help foster a security-first culture. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable. What You'll Need to be Successful Required Qualifications 8+ years of experience in application security, secure software development , or security engineering. Strong programming proficiency in Python and GoLang (hands-on). Experience with secure SDLC practices and CI/CD pipeline integration. Strong hands-on experience with Kubernetes , container security, and cloud infrastructure security preferably AWS and GCP . Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT , etc. Familiarity with Git , modern source control practices, and agile development methodologies. Experience working with a broad range of security tools , including: Tenable , Wiz (Cloud Security Posture Management) Checkmarx , Mend (SAST, SCA) Acunetix , Burp Suite (DAST) CrowdStrike (EDR/XDR) Bachelor's Degree in Computer Science, Engineering, or a related field. Proven experience contributing to security automation efforts within a security organization like Avalara Security . Experience with AI/ML tools and frameworks applied to application security or behavior analytics. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist. Passion for enabling developer-friendly security solutions and maximum automation.

T itle- Security SAST/SCA/DAST Job Description- Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Must have skills: Application Security/SAST/DAST/SCA

Senior Data Engineer - Enterprise Data Platform Get to know Data Engineering Okta s Business Operations team is on a mission to accelerate Okta s scale and growth. We bring world-class business acumen and technology expertise to every interaction. We also drive cross-functional collaboration and are focused on delivering measurable business outcomes. Business Operations strives to deliver amazing technology experiences for our employees, and ensure that our offices have all the technology that is needed for the future of work. The Data Engineering team is focused on building platforms and capabilities that are utilized across the organization by sales, marketing, engineering, finance, product, and operations. The ideal candidate will have a strong engineering background with the ability to tie engineering initiatives to business impact. You will be part of a team doing detailed technical designs, development, and implementation of applications using cutting-edge technology stacks. The Senior Data Engineer Opportunity A Senior Data Engineer is responsible for designing, building, and maintaining scalable solutions. This role involves collaborating with data engineers, analysts, scientists and other engineers to ensure data availability, integrity, and security. The ideal candidate will have a strong background in cloud platforms, data warehousing, infrastructure as code, and continuous integration/continuous deployment (CI/CD) practices. What you ll be doing: Design, develop, and maintain scalable data platforms using AWS, Snowflake, dbt, and Databricks. Use Terraform to manage infrastructure as code, ensuring consistent and reproducible environments. Develop and maintain CI/CD pipelines for data platform applications using GitHub and GitLab. Troubleshoot and resolve issues related to data infrastructure and workflows. Containerize applications and services using Docker to ensure portability and scalability. Conduct vulnerability scans and apply necessary patches to ensure the security and integrity of the data platform. Work with data engineers to design and implement Secure Development Lifecycle practices and security tooling (DAST, SAST, SCA, Secret Scanning) into automated CI/CD pipelines. Ensure data security and compliance with industry standards and regulations. Stay updated with the latest trends and technologies in data engineering and cloud platforms. What we are looking for: BS in Computer Science, Engineering or another quantitative field of study 5+ years in a data engineering role 5+ years experience working with SQL, ETL tools such as Airflow and dbt, with relational and columnar MPP databases like Snowflake or Redshift, hands-on experience with AWS (e.g., S3, Lambda, EMR, EC2, EKS) 2+ years of experience managing CI/CD infrastructures, with strong proficiency in tools like GitHub Actions, Jenkins, ArgoCD, GitLab, or any CI/CD tool to streamline deployment pipelines and ensure efficient software delivery. 2+ years of experience with Java, Python, Go, or similar backend languages. Experience with Terraform for infrastructure as code. Experience with Docker and containerization technologies. Experience working with lakehouse architectures such as Databricks and file formats like Iceberg and Delta Experience in designing, building, and managing complex deployment pipelines.

2. CyberArk Implementation SME Location: Remote,Delhi NCR,Bengaluru,Chennai,Pune,Kolkata,Ahmedabad,Mumbai, Hyderabad Position Type: Contract Experience: 10+ years JD: Work with architects on solution integration. Deep skills in SIA, SCA, PCloud, REST API. Handle scaling for large, expanding infra. Drive SIT & UAT. Create training materials. Work with RUN team in handover. Must have: CyberArk Defender, Sentry, CDE certifications. 7 years in CyberArk Privileged Cloud. 3. SAP BASIS Consultant

Roles and Responsibilities Conduct SAST, DAST, SCA, and PT analysis on software applications to identify vulnerabilities and weaknesses. Collaborate with development teams to remediate identified issues and implement security patches. Develop expertise in multiple programming languages such as Java, Python, C++, JavaScript, HTML/CSS. Provide technical guidance on application security best practices to team members. Participate in code reviews to ensure adherence to coding standards.

CyberArk Architect Location : - Mumbai,Delhi / NCR,Bengaluru, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune,Remote Position Type: Contract Experience: 10+ years Lead and coordinate implementation work. Collaborate with Automation Architect to build and test automations. Expertise in SIA, SCA, PCloud, and REST API. Lead integration with infrastructure/applications. Scale implementation for large, growing environments. Drive SIT & UAT. Create end-user training material. Collaborate with the RUN team during handover/onboarding.

3+ yrs in specialty coffee roasting, roast development, green coffee characteristics, post-roast quality evaluation + roasting software (e.g., Cropster, Artisan) and quality control tools. Sensory skills, SCA cupping protocols M: SNEHA-9175447859

Senior Cybersecurity Specialist Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity into industrial and IoT environments We would like to have you on our team to keep smart cities cybersecure! The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. It's where we combine the physical world - escalators and elevators - with smart and connected digital systems. We are changing and improving the way billions of people move within cities every day. Within the KONE Technology & Innovation unit, we have a dedicated Cecurity team for assuring the security of KONE's products and solutions as well as applications used by KONE's business lines. Buzzwords: Application security, Cloud security, SDL, DevSecOps We are now looking for a person to support and drive the Security Development Lifecycle (SDL) activities in KONE solution development projects. Our solutions range from connected elevator systems to cloud services and to mobile applications for technicians and for end users. As a Senior Cybersecurity Specialist, you will be responsible for supporting KONE development teams globally to identify and implement security requirements and to review and test the solutions as they have been implemented. You enjoy working in co-operation with development teams to offer solutions for security problems and practical guidelines on how to implement security in the projects. You get to conduct threat analysis and identify the appropriate security requirements. You don't shy away from getting hands on with application owners and developers to guide them or help them implement the necessary security controls. Through validation and testing you ensure that controls are implemented, and the requirements fulfilled. You support our becoming and existing Security Champions to succeed in their roles by guiding, identifying their skill gaps, and providing training. You might be an experienced security-minded software developer, or perhaps you are a cybersecurity professional who has specialized in application security. You can communicate with various audiences, and you can deal both with the big picture as well as with details when so required. The position is located in Pune, India. Responsibilities Act as a cybersecurity advisor and provide security expertise and guidance to development and operations teams. Conduct risk-based security impact assessments to classify applications and assign appropriate security requirements. Translate requirements into actionable tasks and guide stakeholders in understanding and implementing them. Detect security issues during validation and operation using automation and scenario-based testing. Help teams to understand and mitigate risks and vulnerabilities. Review and enhance security documentation and assessments from Security Champions, offering constructive feedback. Monitor R&D and IT stakeholder needs and deliver targeted security training or clinics. Collaborate within the Cybersecurity team to improve KONE's security management system, SDL standards, processes, and tools. Requirements 5+ years of experience in cybersecurity. CISSP, CSSLP or other relevant certifications are considered a plus. Educational qualifications (B. Sc. or M Sc. in computer science, business administration, information technology management, information systems security or related) Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM) Familiarity with security standards and best practices (for example: ISO 27001, IEC 62443, OWASP) Experience in threat modeling and security risk assessment Experience with DevSecOps practices and tools (SCA, SAST, DAST) Experience with cloud platforms (AWS or Microsoft Azure) Why to join KONE's cybersecurity team We at KONE's cybersecurity team are at an interesting point currently. Our focus has been on modernizing enterprise cybersecurity to limit risks with day-to-day operations but at the same time, we are building our industrial and product cybersecurity. KONE is on a digitalization journey and our elevators are transforming from a steel box on the end of a rope into central platforms of smart buildings. We are bringing totally new kinds of innovative solutions to the market to enable even smarter people flow. As our offering becomes more digital, excellent cybersecurity plays a crucial role in building customer trust. KONE Technology and Innovation We are changing and improving the way billions of people move within buildings every day. Hardware is where we've always shined, but today, digital expertise - IoT, analytics, AI, automation, simulation, to name a few - is equally important for our continued success. What's KONE Technology & Innovation like as a workplace We like to think of ourselves as a diverse tribe, pulling together to understand and meet the ever-changing needs of our customers, from concept through to design, down to every single finished product. This all happens in an atmosphere of trust and respect, typified by our Nordic values, a healthy work-life balance, and a flat hierarchy. Read more on

Android development with Kotlin 6+yrs Mandatory from automotive domain Hands on experience with Sonarqube Exp. integrating SCA tools into Ci/CD (Jenkins/Gitlab) Must be from Bangalore Imemdiate to 15 days joiners only

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

Seeking a skilled OSS Lead with strong DevOps expertise. Must have hands-on experience in build tools, package managers, scanning tools, GitHub Actions, and BASH scripting. Public cloud exposure is a plus. Required Candidate profile 6+ yrs of exp in DevOps Strong expertise in Build tools and Package Manager Exp-Scanning tools like CheckMarx and SCA 4+ yr exp-GitHub Actions BASH scripting Public cloud exposure is good to have

We seek a Desecvops Engineer, Expert Level who shares our passion for innovation and change. This role is critical to helping our business partners evolve and adapt to consumers' personalized expectations in this new technological era. What will help you succeed: In the position of DevSecOps Engineer, you will join the DevSecOps Enablement product line and will be part of the quality,security and complaince team.The job is part of a small, but quickly growing and highly agile team of Global IT who are focused on supporting our devops team delivering applications and products with quality and secuirity. This platform is built toolachian which integrate well with development life cycle. As a DevSecOps Engineer, you will: Expertise in DevSecOps Expertise in SCA, SAST and DAST tools Expertise in threat modeling Expertise in container scanning tools Expertise Vulnerability scanning and management Expertise in automation of day to day security operations Be a hands-on technical leader on toolchain and work closely with architects, product owners, and teams across sites to drive toolchain forward with high quality, scalable and maintainable components, and delivering excellence on schedule. Provide technical leadership through coaching and mentoring other team members. Dedication to SAFe/ Lean practices and scalable architecture, including experience building adaptable roadmaps and evolving stakeholders requirements. Willing to learn and adapt new tools and technologies. Educate and train team and Devops teams on quality and security best practices. Technical Skills: Experience in quality scanning tools like SonarQube Experience in security scanning tools like Mend Experience in GHAS and GitLab SAST/DAST Experience in DevOps tools like GitHub and GitLab Experience in Snek and VeraCode etc Experience in scripting languages like Python, Powershell etc Job-related Experience Bachelor of Science in Computer Science or a related field Five or more yearswork experience as a Quality and Security Engineer or related position Extensive knowledge of operating system and database security In-depth knowledge of security protocols and principles Critical thinking skills and ability to solve complex problems Furthermore, you bring: Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology Ability to take ownership and be effective with limited supervision Strong organizational skills and ability to prioritize and manage multiple projects simultaneously In-depth understanding of Quality, Security and compliance This job can be filled in Pune, Hyderabad, Bangalore, Indore #LI-Hybrid

Role & responsibilities Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices. Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices. Assess risks reported in the vulnerability assessment results and other security related data, and prioritize remediation actions Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline Conduct regular security group reviews. Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness. Awareness of working and adapting to Agile environment Preferred candidate profile A bachelors or higher degree in Computer Science, Computer Engineering, or similar discipline. Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, and extensive knowledge in any one of the object-oriented programming languages. Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues Strong web application security experience with thorough understanding of web application vulnerabilities and secure coding practices Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM. Knowledge in Cloud(AWS, Azure) Architecture Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools. Understanding of Security Policies, Procedures, Audit, and Compliance requirements Skills in Terraform/Chef/Python/Perl/Ruby is desired Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics Soft Skills: Excellent communication and presentation skills Ability to work collaboratively and build consensus is essential Ability to manage multiple priorities effectively. Strong analytical and problem-solving skills with attention to detail. Willingness and capability to self-learn Good to Have: Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage. Experience in assessing and enhancing security of cloud-based environments and services. Experience in AWS security involving tools and process Experience in container/Kubernetes security Active participation in the security communities and groups Demonstrated commitment to staying up to date with emerging security threats and technologies. Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security etc.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Solid understanding of SBOM management processes, formats, and toolchains. Strong understanding of software development lifecycle (SDLC). Understanding of software supply chain security concepts. Familiarity with software composition analysis (SCA) and dependency management. Understanding of regulatory frameworks and security frameworks (NIST, FedRAMP, CISA, ISO, ...) Familiarity of main software supply chain security frameworks (SLSA, in-toto). Understanding the Sigstore set of standards and tools is a plus. Understanding of containers technologies (Docker, Kubernetes) experience is a plus. Knowledge of cryptography concepts (digital signatures, symmetric and asymmetric encryption, hashing, ...) Have 10+years relevant experience, where in 4+ years as a software development lead Experience partnering with Platform engineering team, Product owners, architects, and technology leaders to establish, promote, and advance development strategies and best practices. Hands-on with Golang, SQL Python, JavaScript, TypeScript, Vue.js (or proficient with reactive JavaScript frameworks) and HTML. Automation and scripting: proficiency with Bash, PowerShell. Working proficiency leveraging and operating the AWS services such as (but not limited to) IAM, SQS, S3, Lambdas, CloudFormation, CloudFront, DynamoDB, RDS, EKS/ECS, and EC2.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of four (4) years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 4+ years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Role: AWS DevOps Architect Lead Exp.: 15+ years Job Description: Overall, 15+ years of experience with 5 years of hands-on experience in deployment automation using IaC, Configuration management, Orchestration, Containerization, and running a complete CI/CD pipeline on both cloud and on-prem. Thorough understanding and hands-on skills in the below Infrastructure as Code: Terraform, AWS CloudFormation, Puppet. Source control: GitLab, GitHub. CI/CD: Jenkins, GitLab CICD. Containerization/Orchestration: Kubernetes, AWS ECS, AWS EKS, Docker. CDN: Akamai, AWS CloudFront. Monitoring: AWS Cloud watch, New Relic. Security: AWS Code Guru, Guard Duty, Security Hub, Snyk, Veracode, Rapid7. Programming/Scripting: Python, Shell scripting Good understanding of networking, security rules, firewalls, WAF, API gateways, and auto-scaling principles. Hands on experience using AWS (VPC, Subnets, ALB/NLB, RDS, ECS, SQS, Cognito, Lambda, Memcached ) is required. Understanding of Programming concepts and best practices is required. Experience dealing with production incidents in multi-tier application environment is required. Experience managing production workloads with Site Reliability Engineering best practices. Good understanding of various deployment strategies (Rolling updates, Blue/Green, Canary) Strong exposure on DevSecOps testing methods SAST, DAST, SCA is preferred.

Must have : Application Security/SAST/DAST/SCA Overall 8+ years of IT experience • 7+ years of application security Experience • 5+ years of Application Security testing Experience • Bachelor's degree required. • Deep familiarity with the OWASP Top 10 and other security concerns for web applications • Deep Understanding of OWASP Application Security Verification Standards (ASVS) • Deep understanding of SAST, DAST, SCA Scanning practices • Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. • Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. • Understanding of SAST, DAST tools and dependency scanning tools • Experience working/integrating with secret management systems. • Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) • Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. • Strong documentation skills • Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) • Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. • Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Roles and Responsibilities: • Perform SAST/SCA/DAST scans using industry vulnerability scanner • SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE’s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. • DAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.

Role: AWS DevOps Lead Exp.: 8+ years Job Description: Overall, 8+ years of experience with 5 years of hands-on experience in deployment automation using IaC, Configuration management, Orchestration, Containerization, and running a complete CI/CD pipeline on both cloud and on-prem. Thorough understanding and hands-on skills in the below Infrastructure as Code: Terraform, AWS CloudFormation, Puppet. Source control: GitLab, GitHub. CI/CD: Jenkins, GitLab CICD. Containerization/Orchestration: Kubernetes, AWS ECS, AWS EKS, Docker. CDN: Akamai, AWS CloudFront. Monitoring: AWS Cloud watch, New Relic. Security: AWS Code Guru, Guard Duty, Security Hub, Snyk, Veracode, Rapid7. Programming/Scripting: Python, Shell scripting Good understanding of networking, security rules, firewalls, WAF, API gateways, and auto-scaling principles. Hands on experience using AWS (VPC, Subnets, ALB/NLB, RDS, ECS, SQS, Cognito, Lambda, Memcached ) is required. Understanding of Programming concepts and best practices is required. Experience dealing with production incidents in multi-tier application environment is required. Experience managing production workloads with Site Reliability Engineering best practices. Good understanding of various deployment strategies (Rolling updates, Blue/Green, Canary) Strong exposure on DevSecOps testing methods SAST, DAST, SCA is preferred.

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 5 Years Skills Source Code :- Secure Code Review / Static Application Security Testing Software Composition Analysis AppSec (Web, Mobile, Thick Client) & API :- Web Application & Thick Client Penetration Testing (DAST) API Security Testing Mobile Application Security Testing (MAST) Network Security:- Network Security VAPT IT Infrastructure VAPT Network Security Configuration Review Process/Architecture Review :- Secure SDLC Process Review Network Security Architecture Review SCD/VA/DFRA/DB Review ;- Database Security Configuration Review Digital Forensics Readiness Assessment Secure Configuration Document Vulnerability Assessment Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

When you join Verizon You want more out of a career. A place to share your ideas freely even if theyre daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life. What youll be doing The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Principal Security Architect, you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group. Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible Work with the product development teams to perform security design/code reviews and vulnerability assessment. Provide security guidance to Engineering and Product teams. Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology Contribute to security policy, standards, and guidelines related to Information Security Evaluate and operationalize new technologies for securing the organization Create security user stories and security test cases for products that are tailored to the product attributes and technology Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. What were looking for You'll need to have: Bachelors degree or four or more years of work experience. Experience in cybersecurity. Experience with security requirements analyses, building threat models, performing security design reviews, applying zero trust principles. Knowledge of application security vulnerabilities, secure coding, attack surfaces and countermeasures. Knowledge of S-SDLC, best practices for secure coding, understanding of OWASP Top 10, CIS Top 20 Even better if you have one or more of the following: Understanding of Docker, Kubernetes, container security best practices. Experience with Threat Management and Monitoring tools (like CrowdSrike, GuardDuty, Tenable, CloudTrail, Cloudwatch) and container security tools. Experience with building security and hardening Cloud Containers, Cloud OS, on-premise/cloud storage, like Cassandra, MongoDB, Data Warehouse and Object-Based storage. Hands on experience on security testing like SAST, DAST, SCA and Pen testing Understanding of authentication protocols like OID, OAuth2.0, SAML Hands-on experience in securing software development projects using iOS/Android platforms Familiar with Content Streaming Services Security like DRM, CA (Widevine, Playready, FairPlay) Experience with application programming (C/C++/Java/Kotlin/Swift/JavaScript or any other languages) and the overall software development life cycle. Written and verbal skills for communicating security concepts and solutions. Ability to prioritize between and execute on multiple work streams. Excellent organizational and interpersonal skills. One of more of the following certifications: CISSP, CISM, SANS, CCSK.

Essential Functions: Duties and Responsibilities Take charge of strategic and tactical responsibilities in the team and bring them to completion Investigate and identify the root cause for escalated issues Contribute towards leading and influencing experienced and accomplished software engineers inside and outside of the Fleet and Mobility development team Drive results with clearly defined priorities, effective resource allocation, and communication of goals. Work with customer support to address escalations, participate in the on-call rotation for production issues and escalations, and identify the root cause for escalated issues Perform other duties as assigned. Required Skills/Abilities: 9 years of enterprise software development experience using .Net Core on Linux and Angular in an Agile environment. Practical experience designing, building and maintaining enterprise software at scale in Azure Prior practical Azure SQL DB experience with performance tuning and optimization is required Hands-on experience implementing REST APIs (with .Net Core on Linux) Experience with Docker: creation, deployment, lifecycle, debugging and AKS Excellent written & oral communication and interpersonal skills and ability to create and maintain technical documentation Practical development experience working on integrations with payment processing vendors. Highly independent and able to effectively self-organize and prioritize work Strong creative logical problem-solving skills required Strong planning, organizing, and coordinating skills required Strong verbal and written English skillsIt is an added bonus if you have Experience using the latest software tools including JIRA, Confluence, Azure DevOps, Azure CI/CD Experience with payment (i.e. commercial cards), fintech, or B2B services Working in a PCI compliant environment Experience working with mobile project Mentality to Automate Everything within a software project and bring modern ways of automating test execution and delivering components to Production Previous experience collaborating with a security team to address results of SAST, DAST, SCA Education: Bachelors degree in a related field. Equivalent combination of education and experience will be considered

Greetings from eygds!!! We are hiring for application security engineer/devsecops AND (SAST AND DAST AND SCA) so thought you may be interested in hearing more information regarding our new role "DevSecOps" Location Kolkata Experience 1- 3 /3-5 and 8-12 yrs Skills required "DevSecOps" AND (SAST AND DAST AND SCA) source code review Would like to discuss further on this, please revert with your updated profile to this email id malathi.ramadoss@gds.ey.com also refer to the below link apply. https://careers.ey.com/job-invite/1504544/ Also share your details in the below format. Total Experience: Relevant Experience: Current Location: Preferred Location: Notice Period Are you available for the F2F interview on 22nd.

Solid understanding of SBOM management processes, formats, and toolchains. Strong understanding of software development lifecycle (SDLC). Understanding of software supply chain security concepts. Familiarity with software composition analysis (SCA) and dependency management. Understanding of regulatory frameworks and security frameworks (NIST, FedRAMP, CISA, ISO, ...) Familiarity of main software supply chain security frameworks (SLSA, in-toto). Understanding the Sigstore set of standards and tools is a plus. Understanding of containers technologies (Docker, Kubernetes) experience is a plus. Knowledge of cryptography concepts (digital signatures, symmetric and asymmetric encryption, hashing, ...) Have 10+years relevant experience, where in 4+ years as a software development lead Experience partnering with Platform engineering team, Product owners, architects, and technology leaders to establish, promote, and advance development strategies and best practices. Hands-on with Golang, SQL Python, JavaScript, TypeScript, Vue.js (or proficient with reactive JavaScript frameworks) and HTML. Automation and scripting: proficiency with Bash, PowerShell. Working proficiency leveraging and operating the AWS services such as (but not limited to) IAM, SQS, S3, Lambdas, CloudFormation, CloudFront, DynamoDB, RDS, EKS/ECS, and EC2.