29 Secure Sdlc Jobs

As the Chief Technology Officer (CTO) at EaseMyTrip.com, your role involves defining and leading the overall technology vision and execution for one of India's largest online travel platforms. You will be responsible for overseeing engineering aspects ranging from backend system design and frontend development to Generative AI integration and large-scale cloud infrastructure. Your primary goal will be to ensure that EaseMyTrip continues to deliver secure, scalable, and high-performance solutions while pioneering next-generation AI-driven travel experiences. This leadership position requires a balance of hands-on technical expertise, architectural thinking, and strategic direction to shape technology that directly impacts millions of travelers globally. **Key Responsibilities:** - Define and execute the technology roadmap, aligning innovation with business objectives, and mentor high-performing teams across backend, frontend, AI, and DevOps. - Deploy and optimize Large Language Models (LLMs) such as GPT-4, Claude, and Mistral to build intelligent conversational travel agents, implementing prompt engineering and Retrieval-Augmented Generation (RAG) workflows. - Ensure seamless and responsive user experiences through Angular, TypeScript, JavaScript, HTML5, and CSS3, with a strong focus on UI/UX integration and performance optimization. - Manage relational and NoSQL databases such as SQL Server, PostgreSQL, and MongoDB, focusing on schema design, optimization, and ORM integration (SQLAlchemy). - Oversee deployments on AWS, GCP, or Azure with serverless technologies (Lambda, Cloud Functions) and containerized services (Docker, Kubernetes). Implement CI/CD pipelines for smooth release cycles. - Establish secure development practices, data protection mechanisms, and compliance with industry standards. - Partner with product managers, designers, and AI researchers to deliver impactful features rapidly and iteratively. - Drive system reliability, monitoring, debugging, and production support to ensure high availability and uptime. **Qualification Required:** - Experience: 10+ years in software engineering, with at least 5 years in senior technology leadership roles. - Technical Skills: Strong command of ASP.Net, C++, C#, Python, Angular, JavaScript frameworks, FastAPI/Django, and asynchronous programming. - AI/ML Expertise: Hands-on experience with LangChain, LlamaIndex, Hugging Face Transformers, and OpenAI/Anthropic APIs. Skilled in fine-tuning models (LoRA, PEFT) and applying evaluation metrics (BLEU, ROUGE). - Backend & System Design: Proven ability to architect large-scale, secure systems and RESTful APIs with a focus on modularity and maintainability. - Frontend Development: Proficient in Angular, TypeScript, and responsive design with a strong focus on user experience and SEO best practices. - Database Knowledge: Expertise in SQL Server, PostgreSQL, MongoDB, and schema performance optimization. - Cloud & DevOps: Experienced with AWS/GCP/Azure, CI/CD pipelines, Docker, Kubernetes, and serverless deployments. - Security Knowledge: Strong grasp of encryption, application security, and secure SDLC principles. - Leadership & Collaboration: Effective communicator with a track record of mentoring and leading diverse technology teams in fast-paced environments. - Innovation Mindset: Passionate about emerging technologies, problem-solving, and building AI-first travel experiences.,

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities. Hands on experience in Secure SDLC, DAST, SAST etc Provide strategic advice and insights to clients based on deep domain knowledge and industry best practices. Identify potential risks and develop mitigation strategies to ensure project success and client satisfaction. Lead and coordinate incident response activities, including investigation, containment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE/Btech/MCA/M.Tech. 3-4yrs hands on experience. Preferred technical and professional experience CEH Certificate mandatory

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices Roles & Responsibilities:- Service Delivery & Technical Leadership Lead the delivery of application and infrastructure security services including:Dynamic Application Security Testing (DAST)Static Application Security Testing (SAST/SCA)Web & API Penetration TestingMobile Application Security TestingInfrastructure Vulnerability Management (IVM)Oversee scan scheduling, execution, validation, and reporting.Drive the reduction of false positives and enhance detection accuracy.Ensure timely delivery of security testing activities aligned with client SLAs.- Security Testing & AnalysisPerform automated and manual security scans for applications and infrastructure.Validate findings, analyze root causes, and prioritize remediation based on risk.Provide technical recommendations to development, DevOps, and infrastructure teams.Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).- Tool Ownership & OptimizationAdminister and optimize usage of security tools including but not limited to:WebInspect, Veracode, Burp Suite, Custom Scripting ToolsGitLab, ServiceNow Security ModulesDatadog Security Explorer, OpenShift ACSTune and maintain tool configurations, scan profiles, and dashboards.- Governance & ReportingTrack scan volumes, issue lifecycle, and performance KPIs.Deliver dashboards and executive-level reports on security posture.Support audit, compliance, and client reporting needs.- Team Collaboration & Stakeholder ManagementProvide technical direction and mentorship to the delivery team.Liaise with client teams, application owners, and platform SMEs.Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: - 8+ years of experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.- Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).- Hands-on experience in penetration testing of web, mobile, and API-based applications.- Familiarity with infrastructure scanning and vulnerability remediation practices.- Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).- Experience working in global delivery teams, preferably in a client-facing role- CEH / OSCP / GWAPT / CISSP / CSSLP- Veracode Certified Specialist or equivalent- Vendor certifications on WebInspect, Burp Suite, GitLab Security Additional Information:- The candidate should have minimum 7.5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required.- Knowledge of cloud security principles (Azure/AWS/GCP)- Familiarity with container security and DevSecOps tooling- Exposure to automated CI/CD security integrations- Strong communication and documentation skills- Proactive problem-solving and analytical thinking- Ability to balance security risk with operational practicality Qualification 15 years full time education

The BMC Product Security Group (PSG) is looking for a passionate Product Development Engineer with strong engineering skills and a deep understanding of secure software development practices. This role is ideal for someone with a solid foundation in Java development , DevSecOps , container orchestration , and security tooling , who is passionate about integrating security into the software development lifecycle. You will work closely with product, engineering, and security teams to embed security into every phase of the product lifecyclefrom development to deployment. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Develop and maintain secure, high-quality Java code for tools, integrations, or product features. Design and implement secure CI/CD pipelines with DevSecOps practices. Manage containerization and orchestration using Docker and Kubernetes. Automate security-related tasks and processes using Python or other scripting languages. Collaborate with development teams to integrate security controls and static/dynamic analysis tools into CI/CD workflows. Implement and manage product security tools (e.g., SAST, DAST, SCA, container scanning). Advocate for security best practices across engineering teams through training, documentation, and tooling. Monitor the security landscape for new vulnerabilities, tools and threats relevant to our tech stack To ensure youre set up for success, you will bring the following skillset & experience: 5+ years of experience in software engineering or product security engineering. Strong proficiency in Java and experience developing secure applications. Hands-on experience with containers (Docker) and Kubernetes in production environments. Deep understanding of DevSecOps principles and secure SDLC. Proficiency in scripting languages like Python , Bash, or similar. Familiarity with security tools such as Fortify, JFrog, Checkmarx, Aqua, Sonatype, Blackduck etc. Experience with CI/CD tools (e.g., Jenkins, GitHub Actions, GitLab CI). Solid grasp of application and cloud security principles. Knowledge of cloud-based development, AI/ML, GenAI frameworks is a plus.

About Company: Happiest Minds Technologies (NSE: HAPPSTMNDS) is a digital transformation company, offering services in AI, blockchain, cloud, IoT, robotics, and more. Focused on industries like BFSI, EdTech, Healthcare, Hi-Tech, Media & Entertainment, Industrial, Manufacturing, Energy & Utilities, Retail, CPG & Logistics., enables solutions in Product & Digital Engineering, Generative AI, and Infrastructure Management. A Great Place to Work Certified™ company, Happiest Minds is headquartered in Bengaluru, India with operations in the U.S., UK, Canada, Australia, and the Middle East. Job Title : Lead Business Analyst Business Unit : Generative AI Exp: 10 – 15 yrs Roles & responsibilities: Highly experienced and proactive Lead Business Analyst / Consultant with a strong background in business analysis, client engagement, and pre-sales consulting. The ideal candidate will bridge the gap between business needs and technical solutions, contributing to strategic client proposals, crafting solution approaches, and supporting the sales team in winning business opportunities. Pre-Sales & Client Engagement Collaborate with sales, delivery, and solution teams to craft compelling proposals, RFP/RFI responses, and presentations. Gather and analyze client requirements during pre-sales discovery sessions. Design solution blueprints aligned with client objectives, feasibility, and delivery capabilities. Conduct product/solution demos and proof-of-concept (PoC) walkthroughs. Translate complex business problems into clear and concise value propositions for clients. Business Analysis & Solution Design Lead end-to-end business analysis for digital transformation, platform integration, and AI/automation initiatives. Define and document business processes, user journeys, and functional/non-functional requirements. Conduct gap analysis, feasibility studies, and ROI assessments. Partner with UX, architecture, and product teams to design scalable and user-centric solutions. Define and manage the product backlog, ensuring clarity and prioritization of features. Benefits: We offer a competitive benefits package.

Key Deliverables: Develop and implement security protocols to safeguard Honeywell systems and networks. Conduct regular vulnerability assessments and penetration testing. Monitor and respond to cybersecurity incidents across platforms. Collaborate with cross-functional teams to integrate secure development practices. Role Responsibilities: Support secure SDLC practices including threat modeling and risk assessments. Automate security tasks using Python, Jenkins, and DevSecOps tools. Ensure compliance with public key infrastructure and embedded device security. Stay current with emerging cyber threats and mitigation strategies.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about protecting companies from cyber threats Do you want to be part of a team that safeguards the digital assets of cutting-edge organizations Look no further - Kyndryl is seeking a Cybersecurity Specialist to join our team of talented Technical Specialists. As a Cybersecurity Specialist, you will be at the forefront of protecting Kyndryl's customers computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. You will use a variety of tools and techniques to defend against a wide range of cyber threats, such as malware, ransomware, phishing attacks, and data breaches. But that's not all - at Kyndryl, you will also have the opportunity to implement new cybersecurity systems and policies to ensure the protection of our customers data and assets. You will monitor and review potential threats from various cybersecurity systems and conduct proof-of-concepts (POCs) with new cyber security software to evaluate its effectiveness and potential integration into the organization's systems. Not only will you be responsible for ensuring the security of Kyndryl's customers network and systems, but you will also enrich the organization's knowledge towards potential cyber threats and best practices. You will provide automation scripts for threat hunting in customer environments using lessons learned from Cyber-attacks. You will also have the opportunity to conduct penetration testing and threat and vulnerability assessments of applications, operating systems, and networks, responding to cybersecurity breaches and identifying intrusions. You will research and evaluate cybersecurity threats and perform root cause analysis, all while assisting in the creation and implementation of security solutions. Additionally, you will have the opportunity to work in the area of security innovation, creating and experimenting with outside the box ideas that could change the trajectory of cyber security. This is a unique opportunity to work with cutting-edge technology, be part of a dynamic team, and make a significant impact in the world of cybersecurity. If you're up for the challenge, apply now to join Kyndryl's cybersecurity team! Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won't find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You're good at what you do and possess the required experience to prove it. However, equally as important - you have a growth mindset keen to drive your own personal and professional development. You are customer-focused - someone who prioritizes customer success in their work. And finally, you're open and borderless - naturally inclusive in how you work with others. Required Skills and Experience: Having 5 + years of exp in AppSec & TPRM Lead Own and govern the end-to-end Vulnerability Management (VM) program Ensure DevSecOps integration completeness across SAST, DAST, SCA, CSPM, and Infra tools for automating security assessments in DevOps pipelines Track remediation SLA adherence, escalate overdue issues, and align with stakeholders Review and report weekly/monthly dashboards covering risk trends, SLAs, and exceptions Oversee secure SDLC enforcement and continuous improvement of security processes Preferred Skills and Experience: Facilitate TPRM alignment and integration into the broader VM landscape Lead cross-functional coordination, metrics-driven governance, and knowledge sharing Perform thread modelling for new applications Being You Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter - wherever you are in your life journey. Our employee learningprograms give you access to the best learning in the industry to receive certifications, includingMicrosoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked How Did You Hear About Us during the application process, select Employee Referral and enter your contact's Kyndryl email address.

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities. Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp Suite Provide strategic advice and insights to clients based on deep domain knowledge and industry best practices. Identify potential risks and develop mitigation strategies to ensure project success and client satisfaction. Lead and coordinate incident response activities, including investigation, containment, and remediation of security incidents. Provide security training and awareness programs to developers on security policies, procedures, and best practices. Ensure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Provide support for regulatory and internal audits, diligently tracking reported observations through to closure Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE/Btech/MCA/M.Tech. 5-7 yrs hands on experience.Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp SuiteEnsure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Preferred technical and professional experience OEM certification from one of the following, HP Fortify and Burp Suite

We are not looking for someone who checks every single box - were looking for lifelong learners and people who can make us better with their unique experiences. Join our team! Were building a world where Identity belongs to you. Oktas Workforce Identity Cloud Security Engineering group is looking for an experienced and passionate software security engineer to join a team focused on designing and developing Security solutions to harden our frameworks & infrastructure. We embrace innovation and pave the way to transform bright ideas into excellent security software solutions that help run large-scale, mission-critical software. We encourage you to prescribe defense-in-depth measures, industry security standards, enforce the principle of least privilege to help take our Security posture to the next level. Our Security engineering team has a niche skill-set that combines Security domain expertise with the ability to design, implement and rollout security features and functionalities without adding friction to product functionality or performance. We are responsible for the ever-growing need to improve our customer safety and privacy by providing security services that are coupled with the core Okta product. This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success. You will act as a liaison between the Security org and the engineering org to build technical leverage and influence the security roadmap and direction. You will focus on engineering security and privacy aspects of the systems used across our services while working on a weekly release cadence. You will be empowered to propose stimulating new projects for our roadmap and rewarded with projects using emerging technologies. Join us and be part of a company that is about to change the cloud computing landscape forever. Bring all the passion and dedication along and theres no telling what you could accomplish! Preferred qualification and abilities: 7+ years of development experience in designing and implementing software systems in Java, building highly reliable and mission-critical software. 3+ years of work experience in designing and implementing security solutions for applications and distributed systems. Work experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, Application Security, Cryptography, Authentication, Authorization using Role-Based and Attribute-Based access controls. Strong understanding of concepts such as Test-Driven development, Secure SDLC, Secure code reviews and the ability to identify and mitigate threat vectors and vulnerabilities in code and infrastructure. Good understanding and experience in using cloud service providers such as AWS and GCP. Developing and maintaining technical documentation such as cookbooks, design and architecture docs. Troubleshooting and fixing production issues to ensure reliability, security and performance. Work experience in using RDBMS like MySQL, good grasp of concepts such as replication and clustering along with familiarity in data stores such as Redis and Elasticsearch. Excellent grasp of software engineering principles coupled with strong written and verbal communication skills. B.S or M.S in Computer Science or related fields. Responsibilities : Act as a liaison between the engineering and security org to develop innovative requirements for the security roadmap. Evangelize security best practices across the engineering org. Research, design, implement and own security oriented frameworks and features with the common goal of protecting Oktas customers. Routinely participate in cross-vertical code reviews with emphasis on Security. Break down complex problems into sub-tasks while prototyping rapidly and iteratively contributing to security initiatives using agile practices. Coach and mentor junior engineers in the team.

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices. Roles & Responsibilities:-Lead the delivery of application and infrastructure security services including:-Dynamic Application Security Testing (DAST)-Static Application Security Testing (SAST/SCA)-Web & API Penetration Testing-Mobile Application Security Testing-Infrastructure Vulnerability Management (IVM)-Oversee scan scheduling, execution, validation, and reporting.-Drive the reduction of false positives and enhance detection accuracy.-Ensure timely delivery of security testing activities aligned with client SLAs.-Perform automated and manual security scans for applications and infrastructure.-Validate findings, analyze root causes, and prioritize remediation based on risk.-Provide technical recommendations to development, DevOps, and infrastructure teams.-Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).-Administer and optimize usage of security tools including but not limited to:-WebInspect, Veracode, Burp Suite, Custom Scripting Tools-GitLab, ServiceNow Security Modules-Datadog Security Explorer, OpenShift ACS-Tune and maintain tool configurations, scan profiles, and dashboards.-Track scan volumes, issue lifecycle, and performance KPIs.-Deliver dashboards and executive-level reports on security posture.--Support audit, compliance, and client reporting needs.-Team Collaboration & Stakeholder Management-Provide technical direction and mentorship to the delivery team.-Liaise with client teams, application owners, and platform SMEs.-Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: -Experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.-Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).-Hands-on experience in penetration testing of web, mobile, and API-based applications.-Familiarity with infrastructure scanning and vulnerability remediation practices.-Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).-Experience working in global delivery teams, preferably in a client-facing role.Preferred Certifications-CEH / OSCP / GWAPT / CISSP / CSSLP,Veracode Certified Specialist or equivalent,Vendor certifications on WebInspect, Burp Suite, GitLab Security-Knowledge of cloud security principles (Azure/AWS/GCP)-Familiarity with container security and DevSecOps tooling-Exposure to automated CI/CD security integrations Additional Information:- The candidate should have minimum 5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About Us Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytms mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology. Key Responsibilities: Lead, mentor, and manage a high-performing team of 20+ Application Security Engineers, promoting a culture of continuous improvement and collaboration. Develop and implement a comprehensive application security strategy, identifying, assessing, and mitigating risks across the organizations software development lifecycle. Oversee application security testing, vulnerability assessments, code reviews, and penetration testing efforts to ensure adherence to best security practices throughout the development process. Collaborate with cross-functional teams (Engineering, DevOps, Product Management, etc.) to integrate security seamlessly into the product development lifecycle. Lead response efforts to application security incidents, ensuring effective detection, containment, and resolution. Stay current with the latest security threats, trends, and best practices to continuously improve the team's capabilities and knowledge. Establish and enforce application security policies, standards, and guidelines to ensure a consistent approach to security across all applications. Drive and execute training programs to elevate the security awareness of development and engineering teams. Provide regular security performance reports and risk mitigation updates to senior leadership. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field (Masters preferred). 15+ years of experience in application security, with at least 5 years in a leadership or managerial role. Proven track record of successfully managing and scaling security engineering teams of 20+ engineers. Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling. Extensive hands-on experience with modern application security tools (e.g., SAST, DAST, SCA, IAST). Strong knowledge of web application technologies, cloud platforms (AWS, Azure, GCP), and secure development practices. Thorough understanding of compliance requirements (e.g., GDPR, HIPAA, SOC 2) and the ability to integrate security measures within legal and regulatory frameworks. In-depth experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices. Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical stakeholders. Strong leadership and team-building skills, with a focus on fostering a culture of security excellence. Desired Skills: Certifications in application security (e.g., CISSP, OSCP, GWAPT) are highly preferred.Experience with vulnerability management, threat intelligence, and risk management frameworks.Familiarity with container security, microservices, and serverless architecture.Proven ability to influence cross-functional teams to prioritize security in development processes. Compensation If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants- and we are committed to it. Indias largest digital lending story is brewing here. Its your opportunity to be a part of the story!

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. We're looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our TPRaaS team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities include: leading and working closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements, assisting/mentoring team members in vendor calls/client interactions by providing delivery updates, performing quality checks on work products before delivering them to the end clients, following policies and procedures that support the successful implementation of TPRM operating models, facilitating process walkthrough discussions to document end-to-end business processes and functional requirements, assessing the application of legal and regulatory requirements to clients" TPRM practices, leading/participating in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes, assisting in the selection and tailoring of approaches, methods, and tools to support service offerings or industry projects, building and nurturing positive working relationships with clients to achieve exceptional client service, contributing to identifying opportunities to improve engagement profitability, assisting leadership in driving business development initiatives and account management, and participating in building strong internal relationships within GMS Services and with other services across the organization. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle and an understanding of the associated organizational infrastructure. You should also have a strong understanding of the TPRM framework, Risk Management, Information Security practices, and demonstrate a good understanding of the Contract Risk Review management process. Additionally, hands-on exposure to TPRM tools and technology solutions, demonstrated knowledge of standards, privacy regulations, regulations, networking and security concepts, and experience in LAN/WAN architectures is required. It is also beneficial to have prior Big-4 experience and certifications such as CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor, or Lead Implementer. Ideally, you'll also have project management skills and exposure to tools like ProcessUnity, ServiceNow, Archer. At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects, receive support, coaching, and feedback from engaging colleagues, and have opportunities to develop new skills and progress your career. We offer the freedom and flexibility to handle your role in a way that's right for you. EY exists to build a better working world, helping create long-term value for clients, people, and society by providing trust through assurance and helping clients grow, transform, and operate.,

As the Head of Application Security Engineering, you will lead, mentor, and manage a high-performing team of 20+ Application Security Engineers, fostering a culture of continuous improvement and collaboration. Your responsibilities include developing and implementing a comprehensive application security strategy to identify, assess, and mitigate risks throughout the software development lifecycle. You will oversee security testing, vulnerability assessments, code reviews, and penetration testing efforts to ensure adherence to best practices. Collaboration with cross-functional teams like Engineering, DevOps, and Product Management is essential to seamlessly integrate security into the product development lifecycle. You will lead response efforts to security incidents, ensuring effective detection, containment, and resolution. Staying updated with the latest security threats, trends, and best practices will be crucial to enhancing the team's capabilities. Establishing and enforcing application security policies, standards, and guidelines to ensure consistency across applications is a key part of your role. You will drive training programs to enhance the security awareness of development and engineering teams. Regularly providing security performance reports and risk mitigation updates to senior leadership is also a part of your responsibilities. The ideal candidate will hold a Bachelor's degree in Computer Science, Information Security, or a related field, with a preference for a Master's degree. You should have over 15 years of experience in application security, including at least 5 years in a leadership role. A proven track record of managing and scaling security engineering teams is required. Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling is essential. Extensive hands-on experience with modern application security tools, strong knowledge of web application technologies, cloud platforms, and secure development practices are necessary. In-depth understanding of compliance requirements and experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices are critical. Excellent communication skills, both technical and non-technical, are vital. Strong leadership and team-building abilities with a focus on fostering a culture of security excellence are key. Desired skills include certifications in application security, experience with vulnerability management, threat intelligence, and familiarity with container security, microservices, and serverless architecture. Join us in creating wealth and democratizing credit for consumers and merchants. Embrace the opportunity to be a part of India's largest digital lending story.,

About Narayana Health: Narayana Health is headquartered in Bengaluru, India, and operates a network of hospitals in India and Overseas. The mission of Narayana Health is to deliver high-quality, affordable healthcare services to the broader population. The Narayana Health Group is India's leading healthcare provider and one of the largest hospital groups in the country with a network of 21 hospitals, 5 heart centers, and 19 primary care facilities. Annually, the NH group treats over 2.6 Million patients from over 78 countries covering 30+ medical specialties. The Centers of Excellence at Narayana Health help in treating Adult & Pediatric patients, with one of the largest transplant centers in India. The presence of Narayana Health spans across 17 locations in India and includes an overseas hospital in the Cayman Islands, USA. Additionally, two hospitals have international accreditation from the Joint Commission International (JCI), and 19 hospitals have domestic accreditation from the National Accreditation Board for Hospitals (NABH). About Athma: Athma is the Software Development Centre of Narayana Health, dedicated to building next-generation products for healthcare with the aim of making healthcare safe and affordable for patients. Athma's products handle over 10M transactions daily and assist 7M patients in navigating their health journeys. Athma SDC is focused on transforming healthcare through technology, making it more personalized, accessible, and effective for Indian users. Role: Senior Security Architect As a vital member of the team, the Application Security Architect at Athma will play a crucial role in fortifying the organization's application security. Responsibilities include implementing and enhancing security measures, ensuring compliance, and collaborating with cross-functional teams to safeguard products. Key Responsibilities: - Develop and integrate security measures throughout the software development life cycle. - Conduct security testing for mobile/web applications. - Work with Cybersecurity solutions, including Web and Mobile application security, and API Management. - Oversee and ensure compliance with regulatory standards and security best practices. - Provide guidance in code reviews, emphasizing secure coding practices. - Collaborate with cross-functional teams for security risk assessments, incident response, and remediation efforts. - Communicate security concepts effectively to both internal and external stakeholders. - Understand and apply knowledge of enterprise architecture, operations, and security controls. - Possess relevant certifications in application security and cybersecurity. Experience: 8 to 13 Years Required Skills: - Java-based Technologies & Spring Security: - Hands-on experience in securing applications developed using Java, focusing on frameworks like Spring, Spring Boot, and Spring Security. - In-depth knowledge of authentication, authorization, and other security functionalities provided by Spring Security. - Ability to identify and mitigate Java-specific security vulnerabilities. - Secure SDLC and Threat Modeling: - Proven experience in implementing security throughout the software development life cycle. - Ability to apply threat modeling methodologies for designing secure applications. - Security Testing: - Proficiency in conducting security testing for mobile applications and APIs. - Experience with SCA, SAST, DAST, and other relevant security testing tools. - Cyber Security Solutions: - Familiarity with Cyber Security solutions, including Web/Mobile Application Security and API Management. - Knowledge of Assessment frameworks and compliance obligations. - Compliance and Standards: - Experience in overseeing and ensuring compliance with security standards. - Implementation and maintenance of security controls to meet compliance requirements. - Code Reviews and Communication: - Ability to provide guidance in code reviews, emphasizing security best practices. - Strong communication skills to articulate complex security concepts to diverse stakeholders. - Cross-functional Collaboration: - Proven collaboration skills with cross-functional teams for security risk assessments and incident response. - Enterprise Knowledge: - Strong understanding of enterprise architecture, operations, and security controls.,

Senior Cyber Security Partner | 8+ yrs exp | Lead threat modeling, secure SDLC, cloud security (AWS/Azure/GCP), compliance (OWASP/NIST/ISO), incident response, mentoring, and tool evaluation. Pref: CISSP/CISM/CEH. Hybrid – Bengaluru.

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

As an organization focused on re-imagining agricultural insurance through the innovative integration of Public Cloud, GIS, Remote-sensing, and cutting-edge AI-based algorithms, we at Kshema are dedicated to empowering the future of agricultural insurance. Leveraging the latest advancements in Mobile and Geospatial technologies, we are committed to revolutionizing the industry. We are currently seeking a Chief Information Security Officer (CISO) who will play a pivotal role in driving our cyber security strategy and ensuring strict compliance with regulatory and statutory guidelines pertaining to information and cyber security. As the CISO, you will be entrusted with the responsibility of enforcing policies aimed at safeguarding the organization's information assets and coordinating all information/cyber security-related matters internally and externally. **Key Responsibilities:** - Develop a comprehensive Information Security Roadmap for the organization with a forward-looking perspective. - Establish and oversee an enterprise-wide information security and IT risk management program. - Lead the implementation and review of Hardware, Network, and Software Security Standards and Controls to fortify systems, data, and assets against internal and external threats. - Implement Security Assessment and Testing Processes, including Penetration Testing, Secure Software Development, and Vulnerability Management. - Identify and deploy cutting-edge Security Products/Tools for various purposes. - Proactively monitor and address security issues, potential threats, and vulnerabilities to enhance security standards continually. - Conduct Information Security awareness training for all employees. - Execute Security Assessment practices such as Audits and Reviews. - Provide strategic guidance and consultation for IT Projects, including security risk assessments. - Conduct real-time analysis, investigations, and forensics when necessary to enhance security measures. - Develop strategies to manage security incidents and conduct investigations. - Maintain regular communication with stakeholders on Information and Data Security Practices and Activities. - Implement a strategy for deploying information security technologies to mitigate cyber-attack risks. - Continuously evaluate current IT security practices and systems for enhancement. - Ensure compliance with the latest regulations and requirements. - Develop and implement business continuity plans. **Desired Skills and Experience:** - Engineering Graduate/Post-Graduate in fields such as Computer Science, IT, Electronics, Communications, or Cyber Security. - Minimum of 15 years" experience in risk management, information security, or cyber security. - Profound knowledge of information security management frameworks like ISO/IEC 27001 and NIST. - Familiarity with DevSecOps, Secure SDLC, Security Automation, Security Testing, DR & BCP Concepts. - Experience in financial forecasting and budget management. - Understanding of Industry Security Standards, Protocols, and Data Privacy Regulations. - Ability to navigate ambiguity and devise solutions for complex problems. - Experience in contract and vendor negotiations and management. - Proficiency in Agile software development practices. - Collaboration skills to work effectively with cross-functional teams. - Relevant certifications such as CISSP, CEH, CISA, and CISM are advantageous. - Hands-on experience in designing, implementing, and operating security in public clouds like AWS, Azure, Oracle, or GCP. - Strong written and verbal communication skills with a high level of integrity. - Excellent presentation skills. Join us at Kshema and be a part of our mission to redefine agricultural insurance through innovation and technology.,

Who are we? FalconX is a pioneering team of operators, investors, and builders committed to revolutionising institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape. Who is on the team? We are entrepreneurs. Many in our company have been founders or have aspirations to eventually start their own company. We take these ambitions and experiences to bring a solutions-oriented mindset to the problems we encounter day-to-day. We have been fortunate to have learned from mentors and peers at institutions such as Google, LinkedIn, JUMP Trading, Citadel, PEAK6 Investments, Goldman Sachs, JP Morgan, Harvard Business School, Carnegie Mellon, IIT, IIM +more. The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, youll dive deeply into these product lines and provide guidance as well as implementation when needed. Responsibilities : Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements; Interface with the rest of Engineering on the security of Falconxs software products (Cryptocurrency; High Frequency Trading; AI systems). Youll provide guidance / recommendations / and drive the Engineers to implement your recommendations. Review and provide eng-design / architectural guidance for application systems Occasional Vulnerability Management Occasional Pentesting Educate and Train Engineers on Application Security fundamentals Execute and improve security reviews and consulting processes with runbooks and automation. Knowledge, Skills & Abilities : Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX. Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. Technical Project Management Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision. Vulnerability management, incident response Qualifications : Minimum of 6+ years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc Minimum of 6+ years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers Exceptional written and verbal communication skills Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems

Application & product security, including threat modeling and secure SDLC Cloud security (AWS/GCP/Azure), container security (Docker, Kubernetes & API protection DevSecOps- automation in IaC & CI/CD pipelines Scripting (Python/Shell), Linux security Required Candidate profile Sr Security Egr - 7+ yrs exp. to lead & enhance security across the SDLC. expertise in application security, threat modeling, cloud security (AWS/GCP/Azure), DevSecOps practices & strong communication

Role & responsibilities Application & product security, including threat modeling and secure SDLC Cloud security (AWS/GCP/Azure), container security (Docker, Kubernetes & API protection DevSecOps- automation in IaC & CI/CD pipelines Scripting (Python/Shell), Linux security Preferred candidate profile With more than 7+ years of Total industry experience Advanced experience in securing applications and application settings Advanced experience in app and product security Advanced understanding in securing cloud technologies Experience with technologies from at least one public cloud (AWS, GCP, Azure) Experience in securing containerization (Docker, K8s, etc) and API Experience with modern DevSecOps practices including implementing automated security in IaC and CI/CD pipelines Strong scripting skills Python/Shell Scripting experience Mid to advanced level Linux knowledge in a physical, virtual, or public cloud environment. Exceptional verbal and written communication skills are necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge. Bonus Points: CISSP, CASP+, GSLC, CISM certified. Qualifications Bachelor's or Master's degree in Computer Science, Engineering, or a related field.

Senior Manager, Corporate Security – Application Security Architect Remote Job Description About Corporate Security Cognizant Corporate Security, a key organization within Cognizant Technology Solutions, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks. Position Description Cognizant is searching for an experienced Application Security Architect who can lead application security initiatives for product teams in the Cognizant Healthcare division. This will include day-to-day collaboration with product teams, ensuring that they meet Cognizant Security requirements and architectural standards in addition to regulatory and contractual obligations. This will also include reviewing application designs to ensure security is part of each product from the start. You would ensure solutions are appropriately assessed prior to release, and work with product teams to prioritize remediation of findings from security activities. This is not an assessment/testing role; although testing experience will be beneficial, the role is for design-level review and guidance. To excel in this role, you will need the following: 5+ years of application security and secure coding experience. Expertise in implementing a secure SDLC within an Agile framework for new and existing applications. Expertise in designing and implementing application security controls across complex and diverse environments. Experience reviewing testing/scanning results and communicating the technical implications to development teams. Ability to assess real-world risk and communicate that in technical and business/management contexts. Exceptional verbal and written communication skills, including the development of reports and best practices documents. An attitude of always learning, sharing your knowledge with the team, and collaborating across multiple security teams. Strong attention to detail and self-organization skills. Experience working remotely and with geographically separated teams. Additional preference for candidates who: Have done application development in large-scale environments. Have conducted threat models. Have integrated application security practices into CI/CD pipelines and DevOps environments. Have experience with Java and .NET. Have secured applications in Cloud environments (especially Azure). Understand network and infrastructure security. Have conducted application testing (SAST, DAST, and manual assessments). Obtained relevant GIAC or Offensive Security certifications. About Cognizant Technology Solutions Cognizant is a leading provider of Information Technology, Consulting, IT Infrastructure, and Business Process Outsourcing services. Cognizant’s single-minded mission is to dedicate our business process and technology innovation know-how, deep industry expertise, and worldwide resources to working together with customers to make their businesses stronger. As a customer-centric, relationship-driven partner, we are redefining the way companies experience and benefit from global services. Our unique delivery model is infused with a distinct culture of high customer satisfaction. Cognizant delivers a trusted partnership, cost reductions and business results. Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500. Cognizant is ranked among the top performing and fastest growing companies in the world. Visit us online at http://www.cognizant.com/ or follow us on Twitter: Cognizant. Cognizant is an Equal Opportunity Employer M/F/D/V. Cognizant is committed to ensuring that all current and prospective associates are afforded equal opportunities and treatment and a work environment free of harassment.

Conduct threat modeling, enforce Secure SDLC, embed security in CI/CD pipelines, and collaborate with teams to identify risks and drive remediation early in the development lifecycle. Required Candidate profile Candidate should have a Bachelor's in CS or related field with strong knowledge of AppSec, DevSecOps, and secure coding practices.

Strong C/C++ skills, multithreading expertise, and hands-on experience in networking and security protocols. Work on cutting-edge technologies in a collaborative R&D environment driving the digital transformation of the print industry. Required Candidate profile Experience in network programming using TCP/IP, sockets, and familiarity with application protocols like HTTP/S, SNMP, FTP, IPP, LPR, WSD, Bonjour.

Dear Candidate, We are hiring a Security Engineer to design and implement secure systems across cloud and application environments. Ideal for engineers excited about threat modeling and proactive defense. Key Responsibilities: Perform security assessments and code reviews Develop security policies and incident response procedures Implement security controls in cloud and on-prem environments Monitor for vulnerabilities and recommend mitigation Required Skills & Qualifications: Knowledge of OWASP Top 10, secure coding practices Experience with SIEM, IDS/IPS, and vulnerability scanners Familiarity with cloud security (AWS, Azure, GCP) Bonus: Certifications (CISSP, CEH, OSCP) Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies