Web Application Security Consultant GoldenHire Consultancy

3.0 - 7.0 years

0 Lacs

pune, maharashtra

On-site

You will be responsible for performing automated testing of running applications and static code (SAST, DAST). Additionally, you will conduct manual application penetration tests on various platforms such as web applications, internal applications, APIs, internal and external networks, and mobile applications to identify and exploit vulnerabilities. Experience in mobile application testing, Web application pen testing, application architecture, and business logic analysis would be advantageous. You will need to utilize application tools like AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux to carry out security tests and should be capable of explaining concepts like IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, and Remediation. The mandatory technical and functional skills required for this role include a minimum of three (3) years of recent experience with application tools for security testing, manual penetration testing, and code review against web apps, mobile apps, and APIs. You should also have experience in working with both technical and non-technical audiences to report results and lead remediation conversations. It is preferred that you have at least one year of experience in developing web applications and/or APIs. Being able to adapt to new tools and technologies to address client project requirements efficiently is a key aspect of this role. While having major ethical hacking certifications like GWAPT, CREST, OSCP, OSWE, or OSWA is not mandatory, it would be considered advantageous.,

Posted 1 week ago

Apply

Security Analyst Cirruslabs

2.0 - 4.0 years

12 - 14 Lacs

Hyderabad, Bengaluru

Hybrid

Experience - 2-4 years Location - Bengaluru/Hyderabad Position Summary We are hiring a Security Analyst to support an enterprise-level initiative focused on identifying, triaging, and remediating exposed secrets across GitHub Enterprise code repositories. This role is part of a multi-location, cross-functional team delivering a secrets burndown strategy for one of the world's leading enterprise IT organizations. As a Security Analyst, you will play a key role in reviewing exposed credentials and other secrets detected in source control systems. You will help categorize findings, initiate remediation workflows, track resolution progress, and collaborate with both local and U.S.-based engineering and program leads. This role will include interaction with platforms like GitHub , ServiceNow , and potentially GitGuardian as part of a broader secrets governance program. This opportunity is ideal for an analyst with foundational security experience and interest in supporting DevSecOps initiatives in a global, enterprise-scale environment. Key Responsibilities Review alerts and reports of detected secrets within GitHub repositories (e.g., PATs, tokens, SSH keys, API secrets) Perform initial triage and categorization of findings to determine relevance, criticality, and action path Create, update, and manage tickets in ServiceNow or similar workflow platforms to support remediation tracking Coordinate with engineering teams to monitor remediation progress, identify blockers, and escalate unresolved items Support recurring reporting on secrets status, closure rates, and risk reduction over time Collaborate with both offshore and U.S.-based delivery leads to ensure consistent reporting and alignment with broader posture goals Document standard operating procedures, triage rules, and data handling guidelines for internal use Required Qualifications 24 years of experience in a security analyst, IT operations, or DevSecOps support role Familiarity with reviewing code repositories (e.g., GitHub, Azure DevOps) or similar developer tools Hands-on experience with ticketing systems such as ServiceNow , JIRA , or other incident/remediation platforms Ability to understand and categorize common credential types (API keys, SSH keys, tokens, etc.) Detail-oriented with strong documentation and organizational skills Clear and effective written and verbal communication in English Preferred Qualifications Experience working within a global team structure across U.S. and India time zones Exposure to GitHub Advanced Security , GitGuardian , or other secrets scanning tools Interest in enterprise security posture, DevSecOps practices, or compliance monitoring Familiarity with Prisma Cloud or posture visibility platforms is a plus Previous experience in consulting firms, large IT service organizations, or multinational enterprises Why Join Us? Be part of a globally distributed cybersecurity project making a measurable impact Collaborate with experienced engineering leads and program managers in a remote-first environment Gain exposure to high-demand platforms and tools such as GitHub, GitGuardian, and Prisma Cloud Contribute to an evolving DevSecOps capability with long-term career potential Join a supportive consultancy team with opportunities to grow in the enterprise security domain

Posted 1 month ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.