108 Veracode Jobs

Job responsibility 4– 8 years of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Technical Skills Required: Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Work Experience 4– 8 yrs of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA work location-Bnagalore

Senior DevOps Engineer 6+ Years Experience Location: Hyderabad Experience: 6+ years Were looking for a Senior DevOps Engineer with strong hands-on expertise in CI/CD, automation, and cloud . You will be responsible for building and troubleshooting CI/CD pipelines (GitHub Actions, Bamboo, Bitbucket) , automating infrastructure with Terraform/Ansible , and working with Docker & Kubernetes . Key Skills: CI/CD (GitHub Actions, Bamboo, Bitbucket) Scripting/Programming (Python, Shell, PowerShell, Java) Cloud (PCF/AWS/Azure/GCP) & IaC (Terraform, Ansible) Security tools (SonarQube, Veracode, Blackduck, Nexus, CodeQL) Monitoring (Splunk, AppDynamics, ITRS) What we value: Strong problem-solving and troubleshooting Experience mentoring and guiding teams Passion for learning new DevOps tools and trends

As a Senior Full Stack Engineer with expertise in .Net, Angular, Node.js, and TypeScript, you will play a crucial role in web services development and contribute to the transformation of businesses in the banking, financial, and energy sectors. Capco, a global technology and management consulting firm, values diversity, inclusivity, and creativity in an open culture that encourages innovation and career advancement without forced hierarchies. Your primary responsibilities will include working on Angular 15+, CSS, HTML5, and core TypeScript knowledge to develop Micro Services and RESTful web services using frameworks like Nest.js and Nx.js. You will leverage your expertise in CI/CD architecture to set up DevOps pipelines and work with SQL databases and TypeScript ORMs such as Prisma and TypeORM. Writing unit tests in TypeScript and having knowledge of major cloud platforms like GCP, AWS, and Azure will be advantageous. In addition to technical skills, you are expected to possess good written and oral communication skills, the ability to work independently in an Agile methodology environment, and a strong understanding of Clean Code principles. As an independent contributor, you will handle existing project modules while being proactive in suggesting design changes and ensuring timely software delivery. The role requires you to be present in the office four days a week and exhibit confidence in taking on new developments with minimal guidance. Your expertise with Docker, Kubernetes, Istio, and monitoring tools like white source, Veracode, SonarQube, as well as familiarity with VSTS (Azure DevOps) will be beneficial in contributing to the team's success. If you are passionate about making an impact, driving innovation, and working in a diverse and inclusive environment, this opportunity at Capco in Pune, Maharashtra, could be the next step in your career advancement.,

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices Roles & Responsibilities:- Service Delivery & Technical Leadership Lead the delivery of application and infrastructure security services including:Dynamic Application Security Testing (DAST)Static Application Security Testing (SAST/SCA)Web & API Penetration TestingMobile Application Security TestingInfrastructure Vulnerability Management (IVM)Oversee scan scheduling, execution, validation, and reporting.Drive the reduction of false positives and enhance detection accuracy.Ensure timely delivery of security testing activities aligned with client SLAs.- Security Testing & AnalysisPerform automated and manual security scans for applications and infrastructure.Validate findings, analyze root causes, and prioritize remediation based on risk.Provide technical recommendations to development, DevOps, and infrastructure teams.Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).- Tool Ownership & OptimizationAdminister and optimize usage of security tools including but not limited to:WebInspect, Veracode, Burp Suite, Custom Scripting ToolsGitLab, ServiceNow Security ModulesDatadog Security Explorer, OpenShift ACSTune and maintain tool configurations, scan profiles, and dashboards.- Governance & ReportingTrack scan volumes, issue lifecycle, and performance KPIs.Deliver dashboards and executive-level reports on security posture.Support audit, compliance, and client reporting needs.- Team Collaboration & Stakeholder ManagementProvide technical direction and mentorship to the delivery team.Liaise with client teams, application owners, and platform SMEs.Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: - 8+ years of experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.- Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).- Hands-on experience in penetration testing of web, mobile, and API-based applications.- Familiarity with infrastructure scanning and vulnerability remediation practices.- Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).- Experience working in global delivery teams, preferably in a client-facing role- CEH / OSCP / GWAPT / CISSP / CSSLP- Veracode Certified Specialist or equivalent- Vendor certifications on WebInspect, Burp Suite, GitLab Security Additional Information:- The candidate should have minimum 7.5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required.- Knowledge of cloud security principles (Azure/AWS/GCP)- Familiarity with container security and DevSecOps tooling- Exposure to automated CI/CD security integrations- Strong communication and documentation skills- Proactive problem-solving and analytical thinking- Ability to balance security risk with operational practicality Qualification 15 years full time education

As a Lead Engineer for Technology at Pune, India, you will be a strategic and results-driven SRE leader with extensive experience in banking and financial services. Your role will involve ensuring high availability, resilience, and performance of mission-critical banking applications. You will drive DevOps transformation, automation, and incident management while ensuring compliance with financial regulations. The environment relies on a Linux-based stack and open-source tools such as Jenkins, Helm, Ansible, Docker/Podman, as well as other popular tools like OpenShift and Terraform. The engineering team is scaling globally to meet customer needs and will be distributed over three Deutsche Bank Technology Centers in the US, Germany, and India. As a Lead DevOps/Platform Engineer, your responsibilities will include designing, implementing, and supporting reusable engineering solutions, as well as fostering a strong engineering culture. Under our flexible scheme, you will enjoy benefits such as best-in-class leave policy, gender-neutral parental leaves, childcare assistance benefit reimbursement, sponsorship for industry-relevant certifications, Employee Assistance Program, comprehensive hospitalization insurance, accident and term life insurance, and complementary health screening for individuals aged 35 and above. Your key responsibilities will involve developing, maintaining, and continuously improving shared CI/CD, automation, and monitoring components with a focus on quality and user experience. You will take long-term responsibility for tools and projects, build sustainable processes for their development and maintenance, plan engineering assessments, introduce modern industry practices, collaborate with other teams, and provide 3rd level support as components move to production. To excel in this role, you should have a deep understanding of common development tasks and problems, with a background in Development, Quality Assurance, or SRE as a plus. Strong technical skills in software development processes and hands-on experience with tools like Spring Boot, Kotlin/Java, Git, Jenkins, Docker, Prometheus, Groovy, Kubernetes, etc., are required. Effective communication and collaboration skills, a proactive mindset, attention to detail, and a constant desire to improve are essential. We support your career growth through training, coaching, a culture of continuous learning, and a range of flexible benefits tailored to suit your needs. At Deutsche Bank, we strive for a culture of empowerment, responsibility, commercial thinking, initiative, and collaboration. We celebrate the successes of our people and promote a positive, fair, and inclusive work environment. Join us in excelling together every day as part of the Deutsche Bank Group. For further information about our company, please visit our website at: [https://www.db.com/company/company.htm](https://www.db.com/company/company.htm),

We are seeking a skilled Application Security Consultant to join our team at MAST Vanguard (Cybersecurity). The ideal candidate will have a strong background in manual secure code review for Java and C#, as well as experience in penetration testing of web/mobile apps, APIs, and networks. As a Consultant at MAST Vanguard, you will need to have at least 3 years of experience in AppSec testing using tools such as BurpSuite, Veracode, and OWASP ZAP. You should also possess expertise in manual code review and penetration testing. Additionally, you should be able to effectively collaborate with both technical and business teams. Familiarity with advanced vulnerabilities like IDOR, 2nd Order SQLi, and CSRF is essential. Bonus points if you hold ethical hacking certifications such as OSCP, GWAPT, etc. Experience in web/app development or AI pen testing would be an added advantage. Join our team and be part of solving real-world security challenges using cutting-edge tools and techniques. If you are ready for this exciting opportunity, apply now or reach out for more information. #Hiring #CyberSecurityJobs #ApplicationSecurity #PenTesting #SecureCodeReview #OSCP #BurpSuite #InfoSec #Careers #TechJobs,

What you’ll do: Build secure CI/CD pipelines in Azure DevOps Integrate code quality & security tools Manage releases, monitoring & runbooks Collaborate across teams to enhance DevOps culture

Zycus is looking for a passionate Cloud Application Security Architect with 12 to 18 years of experience in End-to-End Application Security, preferably from a development background. The Cloud Security Architect leads the design and development of innovative security architectures for protecting data deployed in various cloud and hybrid cloud environments. This position will directly contribute to the overall global enterprise cloud architecture and lead the security vision and strategy around SaaS-based applications across all layers Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). The Cloud Security Architect will serve as the central point of contact for Enterprise Security for other technology teams within Zycus on all matters related to cloud and application security. The role involves identifying opportunities and risks, developing security solutions that align with business goals, and protecting Zycuss intellectual property globally. Key Responsibilities Include: Security Architecture Design: Architect and develop security frameworks for cloud and hybrid environments, including AWS, Azure, and physical data centers. Design cloud-native solutions with appropriate security controls based on business needs. Leadership & Representation: Act as the ambassador and senior technical representative of Enterprise Security within cross-functional teams to ensure secure implementation of cloud-based applications. Collaboration & Integration: Work with Engineering, Infrastructure, and Application Development teams to recommend, select, and integrate secure technology solutions into Zycus environments. Standardization & Governance: Develop and maintain cloud and application security standards in collaboration with key stakeholders. Knowledge Sharing & Mentorship: Lead technical forums, mentor junior team members, and drive security awareness through formal and informal training initiatives. Customer & Sales Support: - Respond to RFPs (Request for Proposals), security questionnaires, and due diligence documents to address customer specific cloud and application security concerns. - Attend customer meetings and calls to represent Zycuss security posture and address technical security queries related to the cloud, application, infrastructure, and compliance frameworks. Technology Strategy: Contribute to the development of long-term cloud security technology roadmaps in collaboration with service and business teams. EXPERTISE AND QUALIFICATIONS 12 to 18 years of overall experience, with 68 years in Security Architecture or Engineering roles. Strong background in Cloud platforms (AWS preferred; Azure a plus). Experience with security assessment tools and methodologies including VAPT, Web Application Scanners (e.g., Veracode,IBM AppScan), Network Scanners (e.g., QualysGuard, Nessus). Familiarity with SIEM (QRadar), DLP (Digital Guardian), CASBs, firewalls (e.g., Palo Alto), sniffers (e.g., Wireshark), and other security tools.Hands-on experience with secure software development practices, threat modeling, IAM, cryptography, and certificate management. Knowledge of authentication mechanisms like OAuth, OpenID, SAML, etc. Strong understanding of compliance frameworks such as SSAE 16 SOC1, SOC2, and PCI-DSS. Proven experience in responding to customer security requirements and effectively communicating technical concepts to non-technical stakeholders. Ability to work independently and collaborate in cross-functional teams. Preferred Qualifications: Excellent Java EE development experience; knowledge of middleware and integration platforms (e.g., ESB). Familiarity with mobile platform architectures (iOS, Android) and their integration with cloud services. Deep understanding of SSL/TLS protocols and certificate-based authentication. Security certifications related to cloud and application security (e.g., CCSP, AWS Security Specialty, CISSP). Experience representing technical perspectives during customer audits, pre-sales calls, and vendor evaluations.

The Full Stack Software Engineer position at MetLife offers an exciting opportunity to contribute to the digital and AI transformation journey of the company. As a Full Stack Software Engineer, you will be responsible for designing, developing, and maintaining cloud native/modern software solutions that drive business results. Key Responsibilities: - Adopt Agile ways of working in the software delivery lifecycle and continuously learn new methods and technologies. - Be a hands-on engineer in the technical design and development of applications using existing and emerging technologies. - Work on detailed technical design and development of applications/platforms, partnering with Product owner in planning. - Develop using multiple technology stack capabilities (Front/Back End, API, Database Management, Hosting technologies, etc.). - Review solution designs and related code, investigate and resolve production management incidents, problems, and service requests. - Implement technology best practices, architecture, and technology stack, including cloud, AI/Data, and other emerging technologies. Candidate Qualifications: Education: - Bachelor of Computer Science or equivalent Experience: - Minimum 3 years of experience in development using multiple technology stack capabilities to drive digital transformation in financial services or technology domain. - Hands-on experience in developing applications using modern technology stack and patterns. - Experience in developing mission-critical applications in complex and regulated environments will be an added advantage. - Proficiency in software development lifecycle, including CI/CD, test-driven development, domain-driven design, and Agile ways of working. Skills and Competencies: - Effective communication skills to ensure results are achieved. - Proven track record of collaborating in a global and multi-cultural environment. - Ability to work in a high-paced environment with a can-do attitude. Tech Stack: - Agile (Scaled Agile Framework) - DevOps and CI/CD: Containers (Azure Kubernetes), CI/CD (Azure DevOps, Git, SonarQube), Scheduling Tools (Azure Scheduler) - Development Frameworks and Languages: Microservices (Java, Springboot), UI & Web (ReactJS, HTML, Javascript), Mobile (Swift, Objective-C, React Native, Ionic Framework) - Data Management: Database (SQL Server, Cosmos DB), APIs (Kong, APIC, APIM) - Development Tools & Platforms: IDE (GitHub Copilot, VSCODE, IntelliJ), Cloud Platform (Microsoft Azure) - Security and Monitoring: Secure Coding (Veracode), Authentication/Authorization (CA SiteMinder, MS Entra, PingOne), Log & Monitoring (Azure AppInsights, Elastic) About MetLife: MetLife is one of the world's leading financial services companies, providing insurance, annuities, employee benefits, and asset management. With operations in more than 40 markets, MetLife aims to create a more confident future for its colleagues, customers, communities, and the world at large. If you are inspired to transform the next century in financial services, join us at MetLife where it's #AllTogetherPossible.,

Overview Looking for skilled Senior Backend Engineers to join fast-growing tech and product teams This opportunity is ideal for those who want to work on scalable systems, design high-performance APIs, and solve complex data challenges across distributed environments One short interview is all it takes to get considered for 100+ backend roles with top startups and tech companies, What Youll Do Design scalable and reliable server-side architectures Build and maintain efficient APIs and microservices Optimize database structures and queries (SQL/NoSQL) Collaborate with frontend, product, and DevOps teams Ensure systems are secure, testable, and production-ready Work on distributed systems, caching, and performance tuning Interview Topics Proficiency in backend languages (Java, Python, Go, Nodedot js) API and microservices architecture Database design and optimization Scalable system design and reliability Security and authentication principles Collaboration with cross-functional teams What Were Looking For 510 years of backend development experience Solid understanding of system design and production-grade architectures Strong debugging, testing, and performance tuning skills Location Bengaluru (Remote, On-site, or Hybrid based on company policy) Whats in it for You Competitive compensation and benefits Career development and fast-track opportunities Access to top product companies without applying individually A supportive, high-growth environment

Location: Remote (India-based) Hours: 7:30 PM 3:30 AM IST (40 hours/week) We are seeking an experienced Senior .NET Developer with extensive AWS and DevOps expertise to lead critical troubleshooting, incident response, and system maintenance efforts. This role requires deep technical knowledge, strategic problem-solving, and the ability to guide processes and best practices while working in a high-pressure, client-facing environment. Must-Have Technical Expertise: Advanced AWS Troubleshooting & Maintenance : Proficient in resolving complex AWS infrastructure issues, including container management, networking, permissions, and performance tuning. Enterprise-Level .NET Development : Proven track record in architecting, building, optimizing, and maintaining .NET applications for large-scale systems. Python for Automation & Integration : Ability to develop robust scripts for automation, data processing, and integration tasks. Infrastructure as Code (IaC) : Expertise with AWS CDK (or equivalent) for managing scalable and repeatable cloud environments. Kubernetes (K8s) : Advanced deployment strategies, scaling, upgrades, and troubleshooting in production clusters. DevOps Toolchain : Hands-on experience with Harness (deployments), Dynatrace (observability), Wiz (security), and other modern CI/CD platforms. Application Security : Strong knowledge of Veracode or similar tools, implementing security scanning and remediation best practices. Complex Log Analysis & Root Cause Identification : Skilled in tracking down elusive, high-impact issues. Release Management Leadership : Designing, refining, and integrating release workflows into client environments. Key Responsibilities Lead P1 incident response in a 24/7/365 support rotation , ensuring rapid resolution and minimal downtime. Oversee troubleshooting of complex AWS and application-level issues. Direct and implement software maintenance, from bug fixes and patches to security hardening. Own and evolve IaC configurations, deployment pipelines, and environment setups. Drive improvements in observability, monitoring, and system health tracking. Establish and enforce documentation standards for technical and process knowledge. Collaborate with client teams to refine release strategies and integrate DevOps best practices. Role Highlights Senior-level, high-ownership position. 100% remote work from anywhere in India. Strategic involvement in production-critical systems and DevOps pipelines. Exposure to cutting-edge cloud-native and serverless architectures.

Role & responsibilities We are seeking an experienced Salesforce Developer who can lead deployment activities for a large, multi-project team, coordinate with client stakeholders, and ensure high-quality, secure Salesforce application delivery. This role will own end-to-end deployment processes, enforce coding and security standards, and oversee application security scans using tools like Veracode. The ideal candidate will have a strong technical background in Salesforce development, deployment automation using Azure DevOps, and best practices in code quality and application security. Key Responsibilities Deployment Management Lead Salesforce deployment activities across multiple sandboxes and production environments. Manage and validate deployment guides and ensure quality on deployment steps within development team. Coordinate deployment schedules with project managers, developers, and client stakeholders to ensure smooth releases. Prior experience with Change Sets and Salesforce DX, along with a thorough understanding of Salesforce deployment limitations and known issues Maintain and optimize CI/CD pipelines for Salesforce using Azure DevOps (pipelines, release management, automated testing). Familiarity with other deployment tools Copado , Gearset, AutoRABIT etc. Troubleshoot and resolve deployment issues quickly and efficiently. Code Quality & Governance Implement and enforce Salesforce coding standards and best practices (Apex, LWC, Visualforce, SOQL/SOSL, Triggers). Conduct peer code reviews and provide feedback to ensure maintainable, scalable, and high-performing solutions. Monitor and manage static code analysis using tools like Salesforce Code Analyzer. Maintain a repository of reusable components, coding patterns, and documentation. Application Security Integrate and manage application security sc Looking forward to receiving the shortlisted profiles Please share your updated profile to puneet.kumar@valueinnovationlabs.com/ puneet@mounttalent.com

As a .Net Software Engineer at Barclays, you will play a crucial role in supporting the successful delivery of location strategy projects by ensuring they meet plan, budget, quality, and governance standards. Your responsibilities will involve driving innovation and excellence in the digital landscape, utilizing cutting-edge technology to enhance our digital offerings and provide exceptional customer experiences. To excel in this role, you should possess a strong understanding of Object-Oriented Programming (OOPs) and Design Patterns. Additionally, you should have experience with the .Net framework (3.5 and above), C#, WPF, MVVM, and Python coding/deployments. Knowledge of deployment processes using tools like Bit Bucket, GitHub, Veracode, SonarQube for Code Quality, and experience with C# and WPF are essential. You should be capable of drafting technical specifications and effectively communicating with multiple stakeholders. Moreover, familiarity with MS SQL Server Database (T-SQL, Stored Procedures, Triggers, Functions, SSIS), programming languages (XML, ETL frameworks), and Data Warehousing is valuable. Strong self-motivation along with excellent written and verbal communication skills are also key attributes for success in this role. Desirable skills may include experience with custom workflow solutions, commercial CRM/workflow solutions, Python coding, and deployment. You should be comfortable working in roles like Scrum Master, Product Owner, and adapting to a fast-paced delivery environment with a focus on minimum viable product. Experience in delivering change and collaborating with stakeholders from various functions within a financial services organization is beneficial. Your primary goal will be to design, develop, and enhance software using various engineering methodologies to provide business, platform, and technology capabilities for customers and colleagues. You will collaborate with product managers, designers, and engineers to define software requirements, ensure code quality, and promote knowledge sharing. Staying updated on industry technology trends, contributing to technical communities, and adhering to secure coding practices are integral parts of this role. As an Analyst, you are expected to perform activities efficiently, demonstrate in-depth technical knowledge, lead and supervise a team if applicable, and contribute to the improvement of related teams and functions. You will be accountable for embedding new policies and procedures for risk mitigation, influencing decision-making, managing risks, and strengthening controls in your work area. Additionally, you should maintain a good understanding of how your sub-function integrates with the function and the organization's products, services, and processes. All colleagues at Barclays are expected to embody the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as demonstrate the Barclays Mindset to Empower, Challenge, and Drive.,

As a Software Engineer - .Net at Barclays, you will be responsible for independently producing requirements breakdown, writing user stories, and managing the delivery in accordance with Business requirement design. You will ensure all requirements traceability is factored into design/code/test deliverables. Additionally, you will identify and manage necessary controls/RAIDS and assist in diagnosing system problems encountered during various phases. Documenting functional specifications and changes and maintaining the application knowledge repository will also be part of your responsibilities. To be successful in this role, you should have a strong understanding of OOPs and Design Patterns. Knowledge of Dot net framework 3.5 and above, C#, WPF, MVVM, deployment process knowledge, Bit Bucket, GitHub, Veracode, SonarQube for Code Quality, and proven working experience in C# with WPF is essential. You should be well-versed in drafting technical specifications and justifying them with multiple stakeholders. Experience with MS SQL Server Database, programming (XML or ETL frameworks), Data Warehousing, and self-motivation with good written and verbal communication skills are also required. Additionally, highly valued skills may include experience with custom workflow solutions or commercial CRM/workflow solutions, working in a Scrum Master and/or Product Owner capacity, delivering change with multiple stakeholders from varied functions within a financial services organization, knowledge of Barclays Systems, Products, and processes, and embracing Barclays Values & Behaviours. The purpose of the role is to design, develop, and improve software using various engineering methodologies to provide business, platform, and technology capabilities for customers and colleagues. Your accountabilities will include developing and delivering high-quality software solutions, collaborating with product managers, designers, and other engineers, participating in code reviews, and promoting a culture of code quality and knowledge sharing. In terms of analyst expectations, you are expected to perform prescribed activities in a timely manner to a high standard, drive continuous improvement, lead and supervise a team, guide and support professional development, and demonstrate a clear set of leadership behaviours. You will also partner with other functions and business areas, take responsibility for embedding new policies/procedures, advise and influence decision-making, manage risk, and strengthen controls in relation to your work. Overall, as a Software Engineer - .Net at Barclays, you will play a crucial role in developing software solutions, collaborating with various stakeholders, and contributing to the technical excellence and growth of the organization while upholding the Barclays Values and Mindset.,

Java Springboot Microservices Java 8, Spring Boot, Spring Framework, Rest API, SOAP API, JPA Strong experience with Restful/Rest API Working knowledge of ORM Framework (Preferred Hibernate) Understanding of Microservice Architecture and design principles. Sonar/Sonarqube, Veracode and Prisma knowledge is plus Understanding of Docker and Docker Container. Experience with Agile tools & technologies (Scrum, JIRA, and Confluence) Working with NoSQL Databases is a plus. About The Role Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications. 1. Applies scientific methods to analyse and solve software engineering problems. 2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance. 3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers. 4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities. 5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. About The Role - Grade Specific Is fully competent in it's own area and has a deep understanding of related programming concepts software design and software development principles. Works autonomously with minimal supervision. Able to act as a key contributor in a complex environment, lead the activities of a team for software design and software development. Acts proactively to understand internal/external client needs and offers advice even when not asked. Able to assess and adapt to project issues, formulate innovative solutions, work under pressure and drive team to succeed against its technical and commercial goals. Aware of profitability needs and may manage costs for specific project/work area. Explains difficult concepts to a variety of audiences to ensure meaning is understood. Motivates other team members and creates informal networks with key contacts outside own area. Skills (competencies) Verbal Communication

Could you be the full-time Threat and Vulnerability Management Analyst in Bangalore were looking for? Your future role Take on a new challenge and apply your ethical hacking expertise in a cutting-edge field. Youll work alongside talented, collaborative, and forward-thinking teammates. You'll play a key role in safeguarding our organization's assets and enhancing our security program. Day-to-day, youll work closely with teams across the business (such as infrastructure, application owners, and third-party vendors), analyze threat intelligence reports, and develop remediation plans, among other impactful responsibilities. Youll specifically take care of vulnerability assessments, penetration testing, and implementing Secure SDLC programs, but also contribute to designing and delivering actionable security dashboards. Well look to you for: Tracking new and emerging threats and vulnerabilities, verifying their applicability, and initiating remediation activities as necessary Analyzing assessment reports provided by vendors or third parties and resolving them within defined SLAs Developing remediation plans by collaborating with infrastructure and application owners Providing guidance on patching, configuration settings, and additional security controls Defining the scope of assessment activities across internal and partner organizations Designing and delivering actionable information security dashboards and metrics Creating awareness about good security practices and the benefits of Secure SDLC programs Prioritizing vulnerabilities based on risk and driving them to closure using tools like Qualys, Skybox, and SecOps All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Bachelors or Masters degree in Engineering, Technology, or a related field 68 years of relevant IT experience Professional certifications such as CISSP, CEH, GPEN, or OSCP Exposure to threat modeling, systems hardening, and Secure SDLC programs Experience in application penetration testing and ethical hacking Proficiency with tools like Qualys, Veracode, Nessus, AppScan, and Skybox Knowledge of TCP/IP stack, OSI layers, application programming interfaces, middleware, and mobile technologies Familiarity with penetration testing methodologies (e.g., OWASP, OSSTMM, PCI DSS) Strong analytical skills and the ability to drive innovation and process improvement Solid understanding of ITIL process frameworks and experience in creating processes in complex multivendor ecosystems Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges, and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilize our flexible and inclusive working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development through award-winning learning Progress towards leadership or specialized roles within cybersecurity Benefit from a fair and dynamic reward package that recognizes your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension)

Your future role Take on a new challenge and apply your cybersecurity expertise in a cutting-edge field. Youll work alongside collaborative, innovative, and forward-thinking teammates. You'll play a critical role in protecting Alstoms digital assets and ensuring the organizations security posture remains robust. Day-to-day, youll work closely with teams across the business (Design Authority, Solution Architects, IS Design, IS&T Operations, and more), support cross-functional service owners, and engage with internal and external stakeholders to manage risks effectively and drive operational excellence. Youll specifically take care of developing and maintaining security metrics programs, leading cyber crisis management processes, and transforming traditional tools into AI- and ML-capable technologies, but also foster a culture of accountability and continuous improvement in cybersecurity practices. Well look to you for: Providing a comprehensive security posture of Alstom to senior management and leadership teams Collaborating with business groups, architects, and project teams to ensure security requirements are integrated early in processes Translating technical security concepts into actionable insights for leadership Analyzing vulnerabilities and recommending remediation actions Managing global cyber crisis processes and business continuity plans Driving modernization of cybersecurity capabilities through AI and ML Leading and mentoring cybersecurity operations teams Ensuring compliance with security standards and fostering a culture of resilience All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Bachelors/Masters degree in Engineering/Technology or a related field 12-16 years of relevant IT experience Professional certifications like CISSP, CEH, GIAC, CISM, or ISO 27001 (preferred) Experience with IT/Security technologies such as Active Directory, DNS, Firewalls, VPN Gateways, WAF, IAM, etc. Proficiency with tools like SIEM, CASB, CyberArk, Ping Identity, and Veracode Strong understanding of operational environments like NOC or SOC Proven leadership experience in Security Operations Knowledge of ITIL process frameworks and ISO 27001 standards Excellent analytical, problem-solving, and crisis management skills Ability to adapt to change, manage competing priorities, and drive innovation

Role & responsibilities Candidate should have experience in GCP from Cloud security(Pure GCP profiles not required). Use below info identifying correct profiles GCP Security Specialist: Skills: AppSec (SAST, DAST), Network Security, GPC Native Cloud Security , SSDLC, knowledge Security compliance standards, DevSecOps Tools like: Native GCP security services, Burp Suite, CheckMarx, Vracode, fortify, Qualys. Certification: Google cloud "Professional Cloud Security Engineer" + -MANDATORY 1.GCP Security Specialist Assist and collaborate with Client & Internal stakeholders on the end-to-end migration strategy and architecture from AWS to GCP Provide technical oversight and assistance for the execution of application and data migrations, ensuring secure data transit and encryption at rest. Help establish and enforce cloud architecture governance, security standards, and best practices across all migrations streams in collaboration with stakeholders. Act as a primary technical and cybersecurity liaison, offering support to client IT, business, and security stakeholders. Provide expert guidance on cloud-native security services, Identity & Access Management, Data Security, Cloud Security, Vulnerability governance, Application Security, and network security across GCP. Support to ensure strict compliance with industry standards ( e.g HIPAA, GDPR, etc) and client policies throughout the migration. Facilitate and contribute to technical discussions and workshops, and present security solutions clearly to both technical and non-technical audiences. Proactively identify, assess, and mitigate technical and cybersecurity risks throughout the migration journey Support the optimization of cloud costs, performance, and continuously monitor the security posture of migration applications

Role & responsibilities Skills: SAST, DAST, Network Security, Azure Native Cloud Security , SSDLC, knowledge Security compliance standards, DevSecOps Tools like : Native Azure security services. Burp Suite, CheckMarx, Veracode, fortify, Qualys Certification: Azure Security Engineer Associate Certification. (AZ-500) + - MANDATORY Azure Security Specialist Assist and collaborate with Client & Internal stakeholders on the end-to-end migration strategy and architecture from AWS to Azure Provide technical oversight and assistance for the execution of application and data migrations, ensuring secure data transit and encryption at rest. Help establish and enforce cloud architecture governance, security standards, and best practices across all migrations streams in collaboration with stakeholders. Act as a primary technical and cybersecurity liaison, offering support to client IT, business, and security stakeholders. Provide expert guidance on cloud-native security services, Identity & Access Management, Data Security, Cloud Security, Vulnerability governance, Application Security, and network security across Azure Support to ensure strict compliance with industry standards ( e.g HIPAA, GDPR, etc) and client policies throughout the migration. Facilitate and contribute to technical discussions and workshops, and present security solutions clearly to both technical and non-technical audiences. Proactively identify, assess, and mitigate technical and cybersecurity risks throughout the migration journey Support the optimization of cloud costs, performance, and continuously monitor the security posture of migration applications

Job Purpose As a Senior DevSecOps Engineer, you will be responsible for integrating security into the development, deployment, and maintenance of our software products, ensuring the highest standards of security and reliability. Key Activities / Outputs • Develop and implement security solutions throughout the software development lifecycle, from design to deployment and maintenance, using methodologies such as STRIDE, DREAD, CVSS, and the OWASP ASVS. • Work closely with developers, IT operations, and security governance and operations teams to ensure security is integrated into all aspects of the development pipeline. • Automate security processes and tools to enable continuous integration, continuous delivery, and continuous monitoring (CI/CD/CM) of applications and infrastructure. • Develop and implement metrics, reporting, and monitoring processes to track the effectiveness of DevSecOps practices, using tools like Dynatrace, ELK, Splunk, AWS CloudWatch and Sonatype Examples of metrics include vulnerability remediation times, security incidents, and code review coverage. • Establish a governance, review, and continuous improvement process for DevSecOps practices, ensuring alignment with organizational goals and industry best practices. • Perform risk assessments and threat modelling to identify potential vulnerabilities and provide recommendations for mitigation strategies. • Develop and enforce security policies and guidelines for application and infrastructure development, based on industry best practices and standards such as OWASP Top Ten, CWE/SANS Top 25, NIST SP 800-53, and OWASP ASVS. • Train and mentor developers in secure coding practices, emphasizing areas such as input validation, output encoding, and least privilege principles, as well as conducting regular security awareness sessions. • Conduct regular security audits, vulnerability assessments, and penetration tests to identify and remediate potential threats. • Stay current with industry trends, emerging threats, and best practices in DevSecOps to continuously improve our security posture. • Develop and maintain documentation related to security practices, policies, and procedures. Technical Skills or Knowledge Strong understanding of software development processes, CI/CD principles, and Agile methodologies, Expertise in various security frameworks, tools, and technologies such as OWASP, SAST, DAST, IAST, RASP, and familiarity with toolsets such as SonarQube, Veracode, Checkmarx, and Fortify, Proficient in scripting languages such as Python, Ruby, or Shell, Experience with containerization and orchestration technologies, such as Docker and Kubernetes, Familiarity with cloud platforms (AWS, Azure, GCP) and their respective security services and tools, Knowledge of networking protocols, firewalls, intrusion detection systems, and encryption technologies, Strong analytical, problem-solving, and communication skills, Software Development: This includes proficiency in programming languages such as Python, Java, JavaScript, or C#, as well as familiarity with software development methodologies like Agile or DevOps, Security Knowledge: They should be familiar with security frameworks such as OWASP (Open Web Application Security Project) and have experience in implementing security controls and practices within software development processes, DevOps Practices: This includes experience with continuous integration and continuous deployment (CI/CD) pipelines, configuration management tools like Ansible or Chef, containerization technologies such as Docker or Kubernetes, and infrastructure-as-code (IaC) tools like Terraform or CloudFormation, Security Tools and Technologies: This may include vulnerability scanning tools like Nessus or Qualys, security testing frameworks such as Burp Suite or ZAP, security information and event management (SIEM) tools like Splunk or ELK stack, and other relevant security tools, Cloud Computing: Experience with cloud security best practices, configuring and securing cloud resources, and managing cloud-based deployments is highly valuable Preferred Technical Skills (Would be advantageous) This position is a hybrid role based in Hyderabad which requires you to be in the office on a Tuesday, Wednesday and Thursday.

As a Full Stack Engineer specializing in TypeScript, Angular, and Node.js with over 10 years of experience, you will be responsible for developing web services and applications using cutting-edge technologies. Your expertise in Angular 15+, CSS, HTML5, and Micro Services will be crucial in driving business transformation and creating exceptional stakeholder experiences. You must have a solid understanding of web technologies and extensive experience in building Micro Services and RESTful web Services using frameworks such as Nest, Express, or Nx. Your proficiency in setting up CI/CD pipelines and working with SQL databases like PostgreSQL, Oracle, or MySql will be essential for the successful delivery of projects. In addition to your technical skills, knowledge of cloud platforms like GCP, AWS, or Azure, expertise in Docker/Kubernetes, and experience with monitoring tools will be advantageous. Your ability to write clean code, strong communication skills, and experience working in Agile methodology will contribute to the collaborative and innovative environment at YASH Technologies. As a key function of this role, you will be expected to work independently, handle existing project modules, and propose design changes when necessary. Your proactive approach to software development, ability to deliver projects on time, and confidence in taking on new challenges will be highly valued in our dynamic and inclusive team environment. Join us at YASH Technologies, where you can unleash your potential, continuously learn and grow, and be a part of a hyperlearning workplace that fosters flexibility, transparency, and support for your career development. Embrace the opportunity to make a real impact in an increasingly virtual world and be a part of our ethical corporate culture grounded in trust, collaboration, and innovation.,

You are a skilled CyberSecurity Business Analyst specializing in IAM & Secrets Management, sought to join a dynamic cybersecurity team. Your primary responsibility will be managing and enhancing Identity & Access Management (IAM) controls with a major focus on Secrets Management, access governance, and compliance reporting within a highly regulated environment. Your key responsibilities will include defining and enhancing secrets management controls across machine-to-machine authentication systems, supporting IAM operations by maintaining access governance for credentials, keys, and tokens, and providing subject matter expertise on secrets and credential management tools and best practices. Additionally, you will collaborate with IAM Control Owners to define and track KPIs/KCIs/KRIs, maintain dashboards, and generate periodic reporting for Cybersecurity leadership and stakeholders. You will evaluate IAM controls against regulatory frameworks such as GDPR, SOX, PCI DSS, ISO 27001, identify cybersecurity exposure risks, support remediation planning, and implement strong governance processes for continuous compliance and risk reduction. Stakeholder management will be a crucial aspect of your role as you collaborate with business units, IT, cybersecurity, and operations teams across global regions. You will provide support during audits and external reviews and lead cross-functional teams to define IAM standards, policies, and procedures. Continuous improvement and documentation are key, where you will recommend enhancements for IAM and Secrets Management efficiency, security, and scalability, and prepare and maintain project artifacts like project charters, plans, dashboards, reports, and closure documents. To excel in this role, you must possess 5-7 years of experience in Cybersecurity, IAM, or Access Governance roles, a strong knowledge of IAM controls, credential governance, and secrets management frameworks. Hands-on experience with Application Security tools such as MicroFocus Fortify (SAST/DAST), Checkmarx, Black Duck/Sonatype IQ, Veracode, and Synopsys is essential. You should have a strong understanding of risk management and compliance metrics (KPIs, KRIs, KCIs), familiarity with project management and governance frameworks, excellent communication and presentation skills, and preferably hold certifications such as CISSP, CISM, or other IAM-related credentials. Mandatory skills include proficiency in Application Security tools like MicroFocus Fortify (SCA, SAST, DAST), Open Source Tools (Black Duck, Sonatype IQ), Veracode, Synopsys, Checkmarx, IAM Governance, KPIs/KCIs, Risk Management, and awareness of Regulatory Frameworks such as SOX, ISO 27001, PCI DSS, and GDPR.,

You will be responsible for performing automated testing of running applications and static code (SAST, DAST). Additionally, you will conduct manual application penetration tests on various platforms such as web applications, internal applications, APIs, internal and external networks, and mobile applications to identify and exploit vulnerabilities. Experience in mobile application testing, Web application pen testing, application architecture, and business logic analysis would be advantageous. You will need to utilize application tools like AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux to carry out security tests and should be capable of explaining concepts like IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, and Remediation. The mandatory technical and functional skills required for this role include a minimum of three (3) years of recent experience with application tools for security testing, manual penetration testing, and code review against web apps, mobile apps, and APIs. You should also have experience in working with both technical and non-technical audiences to report results and lead remediation conversations. It is preferred that you have at least one year of experience in developing web applications and/or APIs. Being able to adapt to new tools and technologies to address client project requirements efficiently is a key aspect of this role. While having major ethical hacking certifications like GWAPT, CREST, OSCP, OSWE, or OSWA is not mandatory, it would be considered advantageous.,

As a Lead Full Stack Engineer at Barclays, you will play a pivotal role in driving the evolution of the API First digital strategy, facilitating innovation and operational excellence. Your main responsibility will be to utilize cutting-edge technology to develop and manage robust, scalable, and secure APIs that ensure the seamless delivery of digital solutions. To excel in this position, you must possess advanced proficiency in full-stack development, with hands-on experience in Core Java, JPA/Hibernate, Spring framework, and enterprise caching solutions. Additionally, you should have a strong grasp of Spring ecosystem technologies such as Spring Boot, Spring-JMS, and Spring-Data. Your demonstrated ability to build secure, fault-tolerant, and scalable enterprise applications across the entire technology stack will be crucial. Moreover, you should be well-versed in RESTful API development and consumption, with practical implementation of OpenAPI/Swagger specifications. Hands-on experience in implementing API security protocols and authentication mechanisms like OAuth2, JWT, and mTLS is essential. Your expertise in both relational (RDBMS) and NoSQL database technologies, along with practical coding experience in event-driven architecture patterns and microservices, will be highly beneficial. In this role, your strong technical leadership capabilities will be put to use as you mentor junior developers and conduct effective code reviews. You will also enforce code quality using tools like SonarQube and Veracode to ensure high standards are maintained. Proficiency with developer tools such as Jenkins, Maven, Gradle, Nexus, Git, and CI/CD pipelines is expected, along with hands-on experience with enterprise message broker platforms like Kafka. Additionally, you should have a solid understanding of Agile, DevOps, Site Reliability Engineering (SRE) principles, and CI/CD practices. Familiarity with cloud platforms such as OpenShift Enterprise, AWS, and cloud-native application development is advantageous. Knowledge of testing methodologies like TDD, BDD, and automated testing frameworks is also required, along with effective communication skills and the ability to collaborate within a team. Some other valuable skills for this role include experience with modern frontend technologies like HTML5, CSS3, JavaScript, and frameworks such as Angular or React. Advanced SQL optimization skills, performance tuning experience with Oracle or similar RDBMS, and the ability to implement API client SDKs and developer-focused documentation are appreciated. Troubleshooting capabilities for diagnosing and resolving complex performance issues at the code level, experience with containerization technologies like Docker and Kubernetes, and knowledge of ITIL-based release and change management processes are also beneficial. In summary, as a Lead Full Stack Engineer at Barclays, you will be at the forefront of shaping the digital strategy through innovative API development, secure coding practices, and collaboration with cross-functional teams to deliver high-quality software solutions that meet business objectives and customer needs.,