81 Veracode Jobs - Page 2

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

About the position: F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and code security program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities: We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications: BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems.

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

Responsibilities: * Design, develop, test and maintain full-stack applications using Java, AngularJS, AWS/Azure Cloud. * Implement security frameworks with SonarQube and Veracode, collaborate on PostgreSQL databases. Work from home

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

As an Associate Cybersecurity Consultant at Bulletproof, a GLI company headquartered in Canada with a global presence, you will be part of a team with decades of technology, security, and compliance expertise. Our work in the security space has been recognized nationally and globally for excellence. Our vision at Bulletproof is to serve, secure, and empower the world through people and technology, one customer at a time. We believe in ensuring the safety and security of all individuals and organizations we serve. Challenging Work: At Bulletproof, we thrive on solving complex problems and encourage all employees to contribute their best ideas. You will have the opportunity to work on highly challenging projects and make a real impact. Great People: We value openness, honesty, and authenticity. Each member of our team is essential to our collective success, and we believe in fostering a culture of inclusivity and collaboration. Global Impact: Being part of a global team means that your work will have a significant impact on colleagues, customers, communities, and the world at large. We are inspired by the positive influence our work has in various regions and cultures. Diversity, Equity, and Inclusion: We celebrate diversity, strive for equality, and understand that inclusion strengthens us as individuals, as a company, and as global citizens. Role Overview: As an Associate Cybersecurity Consultant specializing in penetration testing, you will be responsible for conducting thorough security assessments on web-based applications, networks, and systems to identify and mitigate vulnerabilities. Your role will involve defining assessment scopes, generating detailed security test reports, collaborating with clients on remediation plans, and delivering exceptional service in a professional manner. Additionally, you will provide technical expertise in security testing, stay updated on the latest tools and technologies, and contribute to the continuous improvement of our Information Security practice. Key Responsibilities: - Conduct comprehensive security assessments for a diverse range of clients - Define scopes for security testing assignments - Generate high-quality security test reports and documentation - Collaborate with clients on remediation strategies - Offer technical support as a subject matter expert in security testing - Stay informed about current tools, technologies, and vulnerabilities - Work collaboratively with cross-functional teams to meet client security needs - Perform other related duties as assigned Requirements: - Degree in Computer Science, Information Systems, Engineering, or related field - Prior experience in vulnerability assessments and penetration testing preferred - Proficiency in Linux, Windows, and network security - Strong communication skills in English, both written and oral - Ability to work independently and as part of a team - Familiarity with security testing tools such as Nessus, MetaSploit, Burp Suite, etc. - Relevant certifications like CEH, LPT, CPEN, OSCP, etc., are an asset - Knowledge of PCI ASV, CREST certifications, and threat modeling methodologies is a plus - Experience with mobile application security testing and social engineering techniques is advantageous Note: This job description outlines the primary responsibilities and qualifications for the role of Associate Cybersecurity Consultant at Bulletproof. It is not exhaustive and may involve additional tasks based on business needs. Bulletproof is an equal opportunity employer committed to diversity, equity, and inclusion.,

As a Lead DevOps Engineer at Ameriprise India, you will have the opportunity to advocate for DevOps best practices and build scalable infrastructure to provide a world-class experience to clients. You will play a key role in influencing the DevOps roadmap to enhance the speed to market. Responsibilities: - Implement and adopt best practices in DevSecOps, Continuous Integration, Continuous Deployment, and Continuous Testing for both server-side and client-side applications. - Design NextGen application strategy using Cloud-native architectures. - Build scalable and efficient cloud and on-premise infrastructure. - Implement monitoring for automated system health checks. - Develop CI/CD pipelines and provide guidance to teams on DevSecOps best practices. - Collaborate with engineers to resolve issues during application instability. - Maintain and implement change management control procedures for UAT/QA and production releases. - Integrate test automation (UI/API) with CI/CD for comprehensive test coverage and metrics collection. - Work with multiple distributed teams following Agile practices. Required Qualifications: - 7 to 10 years of industry experience in building infrastructure and release management activities. - 4+ years of experience in DevOps practices. - Proficiency in code/scripting for IaaS automation. - Familiarity with Linux, Unix, and Windows operating systems. - Experience with Configuration Management tools like Ansible and Terraform. - Knowledge of containerization tools such as Vagrant, Kubernetes, and Docker. - Understanding of container orchestration tools like Marathon, Kubernetes, EKS, or ECS. - Experience with Cloud/IaaS environments like AWS/GCP and monitoring/alerting tools like Sumologic, Cloud Watch, and Prometheus. - Familiarity with SCM tools like BitBucket/Git and productivity plugins. - Knowledge of code quality and security tools like SonarQube, Blackduck, and Veracode. - Experience with performance tools like PageSpeed and Google Lighthouse. - Proficiency in test and build systems such as Jenkins, Maven, and JFrog/Nexus Artifactory. - Understanding of network topologies, hardware, load balancers (F5, Nginx), and firewalls. Preferred Qualifications: - Experience with CNCF and GitOps principles. - Ability to package and deploy single-page apps following best practices. - Knowledge of CDNs and cloud migration. - Familiarity with load balancers and reverse proxies. About Our Company: Ameriprise India LLP has been providing client-based financial solutions for 125 years, helping clients plan and achieve their financial objectives. Headquartered in Minneapolis, we are a U.S.-based financial planning company with a global presence. Our focus areas include Asset Management and Advice, Retirement Planning, and Insurance Protection. Join our inclusive and collaborative culture that values contributions and offers opportunities for growth. Work with talented individuals who share your passion for excellence and make a difference in your community. If you are talented, driven, and seek to work for an ethical company that cares, consider creating a career at Ameriprise India LLP. Full-Time/Part-Time: Full-time Timings: 2:00 PM - 10:30 PM India Business Unit: AWMPO AWMP&S President's Office Job Family Group: Technology,

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatorytechnical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

: Job TitleActimize Engineer, AVP LocationPune, India Role Description Technical Lead Anti Financial Crime (AFC) Case Management System Actimize & SAM Deutsche Banks Corporate Bank division is a leading provider of cash management, trade finance and securities finance. We complete green-field projects that deliver the best Corporate Bank - Securities Services products in the world. Our team is diverse, international, and driven by shared focus on clean code and valued delivery. At every level, agile minds are rewarded with competitive pay, support, and opportunities to excel. You will work as part of a cross-functional agile delivery team. You will bring an innovative approach to software development, focusing on using the latest technologies and practices, as part of a relentless focus on business value. You will be someone who sees engineering as team activity, with a predisposition to open code, open discussion and creating a supportive, collaborative environment. You will be ready to contribute to all stages of software delivery, from initial analysis right through to production support." What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Contributes and identifies and ensures server environments and deployment architecture Individual should be working on Acimize hands on AML, SAM, & Actone Case Management Solution Good understanding of hardware and software components, servers, code quality, security, etc. Hands on development as necessary to fill into coding, scripting, release management, software maintenance, etc. Ensures architectural changes (as defined by Architects) are implemented. Provides Level 3 support for technical infrastructure components (i.e., databases, middleware and user interfaces). Contributes to problem and root cause analysis. Integrates software components following the integration strategy. Verifies integrated software components by unit and integrated software testing according to the software test plan. Software test findings must be resolved. Ensures that all code changes end up in Change Items (CIs). Where applicable, develops routines to deploy CIs to the target environments. Supports creation of Software Product Training Materials, Software Product User Guides, and Software Product Deployment Instructions. Fixes software defects/bugs, measures and analyses code for quality. Collaborates with colleagues participating in other stages of the Software Development Lifecycle (SDLC). Identifies dependencies between software product components, between technical components, and between applications and interfaces. Identifies product integration verifications to be performed based on the integration sequence and relevant dependencies. Exposure to leading cloud solutions such as GCP, AWS would be an added advantage. Good understanding of infrastructure coding tools such as Chef, Terraform etc. Well verged with Networking concepts such as subnetting and firewalls. Your skills and experience Strong understanding of technologies as under: Hands on Experience with Actimize (AIS 4.x, ActOne 6.x, 10.x, SAM 9.x, 10.x, UDM 3.x, PL SQL Devlopment, VTL development, Actimize Custom Development) Handos on experience with Docker, Kubernetes (GKE) and GCP ScriptingPython, Shell Scripts Server TechApache Tomcat SCMBitBucket, Github Build ToolsGitHub Workflows Practices:DevOPS, Agile, CI & CD SchedulingControl M, Apache workflow SDLC Tools - JIRA, Sonar, Veracode /JFrog, TeamCity, BitBucket, ALM etc. 10+ Years of technology experience, continuous hands-on coding exposure, and ability to drive solutions At least 7 + Exp working on Actimize, AML, SAM Strong analytical skills. Proficient communication skills. Fluent in English (written/verbal). Ability to work in virtual teams and in matrixed organisations. Excellent team player and open minded approach Keeps pace with technical innovation. Understands the relevant business area. Ability to share information, transfer knowledge and expertise to team members. Ability to design and write code in accordance with provided business requirements Knowledge of IT delivery and architecture including knowledge of Data Modelling and/or BA. Experience with Test Driven Development (TDD) or Behavior Driven Development (BDD). Experience with unit and/or integration test tool chains and frameworks. (e.g. Wiremock, Mockito, PowerMock, Jasmine, Protractor etc.). Relevant Financial Services experience. Ability to work in a fast paced environment with competing and alternating priorities with a constant focus on delivery. Ability to balance business demands and IT fulfilment in terms of standardisation, reducing risk and increasing IT flexibility. Strong Actimize understanding with technical expertise and knowledge of below technologies Exposure to other technologies like UNIX, Job Scheduling (ExpControl-M) etc. Candidate is expected to have high desire to learn new technologies and implement various solutions in fast paced environment. Education/ Qualifications Bachelor of Engineering degree from an accredited college or university with a concentration in Computer Science or Software Engineering (or equivalent) How well support you . . . . About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

: Job Title DevOps, Test Auto & AI, AVP LocationPune, India Role Description We are seeking a results-driven engineer with a strong foundation in Test Automation, DevSecOps, and the use of AI-enhanced developer tools like Gemini, GitHub Copilot, and OpenRewrite. The role involves building robust automated test solutions, integrating secure DevOps practices on GCP, and continuously improving software quality and delivery through intelligent tooling. If you are actively coding, have a passion for AI and want to be part of developing innovative products then apply today. What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Develop and maintain automated test frameworks for APIs, UI, and integration workflows. Implement and manage CI/CD pipelines on Google Cloud Platform (GCP) using Cloud Build, Cloud Functions, and related services. Utilize Gemini, GitHub Copilot, and OpenRewrite to accelerate test development, modernize codebases, and enforce best practices. Integrate tools like Dependabot, SonarQube, Veracode, and CodeQL to drive secure, high-quality code. Promote and apply shift-left testing strategies and DevSecOps principles across all stages of the SDLC. Collaborate cross-functionally to deliver scalable, intelligent automation capabilities embedded within engineering workflows. Your skills and experience Skills Youll Need Experience with test automation frameworks such as Selenium, Cypress, REST Assured, or Playwright. Deep understanding of DevOps and cloud-native delivery pipelines, especially using GCP. Hands-on with AI/ML tools in the development lifecycle, including Gemini, GitHub Copilot, and OpenRewrite. Familiar with DevSecOps toolsSonarQube, Veracode, CodeQL, Dependabot. Proficient in scripting (Python, Shell) and using version control systems like Git. Knowledge of Agile methodologies (Scrum, Kanban), TDD, and BDD. Experience with Infrastructure-as-Code (Terraform, GCP Deployment Manager Skills That Will Help You Excel Stakeholder CommunicationAbility to explain AI concepts to non-technical audiences and collaborate cross-functionally. Adaptability & InnovationFlexibility in learning new tools and developing innovative solutions. Experience in GCP Vertex AI. Exposure to GKE, Docker, or Kubernetes.). Knowledge of performance/load testing tools (e.g., JMeter, k6). Relevant certifications in GCP, DevOps, Test Automation, or AI/ML. How well support you . . . . About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Role Overview The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively. Key Responsibilities 1. SAST & SCA Strategy and Implementation Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications. Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, Black Duck) into CI/CD pipelines. Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities. 2. Vulnerability Management & Risk Mitigation Oversee the assessment, triage, and remediation of vulnerabilities identified through SAST & SCA scans. Establish risk-based prioritization for vulnerabilities, collaborating with development teams for timely fixes. Ensure compliance with industry standards (OWASP, NIST, ISO 27001, PCI-DSS) and internal security policies. 3. Collaboration & Stakeholder Management Work closely with development, DevOps, and security teams to promote secure coding practices Collaborate with third-party vendors for security tool management and support Present vulnerability trends, remediation progress, and risk insights to senior leadership and risk committees. 4. Governance, Training & Awareness Develop and enhance secure coding guidelines and best practices for development teams. Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices. Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs. Qualifications & Experience 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security**, with a strong focus on SAST and SCA. Deep understanding of secure SDLC, DevSecOps, and CI/CD integration. Hands-on experience with **SAST & SCA tools** (Fortify, Veracode, Checkmarx, Snyk, Black Duck, SonarQube, etc.) Strong knowledge of **secure coding practices**, vulnerability remediation, and risk management Comprehensive Experience with **programming languages** (Java, .NET, Python, JavaScript) and their security implications Able to write secure code Experience in **regulatory compliance** frameworks (OWASP Top 10, NIST, ISO 27001, PCI-DSS, RBI Guidelines) Strong leadership and stakeholder management skills Certifications preferred:** CISSP, OSWE, OSCP, CSSLP or any relevant security certification

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Role & responsibilities Design, configure, and maintain CI/CD pipelines using GitHub Actions, Bamboo, Harness, Jenkins, or equivalent. Administer Atlassian suite: Jira, Confluence, Bamboo, and Bitbucket for planning, repo management, and documentation. Implement, debug, and enhance build tools and deployment workflows (Maven, Gradle, MSBuild, NodeJS, etc.). Manage code quality and security scans via SonarQube, Veracode, and similar tools. Handle artifact repositories such as Nexus, JFrog Artifactory, NuGet, and ProGet. Create and maintain automation scripts in PowerShell, Python, Bash/Shell, and Salt/Ansible for provisioning and administrative tasks. Maintain and monitor observability tools like Splunk, and proactively address performance and availability issues. Support production environments, respond to incidents, triage bugs, and handle escalations via tools like XMatters and Techlines. Participate in daily stand-ups, incident reviews, and on-call support (24x5 or 24x7). Work with development teams to troubleshoot and optimize builds, releases, and deployment flows. Track Jira Stories and ensure timely updates and resolutions aligned with SLAs and operational KPIs. Preferred candidate profile Bachelor's / Master's degree in Computer Science, Information Technology, or related discipline. 5+ years of experience in DevOps / Release Engineering / Production Support roles. Proven experience managing enterprise-grade CI/CD platforms and incident response workflows. Atlassian and GitHub administrator-level experience is a strong plus. CI/CD & DevOps: Experience building and managing CI/CD pipelines using GitHub Actions, Bamboo, and Harness. Build Tools: Skilled in using Maven, Gradle, MSBuild, and NodeJS for build automation. Artifact Repositories: Hands-on with Nexus, JFrog Artifactory, ProGet, and NuGet for artifact management. Code Quality & Security: Familiar with SonarQube and Veracode for static code analysis and vulnerability scanning. Version Control: Proficient in Git with repository management in GitHub and Bitbucket. Configuration Management: Experience with Ansible and Salt for infrastructure automation. Scripting & Automation: Strong scripting skills in PowerShell, Bash, and Python. Monitoring & Logging: Practical knowledge of Splunk for observability, alerting, and log analysis. OS & Infrastructure: Comfortable administering both Linux and Windows environments. Issue & Workflow Tools: Experienced in Jira and Confluence for tracking work and collaboration. Incident/Production Support: Skilled in incident handling, SLA management, and 24/7 support using XMatters/Techlines.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

DevOps Engineer DevOps engineer (7+ yrs of experience) Experience working with different cloud hosting platforms and their services, especially Azure and AWS services. Experience working with Containerization using Docker. Experience setting up CI/CD processes using tools like Jenkins and others. Experience in writing scripts in different languages to automate. Experience in infrastructure automation. Experience in security and Networking best practices and implementation. Besides AWS, we also have some apps hosted on Azure cloud, so Azure Kubernetes service, functions, and KeyVault. DevOps also helps us get through the cloud gate compliance process, so experience with setting up SonarQube, Veracode, Snyk, JFrog artifactory, GCSO gates, etc. would be great.

Dear Candidate, We are hiring a Go Developer to build high-performance microservices and backend systems. The role requires proficiency in Golang and a deep understanding of concurrent programming and cloud-native architecture. Key Responsibilities: Develop scalable services and APIs using Go Optimize systems for performance and concurrency Build event-driven systems using Kafka, NATS, or gRPC Work with CI/CD pipelines and containerized environments Participate in system design and architecture discussions Required Skills & Qualifications: Proficient in Golang , standard library, and concurrency patterns Experience with Docker, Kubernetes, and REST/gRPC services Knowledge of cloud infrastructure (AWS/GCP) Familiar with Prometheus, Grafana, and distributed tracing tools Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Hands on experience in .Net Core proven experience as a .NET Developer or Application Developer. Familiarity with microservice architecture styles/APIs. Experience in designing Rest API Layer and familiarity with server-side API concepts and technologies and tools. Good working knowledge in implementation framework like Veracode and SonarQube to make sure quality code across development & code review. Participate in client meetings related to project management and related to technical deliveries.