74 Appscan Jobs - Page 3

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 768174

Required Candidate profile: B.Tech / B.E./ BCA/ BSc in Computer Science or Information Technology. Candidates must have hands-on experience (Preference will be given to professional experience) of vulnerability assessment and penetration testing. Certification: OSCP or similar certifications (Preferred) Candidates must have minimum 4+ years of experience of vulnerability assessment, penetration testing, and Bug bounty. Preferred Skills: Excellent understanding of web application security and secure coding. Proficient in Application Security concepts, familiar with OWASP Top 10. Understanding of vulnerability assessment/penetration testing. Ability to write technical reports and detailed documentation. Experience in conducting VAPT and secure source code review. Experience with application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Acunetix, TOSpider, Burp Suite Pro, Nessus, Nexpose) Experience in Bug Bounty. In-depth knowledge and experience with OWASP and SANS standards. Web App Security (Burp Suite, Manual & Automated Testing, Comfortable in Black Box/White Box testing with the capability of finding business logic vulnerabilities, OWASP testing guide). Knowledge on Patch Fixing methodologies. Investigate security breaches and other cybersecurity incidents Location - Ahmedabad, Gujarat Show more Show less

Role Summary You will be responsible for identifying and mitigating web application vulnerabilities, collaborating with development teams, and integrating security best practices across front-end and back-end stacks. Key Responsibilities Bachelor’s in Computer Science, Engineering, or related field. Perform security assessments: static/dynamic analysis , code reviews , vulnerability scans . Secure apps built with JavaScript , .NET (C#) , and Java . Enforce OWASP Top 10 protections and secure coding standards. Automate security tasks using Python . Ensure secure deployments in Docker / Kubernetes environments. Integrate security into CI/CD pipelines . Act as the security point-of-contact within product teams. Required Skills Strong knowledge of Web App Security , OWASP , and secure SDLC. Hands-on with JavaScript , C#/.NET , and Java codebases. Familiar with Burp Suite , Nessus , or AppScan . Experience with Python scripting , Docker , and Kubernetes . Basic understanding of DevOps and CI/CD tools . Preferred Security certifications (e.g., CISSP , OSWE , GWAPT ). Knowledge of security frameworks: NIST , ISO 27001 . Show more Show less

Responsibilities : Founded in 1991, Lexmark is recognized as a global leader in imaging and output technology solutions and managed print services by many of the technology industry’s leading market analyst firms. Lexmark sells its products and services in more than 170 countries and has its headquarters in Lexington, Kentucky. Lexmark India, located in Kolkata, is one of the research and development centers of Lexmark International Inc. Our diverse workforce collaborates their skills and ideas to build, deliver, and support first-class products and solutions for our customers. This job is for a strong technical person in Security Testing role. Candidate should be a B.E./B.Tech. or higher from a reputed Engineering College/University with around 3 to 5 years of hands-on application security testing experience. If you are a self-starter and have the aptitude, analytical skills and passion for technology then you will fit right into our Software Security testing team. You’re having prior experience of working in an agile/scrum environment will prove to be an added advantage. Development experience will be a plus. Your Tasks include: Conduct web application security assessments and penetration tests. Assess applications for issues surrounding Authentication, Authorization, User management, Session management, Data validation, including all common attacks such as SQL injection, Cross-site scripting, Command injection, Error handling, Auditing and logging. Assess the security aspects of Web Services design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security. Thick client assessment experience Write formal security assessment reports for each application, using Foundstone reporting format. Participate in conference calls with clients to perform initial data gathering and a follow-up advisory for technical issues. Vulnerability and network penetration assessments Mobile applications security testing Publish whitepapers, tools and deliver presentations. Cloud application Security testing Required skills include: Knowledge of tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Wireshark etc. Mobile application development, assessment (iOS, Android, Windows) experience Web application development experience in any of the major languages such as C#, Java, PHP, ASP.NET etc. is a plus Knowledge of scripting languages such as Python, JavaScript, Ruby, SQL etc. is a plus Experience reviewing code in C, C++, Java, PHP, C#, ASP.NET, Go etc. Familiarity with automated source code analysis tools such as Acunetix , Appscan etc. Certifications such as OSCP or CEH is a plus Working knowledge of version control software like git and Subversion. Can demonstrate Lexmark core values: Innovation, Excellence, Agility, Integrity, Community, and Respect. How to Apply ? Are you an innovator? Here is your chance to make your mark with a global technology leader. Apply now! Global Privacy Notice Lexmark is committed to appropriately protecting and managing any personal information you share with us. Click here to view Lexmark's Privacy Notice. Show more Show less

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills To Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Associate Job Description & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 2-3 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience: Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan , Burpsuite , Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest . Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt , kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory skill sets: CEH, ECSA, LPT ( any one ) Preferred skill sets: OSCP, OSWE Years of experience required : 2 - 10 Years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SailPoint IdentityIQ Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, CyberArk Management, Cybersecurity, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF), Identity Verification, Inclusion, Information Security {+ 17 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Job Title: VAPT From Consult to Associate Director Location: Gurgaon, Mohali Experience: 1 to 10+ years Work Mode: Onsite Role Overview: We are seeking a highly skilled Vulnerability Assessment and Penetration Testing (VAPT) Manager / Senior Manager to lead and manage end-to-end security assessment projects across applications, infrastructure, networks, and cloud environments. This role involves both hands-on technical execution and oversight of team deliverables, with a focus on client delivery, quality assurance, and stakeholder communication. Key Responsibilities: Lead and execute VAPT engagements across web apps, mobile apps, infrastructure, networks, cloud platforms , and source code reviews . Conduct detailed manual and automated vulnerability assessments and penetration testing. Review and validate test reports, ensuring clear and actionable remediation guidance. Mentor and guide junior team members, supporting their technical and professional development. Coordinate with clients, internal teams, and management to deliver secure, compliant, and high-quality solutions. Stay updated with emerging threats, tools, and techniques in the cybersecurity domain. Ensure adherence to industry standards such as OWASP, NIST, ISO 27001, PCI-DSS, and RBI guidelines . Desired Skills & Experience: 1 to 10+ years of experience in VAPT with strong expertise in manual testing beyond automated scanners. Hands-on experience with tools such as Burp Suite, Metasploit, Nessus, Nmap, Wireshark, Fortify, AppScan , etc. Proficiency in secure coding practices and at least one programming language (e.g., Python, Java, JavaScript). Strong report writing, presentation, and communication skills. Familiarity with cloud security (AWS, Azure, GCP) is a plus. OSCP certification is an added advantage, but not mandatory . Experience managing security projects and small teams preferred. Why Join Us? Work on high-impact cybersecurity projects. Opportunity to lead and grow a team of security professionals. Collaborative work environment with cutting-edge tools and training. Competitive salary and benefits. Priority consideration for immediate joiners . Show more Show less

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

Management Level F Business Division: GRCLS Business Function / Department: Group Information Security Job Title: AWS DevSecOps Engineer Reporting to (Job Title): Head of Security Engineering and Operations Date: May 2024 Equiniti is a leading international provider of shareholder, pension, remediation, and credit technology. With over 6000 employees, it supports 37 million people in 120 countries. EQ India began its operations in 2014 as a Global India Captive Centre for Equiniti, a leading fintech company specialising in shareholder management. Within a decade, EQ India strengthened its operations and transformed from being a capability centre to a Global Competency Centre, to support EQ's growth story worldwide. Capitalising on India’s strong reputation as a global talent hub for IT / ITES, EQ India has structured the organisation to be a part of this growth story. Today, EQ India has evolved as an indispensable part of EQ Group providing critical fintech services to the US and UK. EQ’s vision is to be the leading global share registrar, offering complementary services to its client base and our values set the core foundations to our success. We are TRUSTED to deliver on our commitments, COMMERCIAL in building long term value, COLLABORATIVE in our approach and we IMPROVE by continually enhancing our skills and services. There has never been a better time to join EQ. Role Summary DevSecOps Engineers will work with the Head of Security Engineering & Operations to configure, manage and operate security controls within EQ’s AWS environment. The role will also be responsible for security monitoring and incident response as well as promoting and embedding DevSecOps principles to change existing systems and practices for the better. This position requires deep knowledge and experience with AWS tools, capabilities, and resources, with a deep understanding of cloud-based infrastructure resources, monitoring tools, and advanced security controls. Core Duties/Responsibilities You will be required to undertake the following specific activities: Configure and manage key AWS Security Controls such as Guard Duty, Security Hub, Inspector, Config, CloudTrail, Shield Advanced, WAF, Macie etc.. Design and coordinate cohesive responses to security events that involve multiple teams across the organization. Ensure security is seamlessly & effectively integrated with the software development life cycle (SDLC), recognising security threats, & configure infrastructure in such a way as to manage & deploy the environment, in a secure & optimised manner. Promote and Integrate Security into DevSecOps methodologies. Automate security testing & vulnerability scanning within CI/CD pipelines. Stay up to date with the latest security threats, vulnerabilities, & industry best practices related to Cloud Security. Skills, Capabilities And Attributes The successful candidate will demonstrate the following experience, skills and behaviours: Skills, Knowledge & Experience The key skills and experience required for this role can be summarised as follows. Significant public cloud (AWS) and hybrid cloud security architecture experience across multiple domains: Cloud, Network, Infrastructure, Application, Data, IAM Expert knowledge of configuring and operating key Amazon cloud security technologies, including AWS: IAM, SSO, Organisations, Guard Duty, Security Hub, Inspector, Config, CloudTrail, Shield Advanced, WAF, Macie, Detective, Certificate Manager and Secrets Manager. Experience with security incident response and handling within AWS environments, including log analysis and forensics. Experience implementing SAST and DAST tooling in deployment pipelines - specifically Checkov, SonarQube and AppScan Experience implementing Vulnerability and Compliance Scanning tools in deployment pipelines – specifically Qualys. Extensive experience implementing security automation within environments utilising DevSecOps, CI/CD, Infrastructure & Security as Code. Implementation of controls aligning to Information Security and Privacy Standards and Frameworks (e.g. ISO 27001, CSA-CCM, NIST800-53, CIS, GDPR etc…) Deep knowledge on AWS core components (examples: API Gateway, ECS, EBS, EC2, S3, SNS, Lambda, Security groups, VPC, CFT, Route 53, certificate manager, AWS build pipelines and AWS cloud trail). Experience in deploying and managing security controls within containerised environments. Strong communication skills and experience of working across multi-discipline teams. Ability to work in a fast-paced environment. Certifications such as AWS Certified Security Specialist are a plus. Benefits: Being a permanent member of the team at EQ you will be rewarded by our company benefits, these are just a few of what is on offer: 3 days of additional leaves on & above statutory requirement along with 2 days of voluntary leaves to pursue the CSR initiatives Business related certification expense reimbursement Comprehensive Medical Assurance coverage for dependents & Parents Cab transport for staff working in UK & US shift Accidental & Life cover 3 times of concerned CTC We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks. Show more Show less

Implement security-as-code principles and automate security controls in CI/CD pipelines. Conduct secure code reviews and assist developers in adopting secure coding practices. Deploy and manage security tools such as SAST, DAST, SCA, IAST, and container security solutions.

Role Description Job Title: Site Reliability Engineer Experience Range: 5-10 years Hiring Location: Mumbai, Chennai, Gurugram Must-Have Skills Professional experience working with public cloud platforms (AWS) Expertise in Infrastructure as Code (IaC) tools such as Terraform Hands-on experience with CI/CD tools like GitLab CI/CD, GitHub Actions, or Jenkins Strong coding and scripting skills (PowerShell, Bash, Python, or equivalent) Proficiency in Configuration Management tools like Ansible, Puppet, or Chef Experience managing and troubleshooting Linux servers Strong analytical and troubleshooting skills Exposure to security best practices and remediation Familiarity with security-related tools such as Wiz and Qualys Hands-on experience in Static/Dynamic Security Testing & Penetration Testing using tools like SonarQube, CheckMarx, AppScan, BurpSuite, OWASP ZAP Proxy, WebInspect, Fortify, Veracode, Nessus, etc. Good-to-Have Skills Knowledge of System and Application Monitoring tools (Prometheus, Grafana, CloudWatch) Experience with Log Management tools (Elastic Stack, Graylog, Splunk) Working experience with relational databases (MySQL, MS SQL Server, or similar) Use of Secret Management services like HashiCorp Vault Understanding of Change Control procedures Main Responsibilities Deliver resilient application stacks via Infrastructure as Code and DevOps practices Monitor and support critical, high-revenue business applications Diagnose and resolve complex system and application issues Implement and maintain security best practices and remediation strategies Work with cross-functional teams including Development, QA, IT Operations, and Project Management Write and maintain technical and non-technical documentation Skills Aws Cloud,Terraform,Powershell,Github Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Associate Job Description & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: Job Description & Summary: We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities Key Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience: Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory Skill Sets CEH, ECSA, LPT (any one) Preferred Skill Sets OSCP, OSWE Years Of Experience Required 2-10 Years Education Qualification B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master of Business Administration, Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Required skillset: Ability to handle security testing projects: Customer Interactions, Team monitoring. Able to derive security requirements Threat Model, TARA, SCA, SAST Able to drive the security standards in the applications like OWASP, SANS, CVSS, CWE, STRIDE, DREAD Good Technical Presentation skills, Team collaboration skills, training and mentoring must be preferred. Expertise in Tools like : Appscan, Fortify, Burpsuite, Kali Linux, Postman Expertise in REST API Penetration testing Handson experience in Embedded Device Security Testing with expertise in Secure Boot, Firmware Analysis, CAN/UDS/USB/JTAG interface security testing Expertise in implementing and executing the Cyber Security Solutions and Penetration Testing for Network and Embedded devices. Hands-on Experience in AWS/Azure Good Technical Presentation skills and Team collaboration skills must be preferred. Security Certifications like CEH, ECSA or equivalent. Role & responsibilities Preferred candidate profile

The Associate Software Team Lead is pivotal in steering a group of talented software engineers towards the successful execution of R&D projects. This role involves a blend of technical expertise and leadership skills tmanage the development lifecycle, mentor team members, and ensure that software deliverables are innovative, robust, and align with customer expectations. The Associate Team Lead acts as a bridge between the engineering team and senior management, translating business objectives inttechnical strategies, fostering a culture of continuous improvement, and maintaining a focus on both short-term milestones and long-term goals. Qualification: Relevant industry certifications (Azure/AWS certified professional) Bachelor s degree in computer science / engineering, or equivalent work experience. Software Engineer level of experience with exceptional Real-Time skills and enthusiasm Proven ability tself-manage and structure work, this must be demonstrated through clear examples in your application Product / Technical : Degree in Computer Science or Engineering or Equivalent with 10+ years of relevant experience working with C/C++, C#, PHP. Must have 6+ years of Linux C++ / C developer. Must have 6+ years of Windows C/ C#/.NET, Dependency Injection Experience with Service Bus, Test Driven development Must have strong background in muti-process / multi-threaded application design. Must be proficient in Linux (currently using EL9) - Development, Bash shell. Must have strong background using and/or implementing SIP, RTP, or other voice protocols. Working knowledge of Asterisk/FreeSwitch Experience with Machine Learning technologies, NLP, Python libraries (Pandas, Keras, TensorFlow etc.) Good understanding of Python libraries for machine learning, Computer vision, Speech Analytics and Deep Learning tools & techniques Working experience of Cloud (preferably AWS) is an added advantage. Working experience of Cloud (OKD / OpenShift preferred) development Working knowledge of Cloud tools such as Kubernetes, and CI/CD tools such as Harness and/or Jenkins. Working knowledge of Monitoring Tools such as Datadog and/or OpsGenie. Experience working JIRA and in an Agile team. Knowledge of front end technologies (React Js , Node Js, Java script) Working knowledge on Application Security/Vulnerability tools like Black Duck, Coverity / App Scan etc. Experience with API / RESTful data services Experience using Postgres and SQL Server database technologies. Knowledge of VXML & IVR technologies/solutions. Experience of voice & viderecording platforms is advantageous Good understanding of Computer Vision, Speech Analytics and Deep Learning tools & techniques Core Tasks: Lead and support the VASR and Fonolproduct development and maintenance, ensuring global customer success. Initial ramp up is expected tbe based on small product issue resolution building tnew feature development. Once team established and product knowledge at required level, lead the development and implementation of software projects from conception tdeployment. Provide technical expertise and guidance in software design, coding standards, and system integration. Participate in technical requirements though tdelivery Estimates take intconsideration all aspects of solution and are relatively accurate. Tasks and Defects are addressed proactively. Quality gates are met for deliverables. Champion agile development methodology within the development organization. Ensure customer success when called upon tassist in complex issues. Mentor Associate and Graduate Engineers. Ensure the quality and reliability of software through rigorous testing and code reviews. Encourage innovation and the exploration of new technologies tenhance product capabilities. Troubleshoot and resolve complex technical issues that arise during the development process. Manage the allocation of resources, including personnel and technology, toptimize productivity. Establish and monitor performance metrics tevaluate the success of software projects

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. We are seeking an experienced professional with demonstrated technical depth and breadth for our secure code review practice as well as the soft skills to effectively communicate with executive and technical teams. In this role, you will primarily serve as a resource for delivering client assessment services and contribute to practice development. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers. Responsibilities Deliver secure code review assessment on programming languages such as Java, C#, C/C++, Python, TypeScript, and JavaScript Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques Review vulnerabilities (CVEs) in usage of third-party libraries and determine reachability and exploitability. Develop and review checklists, custom vulnerability description, business impact and remediation strategies. Develop custom rules and patterns to enhance the capabilities of existing SAST Tools. Contribute to development and delivery of secure coding review and development best practices and remediation training Contribute to the development and delivery of secure code review training and secure coding best practices. Collaborate with and assist developers in writing secure software and remediating existing vulnerabilities Mentor and assist team members in effectively delivering assessments and enhancing skillsets Contribute to the community through the development of tools, presentations, white papers, and blogs. Minimum Qualifications 5+ years of hands-on experience spanning secure code review, static application security testing (SAST), and/or source code-assisted penetration testing. Thorough understanding of the OWASP Top 10 and SANS Top 25 vulnerabilities, with a strong focus on identifying and remediating security issues in source code Proven understanding of enterprise application architecture, including scalable, high-availability environments for web/mobile applications. Expertise in conducting taint analysis to trace and remediate data flow vulnerabilities, with a deep understanding of request routing in diverse frameworks. Proven ability to audit codebases to identify and validate existing security controls (e.g., input validation, encoding) Familiarity with SAST tools such as Checkmarx, Fortify, Semgrep, Veracode, Appscan Source, Coverity or similar SAST platforms. Bachelor’s degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience. Preferred Qualifications Experience in web development using Java, .NET, or similar enterprise languages. Experience with modern front-end frameworks (Angular, React) and languages (TypeScript, JavaScript). OSCP, OSWE, or similar certifications Web Application pen-testing experience We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. Show more Show less

Job Description Some careers shine brighter than others. If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Vulnerability Assessments – Senior Consultant Specialist In this role, you will: Leading the review of all newly discovered vulnerabilities, to assess if the provided risk score is correctly reflecting the risk to HSBC. Monitoring external threat feeds to identify any newly reported external risks. Managing the review of assigned tickets, determining potential false positive and/ or mitigation on approaches, and providing expert guidance/ advice on remediation. Ensuring all patterns identified for remediation and/ or false positive identification, are clearly documented within the central tools and applied across the HSBC identified threat estate. Identify critical paths of operation and ensure that they are followed to provide the most streamlined and efficient method of operating. Leading and managing thematic reviews in order to drive and maintain systematic uplifts and enhancements to CSAT and wider inter-operational units that help protect the bank. Maintain operational documentation on what reports are available and how to access and utilise existing filters. Conduct holistic reviews of the overall baseline security posture. Clear accountability and ownership of the Vulnerability Assessment and Response key control indicators and key risk indicators. Contribute to and inform requests from Regulators, Internal/ External Audit, and 2LOD challenges/ Papers. Supporting the commentary for routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs. Supporting Imminent threat review sessions, and deputising for the chair when required. Engaging with the Global Head of Vulnerability Management, and relevant team members to review and gain approval for submissions and ensure information requests are aligned with the group risk appetite providing the expected responses. Adhoc tasks as required, including support to CSAT operational activities, handling escalations and requests from any team or angle. Requirements To be successful in this role, you should meet the following requirements: The ability to understanding, apply, and improve elements of the Vulnerability Management Lifecycle. The ability to use multiple toolsets to convey information, obtain data, and make it meaningful to future plans. Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments. The ability to recognise threats and risk, and act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances. Ability to produce clear and concise reports for targeted audiences across internal and external stakeholders. Understanding and experience in the practical application and execution of: Vulnerability scanning technologies and their application (e.g. Nessus, SAST/MAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.), OWASP top10 and SANS top25 vulnerabilities and their mitigations Tenable.io, Security Center (or similar Vulnerability Scanning products), risk consolidation platforms). Vulnerability assessments, scoring and ratings and how they are applied. Patch Management. Business and architectural design, including controls analysis, process flows and data flows. Cyber security principles, global financial services business models, regional compliance regulations and laws. Cryptography, SSL/TLS, Encryption. MS Excel to interrogate large data sets. SharePoint, Microsoft Teams and Confluence. Excellent organisational, administrative, analytical, and problem-solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines. Instinctive and creative, with an ability to create and contribute to bespoke solutions. Flexible approach to shifting or competing priorities. Process orientated, outstanding organizational skills. Proven track record on delivering activities on time to a high standard. High level of integrity and strong ethical values. Pro-active, independent, collaborative team player with a positive attitude. Strong interpersonal skills with the ability to create and maintain relationships - Internal relationships extend to peers across other functions within IT and externally to HSBC global businesses, which include external relationships with vendors, typically audit, legal, and technology where the need arises. Experience of working in roles within Cyber Security Operations, Risk Management, and Governance, within a mid to large enterprise or equivalent organisation. Minimum of 8+ years’ experience in working in IT Security or similar role. Ability to work remotely. You’ll achieve more when you join HSBC. www.hsbc.com/careers HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. Issued by – HSBC Software Development India Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary The SOC Analyst –L3 will be part of existing Ares Global SOC team and will be responsible for day-to-day security operations by responding to and investigating security events of interest and recommending or taking corrective action by working with IT and non-IT team members. They will also respond to security incident and investigation requests in line with established Security Incident Response processes and procedures, within defined service level targets. This position requires shift work in a 24*7*365 environment. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities Key Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory Skill Sets CEH, ECSA, LPT (any one) Preferred Skill Sets OSCP, OSWE Years Of Experience Required 2-10 Years Education Qualification B.Tech ee in Information Technology, Cybersecurity, Computer Science Professional Certifications like CEH, CCSE, CCNA, Security+, etc., will be plus SIEM certifications Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills Microsoft Defender, Palo Alto Cortex XSOAR, Splunk Optional Skills SoCs Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Experience: 4 to 7.5 years Location: Bangalore / Pune Job Type: Full-Time Key Responsibilities Conduct manual security code reviews on applications developed in Java and C# to identify and remediate security issues. Perform dynamic and static application security testing (DAST/SAST) using tools such as: AppScan Netsparker Acunetix Checkmarx Veracode Burp Suite OWASP ZAP Utilize Kali Linux and other penetration testing toolsets for application assessments. Collaborate with development and QA teams to provide guidance on secure coding practices and remediation strategies. Document security findings and provide detailed, actionable recommendations. Stay up to date on current and emerging security threats, vulnerabilities, and industry best practices. Required Skills 4 to 7.5 years of relevant experience in application security . Strong experience in manual code review , particularly in Java and C# . Proficient in using a wide range of application security tools (DAST, SAST, IAST). Knowledge of common vulnerabilities (e.g., OWASP Top 10) and secure coding principles. Experience working with DevSecOps or integrating security into the SDLC is a plus. Excellent communication and analytical skills. Preferred Certifications (optional but beneficial) OSCP , CEH , CISSP , GIAC GWAPT/GWEB , or similar certifications.

Dear Candidate, We are hiring a Penetration Tester to simulate attacks and discover security vulnerabilities in critical systems. Perfect for professionals skilled in offensive security techniques. Key Responsibilities: Conduct penetration tests on web, mobile, and network systems Document vulnerabilities and remediation recommendations Develop exploits and custom testing tools Collaborate with developers to address findings Required Skills & Qualifications: Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap) Strong understanding of application and network security Experience writing exploit scripts (Python, Bash) Bonus: OSCP, OSWE, or CEH certification Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Dear Candidate, We are hiring an Application Security Developer to integrate security into software development. Ideal for developers who understand both coding and security risks. Key Responsibilities: Perform secure code reviews and static analysis Implement security features in web and mobile applications Collaborate with DevOps to automate security in CI/CD Conduct developer training on secure coding Required Skills & Qualifications: Experience with static/dynamic analysis tools (SonarQube, Checkmarx) Knowledge of web security standards (OWASP, CWE) Strong programming skills (Java, Python, JavaScript) Bonus: Familiarity with DevSecOps practices Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Dear Candidate, We are hiring a Security Engineer to design and implement secure systems across cloud and application environments. Ideal for engineers excited about threat modeling and proactive defense. Key Responsibilities: Perform security assessments and code reviews Develop security policies and incident response procedures Implement security controls in cloud and on-prem environments Monitor for vulnerabilities and recommend mitigation Required Skills & Qualifications: Knowledge of OWASP Top 10, secure coding practices Experience with SIEM, IDS/IPS, and vulnerability scanners Familiarity with cloud security (AWS, Azure, GCP) Bonus: Certifications (CISSP, CEH, OSCP) Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies