98 Burp Suite Jobs

Network Vulnerability management. Occasional network pen testing Network security architect The scope of the consultant services is to assist IKEA in Understanding the network architecture of MP. Assessing the vulnerability of the infrastructure. Scanning through the various reports of network vulnerability scans. Mitigation plan and report of various network vulnerability. Guiding infrastructure team around OT security. Requirements for this position. Industry experience of around 10 to 15 yrs . Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation Strong knowledge of: computer network defense, identity management, incident management, network security and infrastructure design Strong knowledge of cybersecurity activities associated with: requirements analysis, risk analytics and modeling, risk management; emerging issues, risks, vulnerabilities and vulnerability assessment Strong understanding of the following: networking fundamentals (all OSI layers, protocols), OS and software vulnerably and exploitation techniques, commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post exploitation (e.g. Metasploit, Nmap, Nessus, Burp Suite), and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services experience or working knowledge with threat modeling methodologies such as Stride, Pasta, or comparable experience visually representing data and process flows in an enterprise environment

Work Location:- Bangalore / Pune Experience:- 4 to 7 years Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional : Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Were looking for a hands-on architect to design, deploy, and manage Kubernetes clusters, ensuring high availability and performance. Youll lead the full lifecycle management of databasesautomating installs, upgrades, backups, and decommissionswhile actively contributing to open-source communities. This role involves driving security excellence by analyzing and remediating vulnerabilities (CVEs), conducting in-depth assessments using tools like Burp Suite and Anchore, and ensuring compliance with industry standards. Youll optimize workloads for resilience, troubleshoot complex issues across OS, containers, and databases, and deliver production-ready solutions. Strong debugging, observability, and collaboration skills are essential. You have: Bachelor's or Master's Engineering degree or equivalent with Over 12 years of experience in databases and Kubernetes with deep expertise in architecture, automation, and secure deployments; expert in MariaDB, Cassandra, and Redis, including tuning and troubleshooting in production. Strong programming skills in Python for automation and tooling, with hands-on experience in containerized environments using Docker, Kubernetes, Helm charts, and custom Operators. Proven track record in Microservices architecture, container orchestration, virtualization, and DevOps practices, including CI/CD pipeline development and deployment automation. Advanced knowledge of security protocols (TLS, SSH), encryption standards, and secure design principles, with experience in threat modeling, system hardening, and security-by-design methodologies. Skilled in security assessments and tooling, including vulnerability scanning, penetration testing, and robustness/DoS analysis using tools such as Anchore, Tenable, Netsparker, Codenomicon, and Nmap; familiarity with SBOM generation and integration in CI/CD workflows. It would be nice if you also had: Working knowledge of Infrastructure as Code tools like Terraform or Pulumi, along with GitOps workflows Familiarity with Prometheus, Grafana, ELK/EFK stacks, or OpenTelemetry for end-to-end observability, especially for performance tuning and incident response in distributed systems Design, deploy, and manage scalable, highly available MariaDB, Cassandra, and Redis databases within Kubernetes clusters, while continuously optimizing performance and reliability. Automate end-to-end lifecycle management workflowsincluding install, upgrade, backup, recovery, and decommissionwhile contributing technical improvements to open-source communities. Lead the response to security vulnerabilities across database stacks, collaborating with security and engineering teams to analyze, prioritize, and remediate CVEs. Conduct in-depth security assessments using tools like Burp Suite, Anchore, and Codenomicon, and map findings to risk levels to ensure compliance with security standards. Collaborate with cross-functional teams and customers to deliver secure, production-ready database solutions, troubleshoot complex issues across the stack, and stay current with trends in Kubernetes, OSS, and cloud security.

1. Conduct vulnerability scan using Prisma's cloud vulnerability scanning features to identify vulnerabilities in cloud resources . 2. Assess and monitor security posture of Kubernetes clusters, including network policies, pod configurations and container runtime security. 3. Leverage Prisma cloud's automated vulnerability risk scoring to evaluate severity of vulnerabilities 4. Work with teams to prioritize vulnerabilities based on severity, exploitability & potential business impact. 5. Ensure organization's cloud infrastructure complies with industry standards 6. Use Prisma cloud to scan Kubernetes clusters and container registries for known vulnerabilities and misconfigurations 7. Create vulnerability reports that detail discovered vulnerabilities, risk analysis and remediation actions.

Key Responsibilities: Perform in-depth penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. Identify, exploit, and document security vulnerabilities across systems and provide remediation recommendations. Simulate sophisticated attacks to test the strength of security controls and identify potential areas of compromise. Collaborate with development, infra, and DevOps teams to integrate security into the development lifecycle and Infrastructure-as-Code (IaC) security. Develop comprehensive security test plans, methodologies, and tools to ensure effective assessment of systems. Create detailed reports that outline vulnerabilities, risks, and recommended mitigations. Perform threat modeling and risk assessments to prioritize testing efforts. Monitor network traffic for threats and respond to security incidents. Ensure security best practices in Cloud environments, security controls for cloud workloads, IAM policies, and network security. Monitor and respond to cloud security incidents using SIEM and cloud-native security tools. Integrate and automate security testing and compliance checks into CI/CD pipelines using tools like SAST, DAST, and IAST . Experience Range: 3 - 5 years Educational Qualifications: -B.Tech/B.E in Computers , -B.Tech/B.E in IT Job Responsibilities: Required Skills & Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field . 2-3 years of experience in cybersecurity with a focus on Penetration testing or Ethical Hacking , Application Security, Cloud Security, and DevSecOps . Experience with security tools such as Burp Suite, Metasploit, Nessus, Wireshark, SonarQube, AWS WAF, Google WAF, Kali Linux, and other vulnerability scanning tools, etc. Knowledge of SIEM , EDR , NIST, CIS, and OWASP security frameworks. Proficiency in scripting (Python, Bash, PowerShell) for security automation. Industry certifications like CEH, Security+, AWS/GCP Security, or any DevSecOps-related certification (preferred but not mandatory). Excellent written and verbal communication skills to effectively report vulnerabilities and collaborate with stakeholders.Qualifications: Bachelors degree in computer science . Skills Required: DevOps , Linux , PHP , Python

WE'RE HIRING!! Job Title: Security Testing Years of Experience: 2-10 Years Mandatory Skills: #SecurityTesting #PenetrationTesting #BlackboxTesting #VAPT #DAST #OWASP #Burpsuite #Api Location: Bangalore Mode of Work : Hybrid Mode of Interview: 2-3 Rounds (Final Discussion will be F2F as Mandatory) Notice Period -Immediate-15Days Kindly apply to the job if matches the requirement and also share the job posts for active job seeking applicants. Share your hashtag#CV to rabecca.p@twsol.com

Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Interpersonal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated. - Team player

Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing should be able to perform Penetration testing -Gray Box Web applications, application security engineering principles, security tools- should be strong at . should know scripting Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring an Associate Consultant_Penetration Testing_ Web Application Location: Bengaluru Work Mode: Hybrid; 2 days WFO Geography they support: US Shift Time: 12-9 PM Experience: 4 -9 Years Notice Period: Immediate to 15 days Requirements: Web Application Penetration Testing (Mandatory): Candidates must have strong experience in web application penetration testing. While a combination of web and mobile application testing is acceptable, their recent and primary experience should be focused on web applications. CSRF (Cross-Site Request Forgery) Boolean SQL Injection DOM XSS (Cross-Site Scripting) CSV Injection Coding and auditing expertise Mandatory technical & functional skills Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Roles & responsibilities •Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications •Perform threat modeling, evaluate application business logic, and perform application architecture reviews •Ability to demonstrate application testing experience in real time via demos to both internal and external audiences •Act independently in penetration testing engagements, with minimal oversight and guidance •Act as a technical leader and mentor for junior engineers •Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options •Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Job Summary Experienced Vulnerability Management and penetration testing Governance lead will manage a team to oversee the identification, assessment, and remediation of security vulnerabilities across enterprise systems. This role will focus on establishing a proactive security posture, ensuring compliance with industry standards, and driving governance initiatives to mitigate risks effectively along with strong leadership and project management skills. Vulnerability Assessment: Lead regular vulnerability scans and penetration testing across infrastructure, cloud environments and outside-In. Security Baseline: Lead development and implementation of Security Baseline using CIS Benchmarks by determining the systems, applications, and network devices to be secured (e.g., Windows, Linux, Cloud, Docker, Kubernetes). Risk Analysis & Prioritization: Evaluate identified vulnerabilities based on severity, exploitability, and potential business impact. Remediation Planning: Collaborate with IT, security, engineering and entity teams to ensure timely remediation of high-risk vulnerabilities. Governance & Compliance: Develop and enforce security governance frameworks in line with industry standards (e.g., NIST, CIS, ISO 27001, PCI-DSS). Threat Intelligence Integration Leverage global threat intelligence feeds to stay ahead of emerging security threats and vulnerabilities. Security Policy Development: Define policies and best practices for vulnerability management, reporting, and remediation. Automation & Continuous Monitoring: Implement automated vulnerability scanning tools and ensure ongoing security assessments. Incident Response Support: Provide technical guidance in vulnerability-related security incidents and audits. Reporting & Metrics: Establish key risk indicators and provide executive reports on vulnerability trends and remediation progress. Experience: 12+ years in cybersecurity, vulnerability management, or Penetration testing roles. Technical Expertise: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, OpenVAS), penetration testing and threat intelligence platforms. Penetration Testing & Ethical Hacking Experience with tools like Metasploit, Burp Suite, Nmap, and Wireshark for real-world security assessments. Security Framework Knowledge: Strong understanding of NIST, CIS benchmarks, OWASP Top 10, and CVSS scoring models. Compliance Awareness: Familiarity with regulatory standards affecting security risk management. Leadership & Communication: Ability to coordinate with multiple stakeholders, drive security improvements, and articulate risks effectively. Certifications such as CISSP, CISM, CEH, OSCP or equivalent. Experience in cloud vulnerability management (AWS, Azure, GCP). Knowledge of DevSecOps practices and security automation. Reinvent your world.We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

No of years experience 4+ Years Detailed job description - Skill Set: 4+ years of experience in UI development using reactjs with deep understanding of react hooks, session, cookies, state management Deep insight on UI performance, security, cross site scripting, large data handling Using GraphQL for API query Mandatory Skills React JS Work Location Bangalore, Mysore

Job Summary: Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors De Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Ne Networks with senior internal and external personnel in own area of expertise. Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments. Experience with vulnerability exploit techniques and tools. - Ability to setup, configure and utilize ethical hacking tools and exploits. Ab Ability to develop exploits and demonstrate impacts to others Proficient in research and analysis of security intelligence data, system/application/network configurations and logs Ab Ability to understand and execute complex analysis of intelligence data as well as systems/application/network configurations and logs to determine preliminary threats, targets and evaluate risk appropriately. Ab Ability to apply controls to safely traverse the dark web for research purposes. Experience with activities involving APT Threats - Ability to describe various tools, techniques, and procedures (TTPs) associated with threat actors known to operate in the financial services domain.

Skill required: Tech for Operations - Security Governance Designation: Security Delivery Associate Manager Qualifications: BE/Master of Engineering Years of Experience: 10 to 14 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA process of establishing and maintaining a security governance framework. Support management structure and processes to provide assurance that information security strategies are aligned with and support business objectives are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, metrics, reporting all in an effort to manage the risk and compliance requirements. What are we looking for Commitment to qualityExperience in research and developmentNegotiation skillsProblem-solving skillsRisk managementThe role demands Indepth knowledge in application security area. Candidate should have hands on experience in SAST, DAST, Penetration testing. DevSecOps and Software composition analysis are other areas where the candidate should have experience in.The role also demands capability of scripting using Python and other related required knowledge of database and networking.Certifications like CISSP, CCSP, CISM, CEH, ECSA etc. will be added advantage. Roles and Responsibilities: In this role you are required to do analysis and solving of moderately complex problems Typically creates new solutions, leveraging and, where needed, adapting existing methods and procedures The person requires understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor or team leads Generally interacts with peers and/or management levels at a client and/or within Accenture The person should require minimal guidance when determining methods and procedures on new assignments Decisions often impact the team in which they reside and occasionally impact other teams Individual would manage medium-small sized teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Qualification BE,Master of Engineering

Seeking a skilled Vendor Assessment and Penetration Tester to join our Cyber Security team. The individual in this role will be responsible for evaluating the overall security posture of third-party vendors, conducting penetration tests on external systems, applications, and services, and ensuring compliance with security standards KEY RESPONSIBILITIES 1. Representative from Security across the organization for performing Risk Assessments for any new projects from IT/Infrastructure/Security point of view. 2. Work with the AppSec team for the Vulnerability Assessment and Penetration Testing on Web Applications, APIs, Mobile Apps and Cloud Environment. Also ensure Application Source Code is scanned as per Security Best Practices. 3. Work along with the Server & Application team for Vulnerability & Configuration Assessment, Firewall Rule Review and Baseline Standards review. 4. Work Along with endpoint and server team for Freeware and License Softwares/applications assessment and installation. 5. Collaborate with the Development Team, IT and Business Stakeholders for tracking, remediation of the open issues and bring to closure. 6. Ensure adherence to Compliance Standards such as ISO 27001, NIST, OWASP, etc. 7. Provide technical guidance and mentor ship to VAPT team. 8. Review the Security Assessment Reports, escalate and follow up with stakeholders for mitigation. 9. Understand the organizations infrastructure and perform deep dive analysis of the processes, tools & technologies and identify the associated risks. 10. Document the risks and associated controls in place (risk register). 11. Knowledge on Attack Surface Management, Breach Attack Simulation & Bitsight Monitoring. 12. Knowledge of WAF with OWASP Top 10 vulnerabilities and Virtual Patching for reducing the Risk Exposure. 13. Hands on experience on Security Tools such as Tenable Security SC, Nessus, Qualys VMDR etc. 14. Assist in other BAU activities based on the feasibility. 15. Manage Vendor Relationship and security assessments for third party applications. 16. Stay updated with emergency cybersecurity threats, exploits and security trends to enhance the security posture. MANDATORY SKILLS REQUIRED 1. Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience). 2. Proven experience in performing penetration tests and security assessments, with a strong understanding of common attack vectors. 3. Strong knowledge of web application security, network security, and common vulnerabilities (e.g., OWASP Top 10). 4. Hands-on experience with penetration testing tools (e.g., Burp Suite, Kali Linux, Metasploit, Nmap, etc.). 5. Familiarity with risk management frameworks (e.g., NIST, ISO 27001, CIS). 6. Familiar with Web Application Firewall, Incident troubleshooting and Virtual Patching. 7. Knowledge of vendor risk management processes and frameworks. 8. Understanding of cloud security, network infrastructure, and security compliance regulations. 9. Ability to analyze complex security issues and clearly communicate them to non-technical stakeholders. 10. Certifications such as OSCP, CEH, CISSP, or similar are a plus.

"We're Hirng For Senior Security Engineer role at Noida/Bhubaneswar Location" Position: Senior Security Engineer Experience: 5 to 8 Years Location: Noida / Bhubaneswar Must-Have Skills: Cloud Security: AWS / GCP / Azure Security Services: IAM, VPC, Security Groups, KMS Security Tools: AWS Security Hub, Azure Defender, Prisma Cloud, CrowdStrike, Burp Suite, Nessus Container Security: Docker, Kubernetes Scripting: Python, Bash IaC Tools: Terraform, CloudFormation Core Concepts: Encryption, Authentication, Authorization, Secure Communication Client-facing experience in delivering actionable security solutions More information +91 73597 10155 | rushit@tekpillar.com

Securze is hiring Security Analysts (L2/L3) in Mumbai with 3+ yrs experience in pentesting, red/blue teaming, AD attacks, and network security. Hybrid role. Must be technically strong, confident, and eager to learn. Immediate joiners only.

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional : Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Shift: (GMT+05:30) Asia/Kolkata (IST) What do you need for this opportunity Must have skills required: Frida, Ghidra, Reverse Engineering Anakin (YC S21) is Looking for: About the Role: Were looking for an experienced engineer to help us understand and interact with web and mobile application APIs in a structured and compliant manner. This includes analyzing how apps and websites generate secure API requests, inspecting native/mobile code, and building reliable systems for data extraction, strictly in accordance with terms of service. Key Responsibilities: Analyze Android apps (Java/Kotlin/native code) to understand API flows and request signing mechanisms. Study browser and JavaScript behavior to understand how websites structure and secure their API calls. Investigate how common client-side security mechanisms (e.g., token generation, header signing, session validation) are implemented. Build tools or automation scripts to replicate legitimate client behavior in a compliant and respectful manner. Collaborate with internal teams to integrate and maintain data extraction systems responsibly. Must-Have Skills: Experience in reverse engineering Android apps (APK analysis, native code inspection). Deep understanding of web technologies, JavaScript execution, and HTTP protocol. Familiarity with client-side security implementations such as token generation, obfuscation, and API protection. Must have a solid understanding of JWT, JWE, cookies, and session management in web and mobile applications. Hands-on experience with tools like Frida, mitmproxy, Burp Suite, Wireshark, Ghidra/IDA Pro or similar. Strong scripting skills (Python, Node.js, etc.). Nice-to-Have: Background in security engineering, penetration testing, or application security research. Familiarity with CAPTCHA handling methods and automation frameworks (e.g., Puppeteer, Playwright). Experience with mobile app instrumentation (NDK, JNI). Experience working with large-scale distributed systems, as it helps in building scalable and resilient data extraction infrastructure.

We are seeking an experienced, strategic, and hands-on Manager - Product Security to lead a growing team of penetration testers supporting BMCs IZOT product line. This team focuses on offensive security assessments across mainframe-based solutions and modern application ecosystems. In this leadership role, you will manage a team of skilled professionals performing deep security testing, red teaming, vulnerability analysis, and secure architecture reviews. Youll be responsible for setting strategic goals, driving security initiatives, and ensuring secure-by-design practices are embedded across product development lifecycles. This position requires a solid blend of technical expertise in offensive security, deep understanding of mainframe and modern application architectures, and strong leadership to influence and drive results across cross-functional teams. To ensure youre set up for success, you will bring the following skillset & experience: Bachelor's or master's degree in computer science, Information Security, or related field. 8+ years in cybersecurity roles, with 3+ years in technical leadership or management capacity. Proven experience leading or performing penetration testing on both mainframe and modern platforms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe and modern systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF, JCL Security tools: Nmap, Burp Suite, Wireshark, custom scripts Proficient in scripting and automation skills (Python, REXX, Bash, or similar). Experience delivering technical and executive-level security reports. Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services.

Location: OnebyZero Bangalore, India/ Ho Chi Minh, Vietnam/Bangkok, Thailand/Makati, Philippines. Work Set-up: Hybrid. The Role: DevSecOps Engineer. We are looking for a skilled DevSecOps Engineer with over 3 years of experience and expertise in AWS security. This role focuses on ensuring the security of our cloud infrastructure and applications while fostering collaboration between development, operations, and security teams. In addition to security, the role involves managing cloud infrastructure using Terraform and contributing to overall DevOps practices.. What You’ll do. Cloud Security Design & Implementation: Design, implement, and manage secure AWS cloud infrastructure, ensuring adherence to best practices in security, scalability, and availability.. Infrastructure as Code (IaC): Develop and maintain cloud infrastructure using Terraform, ensuring version control, scalability, and ease of deployment.. Security Automation: Develop and maintain CI/CD pipelines with integrated security checks to enable secure and rapid software delivery.. Risk Assessment: Identify vulnerabilities, assess risks, and implement security measures to protect cloud environments.. Compliance Management: Ensure compliance with regulatory standards and internal policies (e.g., GDPR, HIPAA, ISO 27001) across the cloud infrastructure.. Monitoring & Incident Response: Monitor and respond to security incidents using AWS services like CloudTrail, GuardDuty, and Security Hub.. Collaboration & Training: Work with development and operations teams to implement secure coding practices and conduct security training.. DevOps Practices: Collaborate with teams to ensure smooth integration of security into the DevOps pipeline, enabling automated deployments and scaling.. Requirements. Basic Qualifications. 3+ years of hands-on experience in a DevOps Engineer role, SecOps or cloud security roles.. Extensive experience with AWS services (EC2, S3, VPC, Lambda, RDS, etc.). Strong proficiency in Infrastructure as Code (IaC) using Terraform, AWS CDK, or CloudFormation.. Demonstrated expertise in building, managing, and automating CI/CD pipelines (e.g., GitHub Actions, Jenkins).. Advanced scripting skills in Python and Bash for automation and tool development.. Expertise in Linux system administration (Ubuntu, CentOS, etc.).. Deep understanding of networking, security practices, and monitoring in cloud environments.. Experience with containerization and orchestration tools such as Docker and Kubernetes.. Knowledge of security testing tools (e.g., OWASP ZAP, Snyk, or Burp Suite).. Skills. Cloud Platforms: Advanced AWS Cloud expertise (EC2, VPC, S3, Lambda, RDS, CloudFront, etc.). IaC Tools: Terraform, AWS CDK, CloudFormation. CI/CD Tools: GitHub Actions, Jenkins. Scripting Languages: Python, Bash. Containerization: Docker, Kubernetes. Operating Systems: Linux (Ubuntu, CentOS, etc.). Version Control: Git, GitHub, GitLab. Show more Show less

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing). NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at?www.netspi.com/careers.. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.. Responsibilities. Conduct in-depth penetration testing and secure code review assessments on web applications. Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities. Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Train and assist developers in writing secure software and remediating existing vulnerabilities. Provide oversight to peers on service lines through QA process. Mentor and assist team members in effectively delivering assessments and enhancing skillsets. Present detailed penetration test findings to clients and assist in remediation planning. Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques. Contribute to the cybersecurity community through tools, presentations, white papers, and blogging. Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.). Minimum Qualifications. Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing. Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred. Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code. Ability to explain risk and business impact of security vulnerabilities to variety of audience. Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.. Preferred Qualifications. Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++. Experience in software development in at least one server-side programming language. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.. Show more Show less

What You'll Do. Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.. You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.. You will report to security leadership at Avalara. This is a remote position.. Job Responsibilities. What Your Responsibilities Will Be. You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.. Promote security by design across the organization, and help foster a security-first culture.. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.. What You’ll Need To Be Successful. Required Qualifications. 8+ years of experience in application security, secure software development, or security engineering.. Strong programming proficiency in Python and GoLang (hands-on).. Experience with secure SDLC practices and CI/CD pipeline integration.. Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.. Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.. Familiarity with Git, modern source control practices, and agile development methodologies.. Experience working with a broad range of security tools, including:. Tenable, Wiz (Cloud Security Posture Management). Checkmarx, Mend (SAST, SCA). Acunetix, Burp Suite (DAST). CrowdStrike (EDR/XDR). Bachelor's Degree in Computer Science, Engineering, or a related field.. Proven experience contributing to security automation efforts within a security organization like Avalara Security.. Experience with AI/ML tools and frameworks applied to application security or behavior analytics.. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.. Passion for enabling developer-friendly security solutions and maximum automation.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

About LeadSquared One of the fastest-growing SaaS companies in the CRM space, LeadSquared empowers organizations with the power of automation More than 1700 customers with 2 lakhs+ users across the globe utilize the LeadSquared platform to automate their sales and marketing processes and run high-velocity sales at scale, We are backed by prominent investors such as Stakeboat Capital, Jyoti Bansal, and Gaja Capital to name a few We raised $153mn in our latest Series C funding round from WestBridge Capital, and we're now India's 103rd Unicorn! We are expanding rapidly and our 1100+ strong and still growing workforce is spread across India, the U S, the Middle East, ASEAN, ANZ, and South Africa, Among the Top 50 fastest-growing tech companies in India as per Deloitte Fast 50 programs Frost and Sullivan's 2019 Marketing Automation Company of the Year award Among Top 100 fastest growing companies in FT 1000: High-Growth Companies AsiaPacific Listed as Top Rates Product on G2Crowd, GetApp, and TrustRadius Location : Cessna Business Park (Bangalore)-WFO Requirements 23 years of experience in product or application security; at least 1 year of hands-on software development experience is highly desirable, Proficiency in application security testing using tools such as Burp Suite, SonarQube, SQLMap, and others (SAST, DAST, SCA), Experience with secure coding practices, and strong scripting skills in Python or JavaScript, Solid understanding of industry standards and frameworks such as OWASP Top 10, SANS CWE, etc Knowledge of security fundamentals like cryptography, authentication, risk assessment, and threat modeling, Exposure to cloud platforms (e-g , AWS, Azure) and their associated security best practices, Familiar with CI/CD pipelines and DevSecOps practices for integrating security into development workflows, Understanding of compliance standards such as ISO 27001 and HIPAA, Ability to automate security testing to increase assessment coverage and efficiency, Strong communication skills to effectively convey technical findings to both technical and non-technical stakeholders, Key Responsibilities Conduct application security assessments on web,API and mobile platforms, Perform secure code reviews on apps Carry out cloud security assessments for SaaS infrastructure and services, Manage the vulnerability lifecycle from discovery to resolution, Deliver security training and awareness sessions to internal teams, Develop tools and frameworks to support security automation and engineering initiatives,

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options