20 Checkmarx Jobs

Position Purpose The purpose of the position is to help with the information security topics mentioned in the direct responsibilities. Responsibilities Direct Responsibilities - Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. - Engaging with organization wide risk and control groups, including internal audit and territory control teams. - Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls. Contributing Responsibilities Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process Knowledge of single-sign-on security strategies (e.g. SAML, OAUTH2, SiteMinder etc.) Excellent understanding of authentication related mechanisms (Kerberos, One Time Passwords, PKI) Good understanding of cryptography and its practical uses within secure application development Familiarity with common security vulnerabilities (e.g. OWASP Top 10) Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them. Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Technical & Behavioral Competencies Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarize key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity, Sonatype, Blackduck Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. Excellent Inter personal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Ability to share / pass on knowledge Active listening Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to develop and adapt a process Ability to develop and leverage networks Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Bachelor Degree or equivalent Experience Level At least 7 years

Participate in team prioritization discussions with Product/Business stakeholders Estimate and own delivery tasks (design, dev, test, deployment, configuration, documentation) to meet the business requirements Automate build, operate, and run aspects of software Drive code/design/process trade-off discussions within their team when required Report status and manage risks within their primary application/service Drive integration of services focusing on customer journey and experience Perform demos/acceptance discussions in interacting with Product owners Understands operational and engineering experience, actively works to improve experience and metrics in ownership area Develop complete understanding of end-to-end technical architecture and dependency systems Drive adoption of technology standards and opinionated frameworks, and review coding, test, and automation work of team members Mentor and guide new and less-experienced team members Identify opportunities to improve an overall process and trim waste Share and seek knowledge within their Guild/Program to drive reuse of patterns/libraries/practices and enhance productivity Experiences Overall 6-9 years of career experience in Java / Full Stack Development Expertise on React a must Has ability to write secure code in three or more languages (e.g., C, C+, C#, Java, JavaScript) and familiar with secure coding standards (e.g., OWASP, CWE, SEI CERT) and vulnerability management Understands the basic engineering principles used in building and running mission critical software capabilities (security, customer experience, testing, operability, simplification, service-oriented architecture) Understands internals of operating systems (Windows, Linux) to write interoperable and performant code Able to perform debugging and troubleshooting to analyze core, heap, thread dumps and remove coding errors Understands and implements standard branching (e.g., Gitflow) and peer review practices Has skills in test driven and behavior driven development (TDD and BDD) to build just enough code and collaborate on the desired functionality Understands use cases for advanced design patterns (e.g., service-to-worker, MVC, API gateway, intercepting filter, dependency injection, lazy loading, all from the gang of four) to implement efficient code Understands and implements Application Programming Interface (API) standards and cataloging to drive API/service adoption and commercialization Has skills to author test code with lots of smaller tests followed by few contract tests at service level and fewer journey tests at the integration level (Test Pyramid concept) Apply tools (e.g., Sonar, Zally, Checkmarx ) and techniques to scan and measure code quality and anti-patterns as part of development activity Has skills to collaborate with team and business stakeholders to estimate requirements (e.g., story pointing) and prioritize based on business value Has skills to elaborate and estimate non-functional requirements, including security (e.g., data protection, authentication, authorization), regulatory, and performance (SLAs, throughput, transactions per second) Has skills to orchestrate release workflows and pipelines, and apply standardized pipelines via APIs to achieve CI and CD using industry standard tools (e.g., Jenkins, AWS/Azure pipelines, XL Release, others). Has skills to understand, report, and optimize delivery metrics to continuously improve upon them (e.g., velocity, throughput, lead time, defect leakage, burndown) Has skills to document and drive definition-of-done for requirements to meet both business and operational needs Understands how to build robust tests to minimize defect leakage by performing regression, performance, deployment verification, and release testing Has skills to conduct product demos and co-ordinate with product owners to drive product acceptance signoffs Has skills to Understands customer journeys and ensure a Mastercard good experience by continuously reducing Mean time to mitigate (MTTM) for incidents and ensuring high availability (99.95% as a starting point)

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL

JOB DESCRIPTION ACI Worldwide Inc. (:) is acompany headquartered inElkhorn NebraskaACI develops a broad line of software focused on facilitating real-time electronic payments. These products and services are used globally by,such as third-party electronic, payment associations, switch interchanges,, corporations, and a wide range of transaction-generating endpoints, including(ATM), merchant(POS) terminals, bank branches,,,, and internet commerce sites In short, we're helping banks, merchants and billers capture rising real-time opportunities and volumes, all to meet the shifting needs of their consumers and business customers. Our people are the core of our business and our team represents a globally diverse, passionate and dedicated group of thousands of individuals around the world who share a common commitment to making our customers successful by driving the future of payments.As a Senior Software Engineer you can help make possibilities happen. ACI Secure eCommerce delivers global payment gateway solutions for payment service providers, Independent eCommerce retailers, Third party acquirers and Independent software Vendors, enabling them to fully outsource payment transaction processing including cross border Payments and or integrate a gateway-to-gateway solutions which are PCI-compliant and provide access to more than 300 global acquirers delivering alternative payment methods such aseWallets, mobile payments and more, in multiple languages and all major currencies enabling payment providers to rapidly increase global revenues, reduce costs and risk, and accelerate market expansion by offering innovative channels. Key Responsibilities: Innovative Development: Drive the design and development of critical components, ensuring they align with the product's roadmap and business goals. Leverage your deep understanding of software engineering principles to create efficient, reliable, and elegant solutions. Code Quality and Best Practices: Set and enforce high coding standards, best practices, and development processes. Lead code reviews, ensuring code quality, consistency, and adherence to architectural guidelines. Collaborative Excellence : Partner with product managers, partner teams, and other stakeholders to understand requirements, provide technical insights, and deliver solutions that exceed customer expectations. Technical Mentorship: Inspire the team in setting technical direction, providing mentorship, and promoting a culture of excellence in software development. Technical Design: Contribute to the formulation of the solution design and technical strategies including the adoption and evaluation of new technologies, tools, and methodologies. Stay abreast of industry trends and emerging technologies to drive innovation. Collaborative Excellence : Partner with product managers, partner teams, and other stakeholders to understand requirements, provide technical insights, and deliver solutions that exceed customer expectations. Performance Optimization : Identify performance bottlenecks and optimize software components to deliver a fast and seamless user experience. Documentation and Knowledge Sharing: Create and maintain comprehensive technical documentation, sharing knowledge and insights across the team. Minimum Qualifications 3-6 years of software development experience in working on Java 17+ (Spring boot / Hibernate & MicroServices) with knowledge / experience in Multithreading, Concurrency, Collections and serialization with an ability to write secure defensive code. Strong experience in API development and working on RESTful API's / SOAP and expertise in product & technical design along with Web Application architecture . Keep track of deliverables and individual work plans, manage budgets, resource tasks and be involved in Code Reviews. Experience in working with CI/CD Pipelines, Jenkins and Docker. Knowledge and or Experience in working with RDBMS (Oracle / Sybase / PostgreSQL / DB2) and working with complex SQL Queries Experience in Linux / Unix) environment, basic system Commands (UNIX ) Familiarity with code management tools (GIT, Synergy, etc.) is desirable. Experience in Payment Gateway (OWAPS Guidelines) and exposure to different security tools like Checkmarx, Blackduck, SonarQube (SAST/DAST) etc.) Willingness to learn and adapt to both legacy and new age technologies, to solve problems and take the product in new directions. Ability to collaborate with a global team and work with attention to detail & multitask under tight deadlines. Previous card payments or ecommerce domain experience with knowledge of Retail Banking, Omni Commerce Payment ecosystem & Card networks such as VISA, Mastercard, Discover etc. Highly Desired Qualifications Previous experience in developing payments software solutions & Card networks such as VISA, MasterCard, Discover, AMEX, JCB, etc. Business knowledge about card payments industry is a plus. Work Experience in Agile Methodology would be preferable. Education: BE, BTech Comp Science, BTech Electronics, BE / BTech IT, MSc Comp Sc, MCA In return for your expertise, we offer growth, opportunity, and a competitive compensation and benefits package in a casual work environment. Our benefits are the Best in Industry such as Health Insurance for Employee and Family with periodic health checkups. Paid time off and sick time off Maternity and Paternity time off. Robust rewards and awards program. Are you ready to help us transform the world of electronic payments To learn more about ACI Worldwide, visit our web site at.

Work on a balanced product team to define, design, develop/deploy React based front-end on GCP platform. Additionally,will conduct proof-of-concepts to support new features,ensure quality,timely delivery using Agile XP practices. Required Candidate profile Good knowledge on code quality tools (42Crunch, SonarQube, CheckMarx, etc) GIT hub, Jenkins, Maven, Gradle, etc 3+ years of work experience in Agile project involvement, Software Craftsmanship

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Responsibilities Be hands-on in the design and development of robust solutions to hard problems, while considering scale, security, reliability, and cost Support other product delivery partners in the successful build, test, and release of solutions Be part of a fast-moving team, working with the latest tools and open-source technologies Work on a development team using agile methodologies. Understand the Business and the Application Architecture End to End Solve problems by crafting software solutions using maintainable and modular code. Participate in daily team standup meetings where you'll give and receive updates on the current backlog and challenges. Participate in code reviews. Ensure Code Quality and Deliverables Provide Impact analysis for new requirements or changes. In-depth knowledge of single team business domain and the ability to express or communicate technical work in business value terminology. Firm grasp on design disciplines and architectural patterns and aligning and influencing the fellow team members in following them. Engaged in fostering and improving organizational culture. Qualifications Required Skills: Strong experience in C#, SOLID Design Principles/Patterns, OOP, Data Structures, Core, ,Web API, ReactJS, xUnit, TDD, Kafka, Microservices, Event-Driven Architecture, Azure (including Terraforms and AKS). Proficiency in SQL querying and database design to interact with relational databases like SQL Server. Experience writing unit and integration tests and effectively troubleshooting application issues. Knowledge of Service Oriented Architecture, SonarQube, CheckMarx Ability to speak/write fluently in English Experience with agile methodology including SCRUM. Experience with modern delivery practices such as continuous integration, behavior/test driven development, and specification by example.

Role Overview: This role focuses on integrating security best practices into CI/CD pipelines and production system deployments, ensuring security is embedded throughout the software development lifecycle. As a DevSecOps Engineer, you will work closely with architecture, development, and operations teams to make security a shared responsibility across all stages of software development and deployment. Your primary responsibility will be implementing security best practices, testing, and automation tools into CI/CD pipelines and production environments using industry-standard tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security mechanisms. Key Responsibilities : Security Integration into DevOps: Collaborate with development and operations teams to integrate security practices into every stage of the software development lifecycle, from code creation to deployment. CI/CD Pipeline Security: Configure, implement, and manage security tools and automation in CI/CD pipelines to detect vulnerabilities early in the development process. Security Testing: Use SAST and DAST tools to automate security testing for code and applications. Continuously monitor security scans, report findings, and recommend remediation strategies. Automation & Process Improvement: Continuously enhance and automate security processes to deliver secure software efficiently while minimizing manual intervention. Experience Required: 3+ years of experience in DevOps or a similar role focused on integrating security into CI/CD processes. Proven experience implementing and configuring security tools such as SAST, DAST, and other automation tools. Strong hands-on experience with CI/CD tools and languages (e.g., Jenkins, Groovy, Git, Python, Bash) for pipeline automation. Proficiency in cloud-native deployments and management (e.g., Helm, Kustomize), Kubernetes objects, and cluster debugging. Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible. Knowledge of CIS benchmark recommendations and system hardening practices. Curious? Apply now :-cognyte.70.75E@applynow.io

Databuzz is Hiring for DevSecOps Engineer-4+yrs-PAN India-Hybrid Please mail your profile to haritha.jaddu@databuzzltd.com with the below details, If you are Interested. About DatabuzzLTD: Databuzz is One stop shop for data analytics specialized in Data Science, Big Data, Data Engineering, AI & ML, Cloud Infrastructure and Devops. We are an MNC based in both UK and INDIA. We are a ISO 27001 & GDPR complaint company. CTC - ECTC - Notice Period/LWD - (Candidate serving notice period will be preferred) Position: DevSecOps Engineer Location: PAN India(Hybrid) Exp -4+ yrs Mandatory skills : A security expert who can write code as needed and knows the difference between Object vs Class vs Function programming Strong passion and thorough understanding of what it takes to build and operate secure reliable systems at scale Strong passion and technical expertise to automate security functions via code Strong technical expertise with Application Cloud Data and Network Security best practices Strong technical expertise with multicloud environments including containerserverless and other microservice architectures Strong technical expertise with older technology stacks including mainframes and monolithic architectures Strong technical expertise with SDLC CICD tools and Deployment Automation Strong technical expertise with operating security for Windows Server and Linux Server systems Strong technical expertise with configuration management version control and DevOps operational support Strong experience with implementing security measures for both applications and data with an understanding of the unique security requirements of data warehouse technologies such as Snowflake Regards, Haritha Talent Acquisition specialist haritha.jaddu@databuzzltd.com

Duration: 12Months Job Type: Contract Work Type: Onsite Roles and Responsibilities: GitLab DevOps & CI/CD: Expertise in GitLab DevOps tools, CI/CD best practices, and automation. Pipeline Management: Hands-on experience in designing, implementing, and managing environment-specific pipelines. Proficiency in Shell scripting and YAML scripting for workflow automation. Experience with Terraform or ARM templates is a plus. Kubernetes: Strong expertise in Docker and Azure Kubernetes Service (AKS). Experience with Helm charts, version upgrades, monitoring, and debugging AKS workloads. Azure Experience: In-depth knowledge of Azure App Services, Function Apps, and Azure Key Vault management. Experience managing Azure Virtual Networks (VNet), Route Tables, and Network Security Groups (NSGs). Hands-on experience integrating Checkmarx (CX Scan), Snyk, SonarQube, and Unit Testing frameworks. Strong knowledge of RBAC (Role-Based Access Control), Azure AD (Entra ID), and Azure Policy. Expertise in Azure Monitoring & Alerting, including logs, metrics, and dashboard setup. Understanding of Azure Load Balancers, Application Gateway, and Traffic Manager. Experience in provisioning, scaling, and maintaining VMs on Azure. Deep knowledge of IIS, including dependency installation, configuration, and troubleshooting. Cost Optimization: Familiarity with Azure Cost Management & Optimization strategies. Release Management: Experience in release planning, Change Request (CR) preparation, and LOP (List of Pending) management. Cross-functional Coordination: Ability to coordinate with teams for deployment success and issue resolution. Mandatory Skills: Primary skills: Devops with Azure Kubernetes, GitLab, CI/CD, Shell scripting, Helm charts, Checkmarx (CX Scan), Snyk, SonarQube, and Unit Testing frameworks. Experience: Total Exp: 5-8 years Rel Exp: 7-8 years relevant with the mandate skills

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

About this role: Wells Fargo is seeking a Lead Software Engineer within CT Cloud Engineering team In this role, you will: Migrate applications from TAS (formerly PCF) to OpenShift Container Platform. Contribute towards containerizing an application, by following the standard development practices. Leverage DevOps tools to migrate applications on OpenShift Container Platform. Integrate application with other middleware, monitoring, logging products to ensure smooth operations. Follow SDLC best practices, troubleshoot migration issues & be vocal as a Consultant for application teams to ease the migration journey. Collaborate and consult with key technical experts, senior technology team, and external industry groups to resolve complex technical issues and achieve goals. Working in a globally distributed team to provide innovative and robust Cloud centric solutions. Closely working with Product Team and Vendors to develop and deploy Cloud services to meet customer expectations. Required Qualifications: 5+ years of Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: Overall 5+ years of experience, 2+ years working with OCP (OpenShift Container Platform). Must have 5+ years of hands-on experience on Java .Net (C# or other) language. Must have 5+ years of exposure and knowledge on different DevOps tools - GitHub, Jenkins, Harness, Blackduck, Checkmarx. Must have exposure and knowledge on infrastructure skills on maintaining the Kubernetes clusters, workloads, services. In depth, practical experience with Cloud methodologies (IaaS, PaaS, SaaS), microservices, orchestration etc... Job Expectations: Proficient and have a thorough understanding of various Cloud service offerings Well versed with Agile methodologies, product operating model and experience working in/for big enterprises

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Job Title: Security Engineer Location: Chennai (5 Days Onsite) Employment Type: Contract Role Overview We are seeking a skilled and detail-oriented Security Engineer to join our team in Chennai on a contract basis. The ideal candidate will have hands-on experience in application security testing, static code analysis, and vulnerability assessments for web and mobile applications. Key Responsibilities Perform Application Security Testing using tools such as Burp Suite, ZAP , and Postman . Conduct OWASP Top 10 assessments and ensure adherence to secure coding practices. Implement and manage Static Application Security Testing (SAST) using tools like SonarQube, Fortify, Checkmarx , and Semgrep . Execute Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications. Collaborate with development and DevOps teams to identify and remediate security vulnerabilities. Provide detailed reports and recommendations for security improvements. Required Skills Strong experience in OWASP-based security testing . Proficiency with Burp Suite, ZAP , and API testing tools like Postman . Hands-on experience with SAST tools : SonarQube, Fortify, Checkmarx, Semgrep . Experience in VAPT for web and mobile applications . Good understanding of secure software development lifecycle (SSDLC).

Seeking a skilled OSS Lead with strong DevOps expertise. Must have hands-on experience in build tools, package managers, scanning tools, GitHub Actions, and BASH scripting. Public cloud exposure is a plus. Required Candidate profile 6+ yrs of exp in DevOps Strong expertise in Build tools and Package Manager Exp-Scanning tools like CheckMarx and SCA 4+ yr exp-GitHub Actions BASH scripting Public cloud exposure is good to have

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.