160 Dast Jobs - Page 3

Educational Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional : Security testing(3-5 years exp) - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMIndividual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling-Microsoft Threat Modelling Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Infrastructure Security-Cloud Security Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Application Security-DevSecOps

Educational Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional : Security testing(5-8 years exp) - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMIndividual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling-Microsoft Threat Modelling Technology-Application Security-Application Security - ALL Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Infrastructure Security-Cloud Security Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Application Security-DevSecOps

Job Title: DevOps Engineer Location: Pune Experience: 4 to 8years Job Summary: We are looking for a skilled and motivated DevOps Engineer with strong hands-on experience in CI/CD pipeline development , scripting , and DevOps tooling . The ideal candidate will have experience with Jenkins pipeline creation, Groovy scripting, shared library code, and working knowledge of both application development and infrastructure automation. Key Responsibilities: Design, develop, and maintain Jenkins pipelines using Groovy and shared libraries. Collaborate with development teams for application onboarding on CI/CD pipelines. Manage source control using Git , including commands like pull, soft/hard reset, and handling pull requests. Build and manage Java-based applications using Maven , ensuring dependency management. Integrate tools like SonarQube , DAST for code quality and security analysis. Perform application installations and upgrades across environments. Execute Atlassian tool upgrades and manage related configurations. Write and maintain scripts in Python (basic) and execute Linux command-line tasks for deployment and automation. Troubleshoot build failures, deployment issues, and pipeline bottlenecks. Required Skills: Strong experience in writing Jenkinsfiles , Groovy scripting, and pipeline-as-code. Hands-on with shared library development in Jenkins. Proficient in Git operations (soft/hard reset, pull, branching, PR reviews). Experience with Maven build tool and managing Java dependencies . Familiarity with SonarQube , DAST , and other static/dynamic code analysis tools. Working knowledge of Python scripting (basic level). Proficiency in Linux commands and system-level tasks. Experience in application upgrades , installations, and Atlassian tools upgrade/maintenance. Preferred Qualifications: Bachelor's degree in Computer Science, Information Technology, or related field. Strong problem-solving skills and ability to work independently. Good understanding of software development lifecycle and DevOps culture.

Role & responsibilities Strong knowledge of web application security testing, API security testing Strong knowledge of Industry standard application security tools Burp Suite, Nmap, Zap proxy Strong knowledge of Industry standard DAST tool (example: NetSparker) Strong knowledge in both static and dynamic assessments for desktop and mobile applications Strong knowledge in manual and automated testing process, focusing on OWASP methodology Strong Knowledge of vulnerability identification and remediation methodology. Knowledge of vulnerability assessments of network and security devices Strong knowledge of open source and commercial tools, proficient in Kali Linux based tools Mandatory skill sets: VAPT, web application security testing, API security testing Preferred candidate profile Preferred skill sets: mobile security testing, DAST, penetration testing

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring a SAST, DAST Work Mode: Hybrid Locations: Bengaluru Experience: 3 -8 Years Notice Period: Immediate to 15 days Description: Roles and Responsibilities: Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications Perform threat modeling, evaluate application business logic, and perform application architecture reviews Ability to demonstrate application testing experience in real time via demos to both internal and external audiences Act independently in penetration testing engagements, with minimal oversight and guidance Act as a technical leader and mentor for junior engineers Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Qualifications: Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Key Responsibilities: Perform in-depth penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. Identify, exploit, and document security vulnerabilities across systems and provide remediation recommendations. Simulate sophisticated attacks to test the strength of security controls and identify potential areas of compromise. Collaborate with development, infra, and DevOps teams to integrate security into the development lifecycle and Infrastructure-as-Code (IaC) security. Develop comprehensive security test plans, methodologies, and tools to ensure effective assessment of systems. Create detailed reports that outline vulnerabilities, risks, and recommended mitigations. Perform threat modeling and risk assessments to prioritize testing efforts. Monitor network traffic for threats and respond to security incidents. Ensure security best practices in Cloud environments, security controls for cloud workloads, IAM policies, and network security. Monitor and respond to cloud security incidents using SIEM and cloud-native security tools. Integrate and automate security testing and compliance checks into CI/CD pipelines using tools like SAST, DAST, and IAST . Experience Range: 3 - 5 years Educational Qualifications: -B.Tech/B.E in Computers , -B.Tech/B.E in IT Job Responsibilities: Required Skills & Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field . 2-3 years of experience in cybersecurity with a focus on Penetration testing or Ethical Hacking , Application Security, Cloud Security, and DevSecOps . Experience with security tools such as Burp Suite, Metasploit, Nessus, Wireshark, SonarQube, AWS WAF, Google WAF, Kali Linux, and other vulnerability scanning tools, etc. Knowledge of SIEM , EDR , NIST, CIS, and OWASP security frameworks. Proficiency in scripting (Python, Bash, PowerShell) for security automation. Industry certifications like CEH, Security+, AWS/GCP Security, or any DevSecOps-related certification (preferred but not mandatory). Excellent written and verbal communication skills to effectively report vulnerabilities and collaborate with stakeholders.Qualifications: Bachelors degree in computer science . Skills Required: DevOps , Linux , PHP , Python

WE'RE HIRING!! Job Title: Security Testing Years of Experience: 2-10 Years Mandatory Skills: #SecurityTesting #PenetrationTesting #BlackboxTesting #VAPT #DAST #OWASP #Burpsuite #Api Location: Bangalore Mode of Work : Hybrid Mode of Interview: 2-3 Rounds (Final Discussion will be F2F as Mandatory) Notice Period -Immediate-15Days Kindly apply to the job if matches the requirement and also share the job posts for active job seeking applicants. Share your hashtag#CV to rabecca.p@twsol.com

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring an Associate Consultant_Penetration Testing_ Web Application Location: Bengaluru Work Mode: Hybrid; 2 days WFO Geography they support: US Shift Time: 12-9 PM Experience: 4 -9 Years Notice Period: Immediate to 15 days Requirements: Web Application Penetration Testing (Mandatory): Candidates must have strong experience in web application penetration testing. While a combination of web and mobile application testing is acceptable, their recent and primary experience should be focused on web applications. CSRF (Cross-Site Request Forgery) Boolean SQL Injection DOM XSS (Cross-Site Scripting) CSV Injection Coding and auditing expertise Mandatory technical & functional skills Minimum three years of recent experience in application penetration testing of APIs, web applications, or mobile applications Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx Bachelors degree from an accredited college/university or equivalent industry experience One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA Roles & responsibilities •Perform manual Application penetration testing against APIs (REST/SOAP), Web Applications, Mobile applications, and thick client applications •Perform threat modeling, evaluate application business logic, and perform application architecture reviews •Ability to demonstrate application testing experience in real time via demos to both internal and external audiences •Act independently in penetration testing engagements, with minimal oversight and guidance •Act as a technical leader and mentor for junior engineers •Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options •Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

Gist about our company: A leading venture capitalist (VC) in Silicon Valley commented that Evergent is a diamond in the rough. Evergent today manages over 560M+ user accounts in over 180+ countries on behalf of our customers. Globally Evergent is working with 5 of the top 10 carriers (AT&T, Etisalat, SingTel, Telkomsel, and AirTel) and 4 of the top 10 media companies (HBO, FOX, SONY and BBC). We are not surprised by the VC comment. We have done this with an amazing global team of 600+ professionals. Evergent is recognized as the global leader for Customer Lifecycle Management for launching new revenue streams without disturbing the inflexible legacy systems. The need for digital transformation in this subscription economy and our ability to launch services in weeks is what sets Evergent apart. We welcome you to come and meet with us. Job Title: Cloud & IT Security Analyst Location: Hyderabad Job duties include planning and implementing security measures to protect Evergent SaaS systems, Internal networks, and data Platform. Must have experience and be up-to-date on the latest Information Security intelligence, including hackers methodologies, to anticipate security breaches. You will be responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Roles and Responsibilities: Monitor and protect organizational cloud infrastructure and IT systems Conduct security assessments and vulnerability scans Conduct Pen Testing, DAST and SAST Analyze security logs and investigate potential threats Implement and maintain security controls and policies Manage cloud security configurations Respond to and mitigate security incidents Assist with annual Security Audits for PCI-DSS, SSAE18, GDPR and more Respond to Client RFP/RFI as it relates to Evergent Security Protect system by defining access privileges, control structures, and resources Recognize problems by identifying abnormalities; reporting violations Implement security improvements by assessing current situation; evaluating trends anticipating requirements . Required Skills: - Cloud platform knowledge (AWS, Azure, Google Cloud) - Cybersecurity principles Typical Certifications: - CompTIA Security+ - AWS Certified Security - Specialty Qualifications and Education Requirements: BE, B.Tech, M.Tech, MCA, or any Bachelor computer degree Preferred Skills: 4 to 8 years of experience in information technology or security Strong communications skills, both written and oral Organized, responsive and highly thorough problem solver Minimum Certification of Associate’s degree in Computers, Technology or related field Technical Knowledge: UNIX, AIX, Linux, Cisco Network IDS, Cisco Host-based IDS, eTrust Access Control, ESM, and IDS. DES encryption, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, mySQL, subversion, AntiVirus,..

Work Location- Gurugram(Sector-65) Mode- Hybrid Shift Timings- 10 AM IST to 7 PM IST Role & responsibilities Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand. Aligning with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritise, and remediate vulnerabilities in mobile and web applications across YUM! systems. These include e-commerce websites, e-commerce mobile apps, and restaurant operations apps. Leveraging established YUM! security services, review vulnerability scanner reports/results and work with application and/or engineering teams to communicate and address/remediate issues. This includes ensuring adherence to established remediation timelines, including recommending and monitoring remediation activities. Maintain the brands application security scan profiles and scan policies as per baseline standards across scanning tools for containers, SAST, DAST, and crowd sourced pen testing. This will include reviewing findings of security scans and on boarding new applications into scanning tools or services. Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management development standards. Continuously monitor published vulnerabilities for various applications, operating systems, and databases. Based on the publicly disclosed vulnerabilities determine the remediation priority and engage the stakeholders. Review the solution by re-scanning the disclosed vulnerabilities. (Familiar with OWASP Top 10, etc.) Conduct threat modelling exercises to identify potential risks at the design and architecture stages and provide guidance to development teams in secure design and best practices. Coordinate with incident response teams to contain, remediate, and perform root cause analysis on security incidents affecting applications. Preferred candidate profile Qualification and Experience Bachelor's degree and at least 6 years of experience in cyber security and/or software development. Additional years of relevant cyber security or development experience may be considered in lieu of bachelor's degree. Experience with reviewing application cyber security vulnerabilities for risk and relevance as well as in vulnerability mitigation/remediation planning, for identified vulnerabilities Able to successfully communicate with technical personnel and third parties. Knowledge of continuous integration and continuous delivery platforms Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes. Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc) Technical Qualification Knowledge of cloud environment topics including secrets management, infrastructure as code, and server less technologies Knowledge of CI/CD techniques and build/deployment pipeline technologies Knowledge of application scanning tools using both dynamic and static techniques Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments. Knowledge of HTTP communication Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum)

Skill required: Tech for Operations - Security Governance Designation: Security Delivery Associate Manager Qualifications: BE/Master of Engineering Years of Experience: 10 to 14 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA process of establishing and maintaining a security governance framework. Support management structure and processes to provide assurance that information security strategies are aligned with and support business objectives are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, metrics, reporting all in an effort to manage the risk and compliance requirements. What are we looking for Commitment to qualityExperience in research and developmentNegotiation skillsProblem-solving skillsRisk managementThe role demands Indepth knowledge in application security area. Candidate should have hands on experience in SAST, DAST, Penetration testing. DevSecOps and Software composition analysis are other areas where the candidate should have experience in.The role also demands capability of scripting using Python and other related required knowledge of database and networking.Certifications like CISSP, CCSP, CISM, CEH, ECSA etc. will be added advantage. Roles and Responsibilities: In this role you are required to do analysis and solving of moderately complex problems Typically creates new solutions, leveraging and, where needed, adapting existing methods and procedures The person requires understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor or team leads Generally interacts with peers and/or management levels at a client and/or within Accenture The person should require minimal guidance when determining methods and procedures on new assignments Decisions often impact the team in which they reside and occasionally impact other teams Individual would manage medium-small sized teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Qualification BE,Master of Engineering

Job Summary : We're looking for a skilled .NET Developer with a strong background in Security Testing (DAST) to design, develop, and test secure web applications. The ideal candidate will have expertise in identifying and mitigating security vulnerabilities using DAST tools and techniques. Responsibilities : - Design, develop, and test secure web applications using .NET framework - Conduct Dynamic Application Security Testing (DAST) to identify security vulnerabilities - Analyze and mitigate security risks using DAST tools and techniques - Collaborate with cross-functional teams to ensure secure coding practices - Develop and maintain security testing frameworks and tools - Stay up-to-date with emerging security threats and trends - Participate in code reviews and ensure adherence to security best practices - Develop and deliver training programs on security testing and secure coding practices Requirements : - 5+ years of experience in .NET development with a focus on security testing (DAST) - Strong expertise in .NET framework, C#, (link unavailable), and related technologies - In-depth knowledge of DAST tools and techniques, such as OWASP ZAP, Burp Suite, and SQLMap - Experience with security testing frameworks and tools, such as NMap, Nessus, and OpenVAS - Strong understanding of web application security risks and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) - Excellent problem-solving skills and attention to detail - Strong communication and collaboration skills - Experience with Agile development methodologies and version control systems, such as Git Nice to Have : - Experience with cloud-based security testing tools and platforms, such as AWS Security Hub and Google Cloud Security Command Center - Knowledge of containerization and orchestration technologies, such as Docker and Kubernetes - Experience with DevOps practices and tools, such as Jenkins, Puppet, and Ansible - Certification in security testing or related field, such as OSCP, CEH, or CISSP

Job Purpose As a Senior DevSecOps Engineer, you will be responsible for integrating security into the development, deployment, and maintenance of our software products, ensuring the highest standards of security and reliability. Key Activities / Outputs • Develop and implement security solutions throughout the software development lifecycle, from design to deployment and maintenance, using methodologies such as STRIDE, DREAD, CVSS, and the OWASP ASVS. • Work closely with developers, IT operations, and security governance and operations teams to ensure security is integrated into all aspects of the development pipeline. • Automate security processes and tools to enable continuous integration, continuous delivery, and continuous monitoring (CI/CD/CM) of applications and infrastructure. • Develop and implement metrics, reporting, and monitoring processes to track the effectiveness of DevSecOps practices, using tools like Dynatrace, ELK, Splunk, AWS CloudWatch and Sonatype Examples of metrics include vulnerability remediation times, security incidents, and code review coverage. • Establish a governance, review, and continuous improvement process for DevSecOps practices, ensuring alignment with organizational goals and industry best practices. • Perform risk assessments and threat modelling to identify potential vulnerabilities and provide recommendations for mitigation strategies. • Develop and enforce security policies and guidelines for application and infrastructure development, based on industry best practices and standards such as OWASP Top Ten, CWE/SANS Top 25, NIST SP 800-53, and OWASP ASVS. • Train and mentor developers in secure coding practices, emphasizing areas such as input validation, output encoding, and least privilege principles, as well as conducting regular security awareness sessions. • Conduct regular security audits, vulnerability assessments, and penetration tests to identify and remediate potential threats. • Stay current with industry trends, emerging threats, and best practices in DevSecOps to continuously improve our security posture. • Develop and maintain documentation related to security practices, policies, and procedures. Technical Skills or Knowledge Strong understanding of software development processes, CI/CD principles, and Agile methodologies, Expertise in various security frameworks, tools, and technologies such as OWASP, SAST, DAST, IAST, RASP, and familiarity with toolsets such as SonarQube, Veracode, Checkmarx, and Fortify, Proficient in scripting languages such as Python, Ruby, or Shell, Experience with containerization and orchestration technologies, such as Docker and Kubernetes, Familiarity with cloud platforms (AWS, Azure, GCP) and their respective security services and tools, Knowledge of networking protocols, firewalls, intrusion detection systems, and encryption technologies, Strong analytical, problem-solving, and communication skills, Software Development: This includes proficiency in programming languages such as Python, Java, JavaScript, or C#, as well as familiarity with software development methodologies like Agile or DevOps, Security Knowledge: They should be familiar with security frameworks such as OWASP (Open Web Application Security Project) and have experience in implementing security controls and practices within software development processes, DevOps Practices: This includes experience with continuous integration and continuous deployment (CI/CD) pipelines, configuration management tools like Ansible or Chef, containerization technologies such as Docker or Kubernetes, and infrastructure-as-code (IaC) tools like Terraform or CloudFormation, Security Tools and Technologies: This may include vulnerability scanning tools like Nessus or Qualys, security testing frameworks such as Burp Suite or ZAP, security information and event management (SIEM) tools like Splunk or ELK stack, and other relevant security tools, Cloud Computing: Experience with cloud security best practices, configuring and securing cloud resources, and managing cloud-based deployments is highly valuable Preferred Technical Skills (Would be advantageous) This position is a hybrid role based in Hyderabad which requires you to be in the office on a Tuesday, Wednesday and Thursday.

Role & responsibilities Project Management: Lead and manage multiple projects from inception to completion, ensuring timely delivery, budget adherence, and quality standards. Develop project plans, timelines, and resource allocation strategies. Coordinate with cross-functional teams including marketing, IT, and customer service to ensure seamless project execution. Technical Expertise: Work on .NET or JAVA-based applications, providing technical guidance and support. Implement and manage DevSecOps practices, integrating security into the CI/CD pipeline. Conduct security assessments, vulnerability scanning, and penetration testing. Develop and maintain security policies, procedures, and standards. Application Security: Monitor and respond to security incidents, conducting incident investigations and providing remediation plans. Implement and manage security tools and technologies such as DAST, SAST, and container security. Collaborate with development teams to ensure secure coding practices and perform code reviews.

Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH.

Dear Candidate, We are hiring a Cloud Security Specialist to secure cloud infrastructure and applications across AWS, Azure, or GCP. Ideal for professionals skilled in cloud-native security controls and monitoring. Key Responsibilities: Implement cloud security policies, IAM, and encryption Monitor cloud environments for threats and misconfigurations Conduct security assessments and remediation Collaborate with DevOps and compliance teams on secure deployments Required Skills & Qualifications: Experience with AWS, Azure, or GCP security services (e.g., GuardDuty, Security Center) Knowledge of network security, IAM, and cloud audit logs Familiarity with DevSecOps practices and IaC security scanning Bonus: Certifications like AWS Security Specialty, CCSP, or AZ-500 Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

What You'll Do. Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.. You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.. You will report to security leadership at Avalara. This is a remote position.. Job Responsibilities. What Your Responsibilities Will Be. You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.. Promote security by design across the organization, and help foster a security-first culture.. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.. What You’ll Need To Be Successful. Required Qualifications. 8+ years of experience in application security, secure software development, or security engineering.. Strong programming proficiency in Python and GoLang (hands-on).. Experience with secure SDLC practices and CI/CD pipeline integration.. Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.. Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.. Familiarity with Git, modern source control practices, and agile development methodologies.. Experience working with a broad range of security tools, including:. Tenable, Wiz (Cloud Security Posture Management). Checkmarx, Mend (SAST, SCA). Acunetix, Burp Suite (DAST). CrowdStrike (EDR/XDR). Bachelor's Degree in Computer Science, Engineering, or a related field.. Proven experience contributing to security automation efforts within a security organization like Avalara Security.. Experience with AI/ML tools and frameworks applied to application security or behavior analytics.. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.. Passion for enabling developer-friendly security solutions and maximum automation.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable. Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity. We are seeking an experienced Security Engineer with a strong background in DevOps, DevSecOps, and cloud infrastructure management. The ideal candidate will have hands-on expertise in AWS, GCP, Azure, and microservices architecture, combined with a deep understanding of security principles and best practices. You will be responsible for implementing and securing cloud-based environments, deploying infrastructure with automation tools, and ensuring that security is embedded throughout the development lifecycle. What youll be doing: Cloud Infrastructure & Security Architect and secure highly available, scalable, and fault-tolerant systems across AWS, GCP, and Azure environments. Design and implement cloud security solutions, focusing on compute, network, storage, content delivery, administration, and security. Implement security controls for Kubernetes clusters, containerized applications, and cloud-native services. DevOps & Automation: Leverage automation technologies (Ansible, Chef, Puppet, Jenkins, Docker) to manage infrastructure and deployment pipelines. Develop, deploy, and maintain infrastructure-as-code solutions with tools such as CloudFormation, Terraform, and AWS/GCP/Azure CLI. Enable CI/CD pipelines for secure application delivery while ensuring security is integrated into the build and deployment processes. Programming & Application Security: Implement and secure microservices architecture using tools such as AWS Lambda, Docker, Kubernetes, and serverless technologies. Develop and maintain secure, scalable applications using programming languages such as C++, C#, Java, and Python. Monitoring & Threat Detection: Continuously monitor cloud environments to identify and mitigate security threats and vulnerabilities. Conduct risk assessments and threat modeling for cloud applications and infrastructure. Use monitoring tools (e.g., AWS CloudWatch, GCP Stackdriver, Azure Monitor) to detect and respond to potential security incidents. Collaboration & Reporting: Collaborate with cross-functional teams including business leaders, engineers, and other security professionals to design and implement security solutions. Communicate security risks, mitigations, and incident reports to both technical and non-technical stakeholders. Produce detailed documentation of security policies, procedures, and technical implementations. Who you are: 3+ years of IT experience with a strong focus on DevOps, DevSecOps, and cloud security engineering. Strong hands-on experience with cloud platforms such as AWS, GCP, and Azure, and familiarity with their foundational services (e.g., EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, etc.). Strong experience in Kubernetes security controls is a must. CKA/ CKAD/ CKS preferred. In-depth knowledge of Kubernetes, microservices, container orchestration, and security controls. Experience designing, deploying, and securing cloud-native applications with a focus on scalability, high availability, and load balancing. CISSP (Certified Information Systems Security Professional) or equivalent industry-recognized security certifications. Or AWS Associate or higher certifications (e.g., AWS Certified Solutions Architect Associate). Or equivalent certifications would work Technical Skills : Expertise in implementing security best practices in cloud environments and DevOps pipelines. Familiarity with container security tools and methodologies. Strong analytical, troubleshooting, and problem-solving skills with the ability to quickly identify and address security threats. Excellent verbal and written communication skills to effectively engage with stakeholders at all levels. Strong teamwork orientation, collaborating with multidisciplinary teams to achieve organizational goals. Additional Requirements: Ability to work in a fast-paced environment and manage multiple tasks concurrently. A proactive approach to learning new technologies and staying up-to-date with industry trends in cloud security. FourKites is the #1 supply chain visibility platform in the world, extending visibility beyond transportation into yards, warehouses, stores and beyond. Tracking more than 2.5 million shipments daily across road, rail, ocean, air, parcel and courier, and reaching over 185 countries, FourKites combines real-time data and powerful machine learning to help companies digitize their end-to-end supply chains. More than 1,000 of the worlds most recognized brands including 9 of the top-10 CPG and 18 of the top-20 food and beverage companies trust FourKites to transform their business and create more agile, efficient and sustainable supply chains. Benefits Medical benefits start on the first day of employment 36 PTO days (Sick, Casual and Earned), five recharge days, two volunteer days Home Office setups and Technology reimbursement Lifestyle & Family benefits Ongoing learning & development opportunities (Professional development program, Toast Master club, etc.)

OPENTEXT OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. Your Impact: Fortify is the industry-leading provider of Application Security solutions that empower organizations to develop secure software. Fortify offers a comprehensive portfolio of application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Over 80% of security breaches exploit application vulnerabilities, and at Fortify, you will be at the forefront of one of the fastest-growing segments in the security market. Fortify is ranked market leader in Application Security by Gartner. What the roles offer: You drive the expansion of Fortify Aviator by creating more test cases for Fortify Aviator. A test case for Fortify Aviator is a Fortify SAST scan result, with added knowledge of whether this result is a true or false positive, why that is, and what should be done to remediate it. Fortify Scan results may be provided directly from the testing process. In other cases, youll scout for open-source code and scan this with Fortify. Regardless, you will need to do the auditing of the results. In those cases where relevant test code cant be found in the wild, youll need to write small test cases yourself (synthetic code) in a wide variety of languages. Youll work with the Fortify Aviator prompt engineers and help them to make Fortify Aviator predict your test cases correctly. Youll also work with product management, tool engineers, and Fortify SAST researchers. What you need to succeed: Bachelor's or Masters degree in computer science, Information Systems, or equivalent. At least 8+ years of experience in software development as a Security Champion Youre an expert in application security ( OWASP Top-10, CWE, secure coding practices, etc.) . Youve previously worked as a security champion, security auditor, or penetration tester. You have experience with at least one SAST tool, and dealing with false positives coming from such a tool. You know at least one programming language well. With Fortify supporting 33+ programming languages, its even more important that you are willing and able to learn the essentials of any programming language in an on-demand way. Strong communication and analytical skills Work independently, and deliver on expectations Data science or AI experience is desirable. Python experience is desirable.

1. Experience in the following process areas: Secure SDLC Methodologies for Waterfall/ Agile software development (Mandatory) Should be well-versed with Security best practices like OWASP and NIST guidelines (Mandatory) Ability to perform security review of microservices architecture, API Security (Mandatory) Hands on experience on Source Code reviews - SAST solution (Mandatory) Hands on experience on Dynamic Application Security Testing - DAST (Mandatory) Hands on experience in Software Composition Analysis - SCA (Mandatory) Hands on experience in performing Tech Stack Review -(Mandatory) Comfortable working in an environment that practices Agile development, engaging Product Owner and other stakeholders Good knowledge of Cloud platform/VMware Ability to identify vulnerabilities & threat actors in the application cycle and communicate effectively to the stake holders. Threat Modelling PASTA ,STRIDE etc (Good to Have) 2. Possesses ability to quickly understand the technical and functional aspects of the project to be able to communicate effectively with different stakeholders. 3. Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. 4. Ability to work effectively in a fast-paced, project-oriented environment 5. Ability to prioritize and execute tasks 6. Ability to handle sensitive and confidential information Strong analytical and problem-solving skills

Job Title: Security Tester/Security Test Engineer Location: Chennai/Hyderabad Mode: Hybrid Notice Period: Immediate/Currently Serving 6+ years of experience only (relevancy) Role Summary: This job is responsible for assisting in application security testing, including source code review, automating application security testing process and developing application security solutions to influence organizational efficiency and security. Assists in evaluating security risk assessments and presenting security information to workforce and management. Serves as a resource to the workforce regarding security-based questions and problems. ESSENTIAL RESPONSIBILITIES SAST & DAST Level 1 scan SAST & DAST Level 2 scans after getting approval/certification. Triaging of scan findings Document identified vulnerabilities from scans and review with application teams. Participate in peer reviews. Assist with API Security testing. Pull and complete non-testing related stories from the team backlog (Update documentation, complete research, POCs, process improvement items, documentation of automation components etc...) Collecting security requirements. Educational Qualification Any Degree Must Have 6 - 10 years of experience in Application Security testing Proficiency with Web application and API security testing process. Deep knowledge of Web technologies (i.e How web application works, Authentication, Authorization, HTTP Response & HTTP Request). Thorough understanding of SAST & DAST process. Experience in Burp suite/Acunetix/ Sonarqube or any other security testing tools. Proficiency in Vulnerability reporting process and Remediation process. Ability to handle meetings with Development team to share and explain about vulnerabilities and its remediations. Good to Have: Development experience using Java technologies. Knowledge of GIT, Eclipse, and experience in working with Agile methodology. Good written and verbal communication along with logical thinking and problem-solving abilities Ability to learn new things quickly. Always keen to learn about latest security risk. Any Certifications - Added Advantage

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast