169 Dast Jobs - Page 4

What You'll Do. Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.. You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.. You will report to security leadership at Avalara. This is a remote position.. Job Responsibilities. What Your Responsibilities Will Be. You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.. Promote security by design across the organization, and help foster a security-first culture.. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.. What You’ll Need To Be Successful. Required Qualifications. 8+ years of experience in application security, secure software development, or security engineering.. Strong programming proficiency in Python and GoLang (hands-on).. Experience with secure SDLC practices and CI/CD pipeline integration.. Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.. Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.. Familiarity with Git, modern source control practices, and agile development methodologies.. Experience working with a broad range of security tools, including:. Tenable, Wiz (Cloud Security Posture Management). Checkmarx, Mend (SAST, SCA). Acunetix, Burp Suite (DAST). CrowdStrike (EDR/XDR). Bachelor's Degree in Computer Science, Engineering, or a related field.. Proven experience contributing to security automation efforts within a security organization like Avalara Security.. Experience with AI/ML tools and frameworks applied to application security or behavior analytics.. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.. Passion for enabling developer-friendly security solutions and maximum automation.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable. Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity. We are seeking an experienced Security Engineer with a strong background in DevOps, DevSecOps, and cloud infrastructure management. The ideal candidate will have hands-on expertise in AWS, GCP, Azure, and microservices architecture, combined with a deep understanding of security principles and best practices. You will be responsible for implementing and securing cloud-based environments, deploying infrastructure with automation tools, and ensuring that security is embedded throughout the development lifecycle. What youll be doing: Cloud Infrastructure & Security Architect and secure highly available, scalable, and fault-tolerant systems across AWS, GCP, and Azure environments. Design and implement cloud security solutions, focusing on compute, network, storage, content delivery, administration, and security. Implement security controls for Kubernetes clusters, containerized applications, and cloud-native services. DevOps & Automation: Leverage automation technologies (Ansible, Chef, Puppet, Jenkins, Docker) to manage infrastructure and deployment pipelines. Develop, deploy, and maintain infrastructure-as-code solutions with tools such as CloudFormation, Terraform, and AWS/GCP/Azure CLI. Enable CI/CD pipelines for secure application delivery while ensuring security is integrated into the build and deployment processes. Programming & Application Security: Implement and secure microservices architecture using tools such as AWS Lambda, Docker, Kubernetes, and serverless technologies. Develop and maintain secure, scalable applications using programming languages such as C++, C#, Java, and Python. Monitoring & Threat Detection: Continuously monitor cloud environments to identify and mitigate security threats and vulnerabilities. Conduct risk assessments and threat modeling for cloud applications and infrastructure. Use monitoring tools (e.g., AWS CloudWatch, GCP Stackdriver, Azure Monitor) to detect and respond to potential security incidents. Collaboration & Reporting: Collaborate with cross-functional teams including business leaders, engineers, and other security professionals to design and implement security solutions. Communicate security risks, mitigations, and incident reports to both technical and non-technical stakeholders. Produce detailed documentation of security policies, procedures, and technical implementations. Who you are: 3+ years of IT experience with a strong focus on DevOps, DevSecOps, and cloud security engineering. Strong hands-on experience with cloud platforms such as AWS, GCP, and Azure, and familiarity with their foundational services (e.g., EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, etc.). Strong experience in Kubernetes security controls is a must. CKA/ CKAD/ CKS preferred. In-depth knowledge of Kubernetes, microservices, container orchestration, and security controls. Experience designing, deploying, and securing cloud-native applications with a focus on scalability, high availability, and load balancing. CISSP (Certified Information Systems Security Professional) or equivalent industry-recognized security certifications. Or AWS Associate or higher certifications (e.g., AWS Certified Solutions Architect Associate). Or equivalent certifications would work Technical Skills : Expertise in implementing security best practices in cloud environments and DevOps pipelines. Familiarity with container security tools and methodologies. Strong analytical, troubleshooting, and problem-solving skills with the ability to quickly identify and address security threats. Excellent verbal and written communication skills to effectively engage with stakeholders at all levels. Strong teamwork orientation, collaborating with multidisciplinary teams to achieve organizational goals. Additional Requirements: Ability to work in a fast-paced environment and manage multiple tasks concurrently. A proactive approach to learning new technologies and staying up-to-date with industry trends in cloud security. FourKites is the #1 supply chain visibility platform in the world, extending visibility beyond transportation into yards, warehouses, stores and beyond. Tracking more than 2.5 million shipments daily across road, rail, ocean, air, parcel and courier, and reaching over 185 countries, FourKites combines real-time data and powerful machine learning to help companies digitize their end-to-end supply chains. More than 1,000 of the worlds most recognized brands including 9 of the top-10 CPG and 18 of the top-20 food and beverage companies trust FourKites to transform their business and create more agile, efficient and sustainable supply chains. Benefits Medical benefits start on the first day of employment 36 PTO days (Sick, Casual and Earned), five recharge days, two volunteer days Home Office setups and Technology reimbursement Lifestyle & Family benefits Ongoing learning & development opportunities (Professional development program, Toast Master club, etc.)

OPENTEXT OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. Your Impact: Fortify is the industry-leading provider of Application Security solutions that empower organizations to develop secure software. Fortify offers a comprehensive portfolio of application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Over 80% of security breaches exploit application vulnerabilities, and at Fortify, you will be at the forefront of one of the fastest-growing segments in the security market. Fortify is ranked market leader in Application Security by Gartner. What the roles offer: You drive the expansion of Fortify Aviator by creating more test cases for Fortify Aviator. A test case for Fortify Aviator is a Fortify SAST scan result, with added knowledge of whether this result is a true or false positive, why that is, and what should be done to remediate it. Fortify Scan results may be provided directly from the testing process. In other cases, youll scout for open-source code and scan this with Fortify. Regardless, you will need to do the auditing of the results. In those cases where relevant test code cant be found in the wild, youll need to write small test cases yourself (synthetic code) in a wide variety of languages. Youll work with the Fortify Aviator prompt engineers and help them to make Fortify Aviator predict your test cases correctly. Youll also work with product management, tool engineers, and Fortify SAST researchers. What you need to succeed: Bachelor's or Masters degree in computer science, Information Systems, or equivalent. At least 8+ years of experience in software development as a Security Champion Youre an expert in application security ( OWASP Top-10, CWE, secure coding practices, etc.) . Youve previously worked as a security champion, security auditor, or penetration tester. You have experience with at least one SAST tool, and dealing with false positives coming from such a tool. You know at least one programming language well. With Fortify supporting 33+ programming languages, its even more important that you are willing and able to learn the essentials of any programming language in an on-demand way. Strong communication and analytical skills Work independently, and deliver on expectations Data science or AI experience is desirable. Python experience is desirable.

1. Experience in the following process areas: Secure SDLC Methodologies for Waterfall/ Agile software development (Mandatory) Should be well-versed with Security best practices like OWASP and NIST guidelines (Mandatory) Ability to perform security review of microservices architecture, API Security (Mandatory) Hands on experience on Source Code reviews - SAST solution (Mandatory) Hands on experience on Dynamic Application Security Testing - DAST (Mandatory) Hands on experience in Software Composition Analysis - SCA (Mandatory) Hands on experience in performing Tech Stack Review -(Mandatory) Comfortable working in an environment that practices Agile development, engaging Product Owner and other stakeholders Good knowledge of Cloud platform/VMware Ability to identify vulnerabilities & threat actors in the application cycle and communicate effectively to the stake holders. Threat Modelling PASTA ,STRIDE etc (Good to Have) 2. Possesses ability to quickly understand the technical and functional aspects of the project to be able to communicate effectively with different stakeholders. 3. Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. 4. Ability to work effectively in a fast-paced, project-oriented environment 5. Ability to prioritize and execute tasks 6. Ability to handle sensitive and confidential information Strong analytical and problem-solving skills

Job Title: Security Tester/Security Test Engineer Location: Chennai/Hyderabad Mode: Hybrid Notice Period: Immediate/Currently Serving 6+ years of experience only (relevancy) Role Summary: This job is responsible for assisting in application security testing, including source code review, automating application security testing process and developing application security solutions to influence organizational efficiency and security. Assists in evaluating security risk assessments and presenting security information to workforce and management. Serves as a resource to the workforce regarding security-based questions and problems. ESSENTIAL RESPONSIBILITIES SAST & DAST Level 1 scan SAST & DAST Level 2 scans after getting approval/certification. Triaging of scan findings Document identified vulnerabilities from scans and review with application teams. Participate in peer reviews. Assist with API Security testing. Pull and complete non-testing related stories from the team backlog (Update documentation, complete research, POCs, process improvement items, documentation of automation components etc...) Collecting security requirements. Educational Qualification Any Degree Must Have 6 - 10 years of experience in Application Security testing Proficiency with Web application and API security testing process. Deep knowledge of Web technologies (i.e How web application works, Authentication, Authorization, HTTP Response & HTTP Request). Thorough understanding of SAST & DAST process. Experience in Burp suite/Acunetix/ Sonarqube or any other security testing tools. Proficiency in Vulnerability reporting process and Remediation process. Ability to handle meetings with Development team to share and explain about vulnerabilities and its remediations. Good to Have: Development experience using Java technologies. Knowledge of GIT, Eclipse, and experience in working with Agile methodology. Good written and verbal communication along with logical thinking and problem-solving abilities Ability to learn new things quickly. Always keen to learn about latest security risk. Any Certifications - Added Advantage

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 810 years of Overall experience in IT . 56 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelors degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering

Role & responsibilities Application Penetration testing Knowledge OWASP Vulnerabilities Experience with Secure Source Code Review using tools like Snyk , Checkmarx Experience with DAST tools like BrightSec Preferably having Development background and understanding of Multiple Coding language for Vulns eg .Net , Java, Python etc

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Primary Skills : Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cybersecurity, Security Configuration Review, Source Code Review Job Description: 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai Location: Bangalore/Chennai/Dubai Experience: 4-6 Years Thanks & Regards, Ankita Ghosh

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL

Role & responsibilities Collaborate with operations and engineering teams to implement and tune cloud-native security monitoring, tooling and reporting Define cloud security policies, standards, and best practices Design cloud-based network traffic flows to drive anomaly detection capability Mentor engineering and operations staff on unique cloud-based security controls Develop tools to improve cloud specific anomaly detection requirements Foster a culture of security by partnering with solutions architects to balance key performance and security Perform regular reviews of cloud infrastructure for security, and cloud best practices. Develop threat models to identify risks and prioritize improvements to our architecture. Drive the adoption of Authentication and Authorization reference architectures for managing cloud infrastructure. Educate peers on applying the latest cloud native technologies when developing new services, systems and applications. Contribute to a secure/compliant cloud-native service catalog Maintain Compliance across our Production, Development and Corporate systems hosted in the public clouds Collaborate with engineering and operations teams toward implementing controls and processes that address identified gaps Maintain and update documentation including network diagrams and security architecture plans and change control processes Preferred candidate profile

About Role: Were looking for an experienced Security Tester to evaluate and strengthen the security of web and mobile applications. The role involves identifying vulnerabilities, performing penetration tests, and working closely with development teams to resolve issues. Security Tester Web and Mobile Applications Position: Security Tester Location: Coimbatore /Karur Experience Required: 3+ years Employment Type: Full-time Key Responsibilities Perform security testing for web/mobile apps (Android/iOS) Conduct vulnerability scanning and manual penetration testing Work closely with development teams & QA teams to fix identified issues and ensure vulnerabilities are addressed. Analyse APIs and code (static/dynamic). Ensure OWASP Top 10 and Mobile Top 10 coverage. Prepare detailed reports with fixes and support secure coding practices. Develop and execute security test plans and test cases. Stay up to date with the latest security threats, tools, and methodologies. Participate in security incident response activities. Assist in secure coding best practices and training. Required Skills Knowledge of HTTP, cookies, sessions, tokens Tools: Burp Suite, ZAP, MobSF, Postman, Frida Familiarity with SAST/DAST tools (e.g., SonarQube, Checkmarx) Understanding of encryption, authentication, secure storage Scripting in Python, Bash Preferred Qualifications Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of experience in security testing or penetration testing. Certifications: CEH must to have. Strong understanding of application and network security concepts. Excellent problem-solving and analytical skills. Bonus Skills Secure DevOps & CI/CD pipeline awareness Cloud security basics (AWS, GCP, Azure) Reverse engineering for mobile apps Risk Analysis

We are looking for a skilled and motivated Vulnerability Management Engineer to join our team In this role, you will be responsible for assessing, tracking, and managing vulnerabilities in cloud and platform environments You will play a critical role in ensuring the security posture of applications and infrastructure, using various vulnerability management tools and processes Your responsibilities will include evaluating vulnerabilities, triaging risks, and ensuring proper remediation actions are taken to protect the organization's systems Responsibilities: Vulnerability Assessment: Assess the risk of CVEs (Common Vulnerabilities and Exposures) in the context of your environment and prioritize them based on risk Vulnerability Management Lifecycle: Triage the entire vulnerability management lifecycle, ensuring vulnerabilities are identified, tracked, and remediated in a timely manner Application Security Vulnerability Management: Manage and oversee the Application Security and Vulnerability Management product, including CSPM (Cloud Security Posture Management), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), Dependency Scans, and Secrets Scans Cloud Security Container Protection: Responsible for platform vulnerability management, including Cloud Security Posture Management and Container Workload Protection using Prisma Scanner Change Request Analysis: Evaluate change requests for e-commerce systems, assess security implications, and provide security recommendations Change Tracking: Track all feature changes, bug fixes, and release changes for each platform release to ensure no vulnerabilities are introduced CVE Tracking: Monitor and track CVEs, ensuring timely identification, prioritization, and assessment of vulnerabilities Component Identification: Identify and document components and systems impacted by proposed changes and their associated vulnerabilities Security Assessment Planning: Develop and implement security assessment plans for changes to ensure compliance with industry standards and best practices Vulnerability Scanning: Conduct regular vulnerability scans of infrastructure and source code, focusing on Kubernetes containerized apps, to identify and prioritize security risks Documentation: Maintain detailed and accurate records of vulnerability assessments, findings, remediation actions, and reporting for compliance purposes Security Tools: Experience with enterprise-grade vulnerability management tools like Prisma and Wiz is a plus Qualifications: Solid understanding of vulnerability management life cycle and risk assessment Experience with vulnerability scanning tools and platforms such as Prisma/Wiz Familiarity with Cloud Security Posture Management (CSPM), Container Workload Protection, SAST, DAST, and Dependency Scans Proven experience in security assessment, vulnerability remediation, and risk management Strong knowledge of CVE tracking and vulnerability prioritization techniques Knowledge of security best practices and compliance standards Excellent documentation, communication, and collaboration skills Past experience in operating enterprise-grade security vulnerability management tools is a plus

Look for immediate joiner. Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS) We should look for a candidate who has deep and diverse hands on exp in above skills Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent

Primary Skill: Azure DevOps, Jfrog Artifactory, SonarQ, DevSecOps(SAST & DAST), Azure native App Security Shift day Details: Day shift overlapping with EST (2PM-10:30PM) Location : Chennai, Bangalore, Hyderabad, Pune, Kolkata, NCR Technical Leadership & team management at Offshore: Technical Leadership: Provide guidance to ensure best practices and quality standard are maintained in deliverables. Understand Selective standards and help ensure eliverables meets and adhere to the standards. If standards are missing collaborate with the core team to build standards as needed/required Team Guidance: Lead and support DevOps engineers to achieve project goals. Team Management: Lead and coordinate offshore DevOps teams. Sprint Planning: Assist with offshore sprint planning, estimates, and timelines for the work aligned. Work Execution: Run stand-ups and manage work execution. Resource Optimization: Optimize team member capacity utilization. Risk Management: Identify and mitigate risks aligned to the work Documentation: Maintain detailed documentation of processes and projects Mature Offshore-Driven Operations and Operational capabilities : SOP Development: Create standard operating procedures for operational tasks. Communication: Establish clear channels with DevOps service consumers and stakeholders. Continuous Improvement: Encourage innovation and automation. SRE for key DevOps tooling: Build Site Reliability Engineering around DevOps platforms and tools. Build health checks for the key platforms. Keeping platforms/tooling evergreen. Report/track on tech currency Improve & automate operational onboarding - drive platform Self service capabilities for our end customer Collaboration and Coordination: Stakeholder Updates: Provide regular updates to stakeholders. Team Collaboration: Work with development, QA, and operations teams. Performance Tracking: Develop and monitor key performance indicators (KPIs).