870 Penetration Testing Jobs - Page 11

Job Title: VAPT Engineer (Bug Bounty Experience Preferred) Location: Ahmedabad, Gujarat (Only candidates from Ahmedabad will be considered) Job Description: We are seeking a passionate and skilled VAPT Engineer with a strong background in Bug Bounty programs and application security. The ideal candidate should be based in Ahmedabad and ready to contribute to our growing cybersecurity team. Key Responsibilities: Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile apps, APIs, and networks. Identify and exploit vulnerabilities, especially business logic flaws, using manual and automated tools. Actively contribute to bug bounty programs and utilize the same methodology in internal assessments. Analyze scan results, identify false positives, and provide accurate risk ratings. Prepare comprehensive technical reports , document findings, and suggest remediation measures. Collaborate with development and infrastructure teams for patch management and fixing identified vulnerabilities. Follow and apply security standards such as OWASP Top 10 , SANS , and industry best practices . Required Candidate Profile: Education: B.Tech / B.E. / BCA / BSc in Computer Science or Information Technology. Experience: Fresh graduates or up to 1 year of hands-on experience in VAPT or Bug Bounty (professional or personal). Practical exposure to bug bounty platforms like HackerOne , Bugcrowd , or similar. Certifications: OSCP or equivalent (preferred).

As a Product Security Architect (Software, Hardware/Firmware) , you will be responsible for ensuring the security, integrity, and confidentiality of the hardware, software systems and applications developed by Luminous. You will work closely with development teams, project managers, and other stakeholders to design, implement, and maintain robust security measures and best practices throughout the software development lifecycle. Your primary objective will be to identify potential security vulnerabilities, define security requirements, and implement effective solutions to safeguard sensitive data and protect against cyber threats. Qualification/ Personal Attributes Qualification Bachelors / Master s degree in Computer Science, Information Security or similar Experience 8-10 years of experience in software & firmware security (for Web application, Mobile App in IoT domain) Proven experience as a Software & firmware Security Architect or in a similar role. In-depth knowledge of software security principles, secure coding practices, Database security and common security vulnerabilities. Drafting polices related to product security. Expertise in Cloud Security Experience in DevSecOps Experience with security testing tools and methodologies, including static code analysis, dynamic analysis, and penetration testing. Strong understanding of authentication and authorization protocols (e.g., OAuth, SAML, JWT) and encryption techniques. Familiarity with compliance standards such as OWASP, ISO 27001, NIST, and PCI DSS. Proven experience as an IoT Security Architect or a similar role with a focus on IoT security. Solid understanding of IoT architectures, protocols, and technologies. In-depth knowledge of IoT security principles, secure design patterns, and common IoT vulnerabilities. Experience with IoT security frameworks and industry standards (e.g., IoT Security Foundation, IEC 62443, NIST SP 800-53). Familiarity with IoT device security features (e.g., hardware security modules, Trusted Platform Modules). Strong understanding of network security and encryption technologies Excellent communication and collaboration skills to work effectively with cross-functional teams. Relevant certifications such as CISSP, CSSLP, or CISM are a plus. Team handling experience (with Pen tester, Security analyst & DevSecOps engineer) Skills & Attributes Problem-solving skills with a sharp analytical mind Capability to collaborate with cross functional teams/3rd parties Understanding the business side of the application An ardent researcher of market trends and technology evaluation Job Description Responsibilities 1. Security Architecture Design: Develop and design the security architecture for software applications and systems, taking into consideration various factors like scalability, performance, and usability while ensuring robust security measures. Create and maintain security policies, standards, and guidelines for the development and deployment of software applications. 2. Threat Modeling and Risk Assessment: Perform threat modeling and risk assessments for software projects to identify potential security risks and vulnerabilities. Collaborate with cross-functional teams to prioritize and address security issues based on the severity of risks. 3. Secure Coding Practices: Advise development teams on secure coding practices and conduct code reviews to identify and rectify security flaws. Promote the adoption of security-related best practices and coding standards across the development teams. 4. Security Testing: Plan and oversee security testing activities, including penetration testing, vulnerability scanning, and code analysis. Plan and oversee security testing activities for IoT devices and applications, including penetration testing and vulnerability assessments. Analyze and interpret the results of security testing and work with the development teams to address identified issues. 5. Authentication and Authorization: Design and implement strong authentication and authorization mechanisms to control access to software applications and data. Integrate industry-standard authentication and authorization protocols into the software systems. 6. Encryption and Data Protection: Ensure the appropriate use of encryption techniques to protect sensitive data at rest and in transit. Implement data protection mechanisms to safeguard the confidentiality and integrity of data. 7. Incident Response and Security Monitoring: Collaborate with the incident response team to develop incident response plans and participate in security incident handling and investigations. Implement security monitoring solutions to detect and respond to security incidents proactively. 8. Compliance and Governance: Support compliance audits and assessments related to software security. Stay up-to-date with industry security trends, regulations, and best practices to ensure compliance with relevant security standards. 9. IoT Data Security: Establish data security and privacy measures for IoT data storage, transmission, and processing. Implement encryption and data access controls to safeguard sensitive data collected by IoT devices. 10. Network Security for IoT: Design and implement secure communication protocols for IoT networks, ensuring data confidentiality and integrity. Implement network segmentation and access controls to isolate and protect critical IoT components.

NAB is looking for Security Assurance Consultant to join our dynamic team and embark on a rewarding career journey Undertake short-term or long-term projects to address a variety of issues and needs Meet with management or appropriate staff to understand their requirements Use interviews, surveys etc. to collect necessary data Conduct situational and data analysis to identify and understand a problem or issue Present and explain findings to appropriate executives Provide advice or suggestions for improvement according to objectives Formulate plans to implement recommendations and overcome objections Arrange for or provide training to people affected by change Evaluate the situation periodically and make adjustments when needed Replenish knowledge of industry, products and field

As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems Develops secure and high-quality production code and reviews and debugs code written by others Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network Adds to team culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills Formal training or certification on security engineering concepts and 5+ years applied experience Skilled in planning, designing, and implementing enterprise level security solutions Hands on experience in Full stack Development with DotNet & React Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security Experience with threat modeling, discovery, vulnerability, and penetration testing In-depth knowledge of the financial services industry and their IT systems Preferred qualifications, capabilities, and skills Experience effectively communicating with senior business leaders

As Toku s Compliance and Privacy Officer, you'll lead privacy and security programs, ensuring adherence to regulatory standards like GDPR, SOC2, and ISO 27001. This pivotal role combines technical expertise and strategic project management to ensure regulatory adherence and data protection, shaping the future of compliance in the evolving crypto industry. What you'll do Oversee Privacy and Compliance Frameworks: Oversee GDPR compliance practices and drive certification efforts with TrustArc/eTrust, a leading privacy compliance governance certifier. Design and execute privacy and security programs and risk registers aligned with regulatory frameworks (eg, SOC2, GDPR, ISO 27001). Lead security and privacy program initiatives collaboratively across teams. Act as a point of contact for privacy-related inquiries and audits. Manage Security Protocols: Develop and implement security protocols to ensure data integrity and protection. Conduct system security audits and drive penetration testing. Define access control measures, encryption standards, and secure data transfer protocols. Technical Leadership: Lead vulnerability assessments and remediation strategies. Collaborate with engineering teams to integrate privacy-by-design and security-by-design principles. Develop Training Programs: Establish company-wide privacy and security training initiatives. Stay current with evolving regulations and security threats, adapting strategies accordingly. What we're looking for bachelors or masters degree. 4-8 years of experience driving security/privacy engineering, business practices, and programs in a fintech SaaS or HRIS/payroll platform. Proven track record managing GDPR, SOC2, or ISO 27001 implementations. Strong understanding of encryption, authentication, and network security. Familiarity with compliance management platforms like TrustArc or Drata. Excellent written and verbal communication skills with the ability to simplify complex ideas for diverse audiences. Certificates preferred Certified Information Systems Security Professional (CISSP). Certified Information Privacy Professional (CIPP/E, CIPP/US)ISO 27001. Lead Implementer certification. Why you'll love working at Toku Shape the future of the crypto compliance space during a pivotal regulatory moment. Work alongside innovative clients and highly engaged industry-leading investors. Join a fast-growing startup with a clear market need and a strong product-market fit. Competitive salary, equity, and remote-friendly work culture

Job_Description":" SecurityBoat is an offensive security firm that helps businesses build digital trust through advanced penetration testing, red teaming, and secure code reviews. As we scale across Europe and the US, we\u2019re looking for a Business Development Specialist who thrives at the intersection of strategic sales and client success. Own and drive inbound and outbound sales efforts across US & European markets Create and execute targeted outreach campaigns (email, LinkedIn, cold calls) Qualify leads, conduct discovery calls, and convert prospects into clients Manage and convert inbound leads from multiple channels Collaborate with the delivery team to ensure seamless onboarding and client satisfaction. Build long-term client relationships and identify upsell/cross-sell opportunities Maintain up-to-date and accurate records in CRM and sales tools Stay informed on industry trends, client needs, and competitive offerings. Requirements 1\u20134 years of experience in B2B IT or cybersecurity sales Proven track record of managing international clients (Europe/US preferred) Excellent verbal and written communication skills \u2014 clear, confident, and persuasive Strong grasp of the sales funnel, pipeline management, and deal closure Comfortable working with ICP frameworks and qualification models Ability to blend technical understanding with business value propositions Hands-on experience with CRM and outreach tools (Zoho CRM, Apollo, etc.) Preferred Background: MBA or business-related degree preferred A technical degree (CS/IT) is a strong advantage Prior experience selling offensive security services is a major plus Familiarity with penetration testing, red teaming, and secure code reviews is ideal. Benefits Skill Development: Access to ongoing training, mentorship, and skill enhancement programs. Career Advancement: Clear pathways for promotion and increased responsibilities within the company. Innovative Culture: Work in a collaborative setting that values innovation and continuous improvement. Cutting-Edge Projects: Engage with the latest technologies and solutions in the cybersecurity industry. International Clientele: Opportunity to work with clients across the US and European markets. Diverse Industry Experience: Exposure to various sectors, enhancing industry knowledge and versatility. ","

About ColorTokens: At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen but with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave : Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions. Join us in transforming cybersecurity. Learn more at www.colortokens.com. Our Culture We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world s impactful organizations be it a children s hospital, or a city, or the D fense department of an entire country. Job Description: Skills Required: Red Team Operations Certified, Red Team Ops Certified, OSCP, Offensive Security Certified Professional, MITRE ATT&CK, OPSEC, Operational Security Experience Range : 6-8 years Location: Bangalore Work mode: Work from Office (hybrid Key Responsibilities: Plan and execute red team exercises simulating real-world threat actor behaviors. Conduct comprehensive penetration tests on internal and external networks, applications (web, mobile, APIs), and cloud environments. Identify and exploit security flaws to assess the effectiveness of preventive and detective controls. Develop custom tools, scripts, and techniques to aid in assessments and evade detection. Collaborate with blue teams to improve detection and response capabilities. Prepare detailed reports outlining findings, proof-of-concepts, and recommended mitigations. Stay current on emerging threats, offensive tactics, tools, and vulnerabilities. Assist with purple teaming and adversary emulation exercises. Requirements: Bachelors degree in Cybersecurity, Computer Science, or related field (or equivalent experience). 6+ years of hands-on experience in red teaming, offensive security, Infrastructure web application, API, Cloud Pentesting. Proficient in tools such as Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, Active directory assessment, and custom scripting (Python, PowerShell, Bash). Strong understanding of MITRE ATT&CK framework, threat and adversary emulation. Knowledge of Windows and Linux internals, Active Directory, and cloud platforms (AWS/Azure/GCP). Familiarity with social engineering tactics and phishing and physically security (a plus). Having experience in creating documentations for services. Certifications (Preferred): OSCP (mandatory)CRTP , OSCE, OSEP, CRTE, GPEN, GXPN, or equivalent.

Perform reease tasks incuding buiding, depoying, troubeshooting using automation wherever appicabe. Manage Hyperscaers, AWS, GCP, Azure, and IBM Coud in terms of administration, and support. Create security focused poicies and processes in every part of the software ife cyce. Improve efficiency by continuousy reviewing and optimizing existing methodoogies. Expore new technoogies to improve toos and performance across a aspects of SRE and DevOps activities. Maintain pubic facing SaaS, and PaaS appications at scae. Understand security requirements, and contribute to procurement/renewa of ISO and SOC certifications. Participate in on-ca rotation, and work with geographicay distributed teams. Required education Bacheor's Degree Preferred education Master's Degree Required technica and professiona expertise 5+ years of experience. Hande a variety of infrastructure instaation and maintenance incuding Kubernetes, databases, CI/CD toos, and so on. Deep knowedge in at east one of the hyperscaers - AWS, GCP, Azure Mastery in buiding Java appications using Maven, Grade, and Jenkins or any other CI/CD too. Experience managing production environments (SaaS, PaaS). Strong knowedge in Web/Networking incuding Load Baancers, DNS, WAF, TLS Certificates, IDS/IPS, Penetration testing, DDOS, and others. Expertise in the container ecosystem incuding Docker, Kubernetes, Istio, ArgoCD. Command over ogging, monitoring, and anaytics toos/services such as Datadog, ELK stack, Prometheus, and Grafana. Famiiarity with at east one programming anguage, preferaby Python or Go. Linux administration and troubeshooting aong with scripting, and famiiarity with packaging is a pus. Preferred technica and professiona experience Experience in IBM Coud

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS) Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before, NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team Learn more about our award-winning workplace culture and get to know our A-Team at netspi,/careers, We are seeking an experienced professional with demonstrated technical depth and breadth in Web Application Penetration Testing as well as the soft skills to effectively communicate with executive and technical teams In this role, you'll have the ability to work alongside a world-class team using top-tier custom tools Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers, Responsibilities: Perform web and mobile application penetration tests Create and deliver penetration test reports to clients Collaborate with clients to create remediation strategies that will help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services Help define and document internal, technical, and service processes and procedures Contribute to the community through the development of tools, presentations, white papers, and blogs Minimum Qualifications: Bachelors degree or higher, preferred with a concentration in Computer Science, Engineering, Math, or IT, or equivalent experience Minimum of 2 yearsexperience with Application Security and/or Penetration Testing Familiarity with offensive and defensive IT concepts Knowledge of Linux and/or Windows administration Preferred Qualifications: Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C# Strong communication and writing skills GXPN, GPEN, OSCP, CISSP, GWAPT or similar certifications We are an equal employment opportunity employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law,

The Application Security Analyst reports directly to the team lead of Vulnerability Management and Applications Security. The role is responsible for identifying vulnerabilities and weaknesses in applications before they go live to reduce company's attack surface and supports the operational teams in the understanding of vulnerabilities. This position is responsible of the proper maintenance, configuration and governance of the solution used for scanning the target applications. This role requires constant communication with the operational teams and other stakeholders, supervision of the processes and making sure that the service quality is delivered with the highest standards. Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 3 years of experience in Applications Security scans, Vulnerability Management or related cyber security experience. Excellent verbal and written communication skills Excellent team player that demonstrates proactiveness Strong analytical and interpersonal communication skills, including the ability to communicate effectively Mandate Skills: Service-related expert knowledge Experienced in designing and implementing secure tests Secure configuration management techniques Knowledge of software quality assurance process Knowledge of secure software deployment methodologies and tools Ability to document technical concise and understandably Experience in the use of Application Security Testing tools Understanding of the attack surface and company security posture Knowledge in log analysis and troubleshooting of issues Advanced knowledge of application related vulnerabilities Cyber security and technical knowledge Experienced in discerning the protection needs (i.e., security controls) of information systems and networks Experienced in estimating specific operational impacts of cybersecurity incidents caused in applications Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Knowledge of cybersecurity principles and methods that apply to software development Consideration of laws, regulations, policies, and ethics (GDPR, etc.)

Role & responsibilities Main Priorities: Plan and execute VA/PT projects across digital assets. Identify, assess, and report vulnerabilities and risks. Collaborate with IT and development teams for remediation. Ensure compliance with cybersecurity standards (ISO 27001, NIST, GDPR). Provide regular updates and final reports to stakeholders. Drive continuous improvement in VA/PT processes. Preferred candidate profile Strong understanding of VA/PT methodologies and tools (e.g., Nessus, Metasploit, Burp Suite). Familiarity with operating systems, network protocols, and security frameworks. Knowledge of ISO 27001, NIST, GDPR compliance. Strong project management and documentation skills. Excellent communication, leadership, and problem-solving abilities.

Responsibilities: * Conduct penetration tests, vulnerability assessments & ethical hacking. * Implement OWASP top 10 principles & network NPT methodologies. * Monitor cybersecurity risks & respond to incidents.

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Primary Responsibilities: Writing clean, maintainable and testable code to develop software features Reproduce bugs, investigate root cause and develop fix Review code and offer technical support to fellow team members as needed Communicate effectively with technical and non-technical stakeholders Work closely with various teams that own Systems of Records or Sources of Truth to query, analyze, sanitize, and ingest their data into our knowledge graph Think critically to analyze data and gather insights that lead to high-value decisions that improve the security posture across the enterprise Stay updated with the latest technologies and industry trends to continuously improve the teams capabilities. Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Undergraduate degree in Computer Science, Engineering, or a related field, or equivalent experience Hands-on experience authoring highly performance SQL queries, working with a wide variety of databases including RDBMS as well as NoSQL databases Hands-on experience authoring scalable, high-performance APIs (REST) Hands-on experience with automated testing Experience with engineering projects hosted in public cloud AWS, Azure or GCP Solid proficiency in TypeScript Good understanding of CI/CD pipelines Ability to deal with ambiguity, changing and often conflicting priorities, to plan and execute while balancing timeliness, quality of deliverables Proven excellent problem-solving skills and a proactive, go-getter attitude Ability to work collaboratively with globally distributed teams in a fast-paced agile development environment and manage time effectively Preferred Qualifications: Experience with Apollo Server, GraphQL Experience with graph databases and Meilisearch or Elasticsearch Experience with Containers and Kubernetes Understanding of Network Security in cloud and on-prem hosting environments Points to note: Flexible to work in and overlap with teams in India as well as teams based on US (between 7 AM Central Time 11 AM Central Time) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone of every race, gender, sexuality, age, location and income deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission. #njp ##SSTech

Job Description Job Purpose An ICE IS Application Security Analyst is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management. Core Duties IS AppSec (Application Security) Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing. Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS. Secure Design Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases. Tool Management Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs. Developer Education Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities. Desirable Knowledge and Experience Software engineering experience in Java, C++, . NET and/or related languages Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments Experience designing solutions to integrate transparently with the CI/CD pipeline Familiar with application development in large cloud environments University degree in Computer Science, Engineering, MIS, CIS, or related discipline Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including: Documenting and effectively publishing technology guidance and repeatable processes Mentoring peers in groups and individually Improving processes and introducing superior technology Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

Qtech SoftwareCompany Our Solutions PartnersLet's Connect Qtech Software > Careers Careers Nurturing Talent. Creating Possibilities Nurturing Talent At Qtech software, we are invested in employee growth. We offer opportunities that help you explore the limits of your true potential. Our talent is proactively appreciated and developed. Open Door Policy We have an open-door policy and believe in a flat hierarchy. Inputs and feedback are welcome and we encourage a healthy amount of interaction with your seniors and peers. Global Exposure With clients in over 70+ countries, the scope of your achievements and projects is truly global. For those willing to go the extra mile our advancement trajectory is rapid. A young family. Qtech Software is a family of 180+ individuals. We are 19 years young and driven by a passion to digitally empower our customers and communities, transform.Specialized expertise Our teams include product and project managers, business analysts, quality assurance executives, UI & UX Specialists, developers, and testers. Together we offer bleeding-edge, end-to-end solutions for your business goals. Driven by whats next At Qtech we are inspired by the impossible! To solve fundamental real-world problems that remain unchallenged. Our creed Passionate for excellence, united by technology. Stories that Inspire Us Nitin journey at Qtech Software - Marathon of Multiple RolesA marathon of multiple roles Nitin Jain completed 12 years at Qtech Software. Read his amazing journey which involves travel to multiple countries & multi-faceted roles. Read moreVinay Shinde's Career journey ar Qtech SoftwareThe ride of a lifetime Vinay Shinde shares about his 12+ years at Qtech Software. Read this incredible story to find out more about team Qtech and Vinay's journey Read more Current Openings Cybersecurity AnalystConduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting Technical skills Using common vulnerability scanning and penetration testing tools, such as NMAP, NESSUS, SQLMAP, and Burp Suite Writing test plans Producing test data Secure code analysis Internal and external penetration testing Behavioral Skills: Ability to work under pressure Good communication skills, with the ability to explain technical issues in a non-technical way, verbally and in writing Influencing internal stakeholders and clients, including those with very different levels of technical knowledge Working to deadlines and prioritizing work appropriately Working independently while remaining part of a team self-discipline to stay strictly within the project scope

About the Role: We are looking for a dynamic driven information security professional to lead the information security at Voltmoney. This role is responsible for setting and executing the vision, strategy and program to protect all information assets and technologies within the organization. The ideal candidate will bring extensive expertise in cybersecurity, risk management and regulatory compliance, with a strong focus on the financial services sector. Having detailed knowledge of the certification process and RBI compliance guidelines would be a great fit for the role. Key Responsibilities: - Develop and implement comprehensive information security strategies, policies, standards, and procedures aligned with industry best practices and regulatory standards while working directly with CISO. - Lead the creation and maintenance of robust security controls to protect all information assets, including networks, systems, applications, and data. - Conduct regular risk and vulnerability assessments to identify and mitigate potential security threats. - Establish incident response and business continuity plans for effective recovery from security incidents or breaches. - Collaborate with IT, risk management, compliance, and legal teams to integrate security into all business processes. - Stay updated on emerging security threats, industry trends, and technologies, advising on best practices and innovations. - Oversee security awareness and training programs to ensure a culture of security throughout the organization. - Act as the primary liaison for internal and external stakeholders, including regulatory agencies, auditors, and vendors, on all security matters. - Regularly report to executive leadership and the board on the organizations information security posture and improvements. Qualifications: - Bachelors or Masters degree in Computer Science, Information Technology, Cybersecurity or a related discipline. - 2 to 4 years of experience in information security, preferably within the financial services sector. - In-depth understanding of security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, GDPR, and PCI DSS. - Strong knowledge of networking, systems architecture and cloud computing. - Demonstrated experience in risk assessment, penetration testing, and security audits. - Excellent communication skills to translate technical concepts for non-technical stakeholders. - Relevant certifications (e.g., CISSP, CISM, CRISC) are highly preferred. - Proven ability to lead security initiatives and deliver results in a dynamic environment. Benefits: - Competitive salary based on experience and qualifications. - Health insurance coverage for employees and dependents. - Professional development support, including certification and education opportunities. - This role is ideal for a cybersecurity leader passionate about developing and overseeing high-impact security programs in a fast-paced financial environment. ","

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

As an Offensive Security Consultant, you'll be reporting to a Vice President in our APAC Offensive Security team and deliver projects for some of the biggest enterprises in the world. You will perform various web application, API, mobile, and infrastructure penetration tests. You will also draft reports based on the assessment results and gathered evidence and help address client inquiries regarding these results. In addition to the execution of traditional security assessments, you will participate in their refinement and improvement. Below are the roles and responsibilities for the Consultant, Offensive Security role based in India: Day to day responsibilities Execute offensive security and consultative engagements for our clients applications, cloud assets, and infrastructure Author deliverables such as vulnerability reports and executive reports Engage with our clients to understand their requirements, update them on project status, answer their queries, and present your findings and recommendations Keep your skills and knowledge up to date with the latest trends in cybersecurity and emerging technology Willingness to work in EST Time zone Essential traits 2+ years in cybersecurity, with at least 1 year in penetration testing, cloud security, or red teaming A strong understanding of offensive security methodology and vulnerability frameworks such as the OWASP Top 10, MITRE ATT&CK, PTES, or others An ability to analyze root causes and deliver technological recommendations to our clients Prerequisites bachelors degree or college diploma in information security, computer science or engineering, software engineering, or IT/System/Network administration Excellent oral and written communication skills Experience working both as part of a team and independently

Job Description Responsibilities: Collaborate with engineering teams on architecting, implementing technologies, processes, and improvements around product security by performing threat models, penetrations tests, and sharing security expertise. Develop security testing plans to identify misconfigurations, vulnerabilities, and visibility shortfalls. Assist, mentor, and educate about internal secure development methodologies and CyberArk "Security Champions" program. Critical skills: 4+ years of experience working in the software development industry as a test engineer or an engineer with responsibilities relating to security. Background in Whitebox penetration testing. Bachelor s degree in Computer Science, Computer Information Systems, Software Engineering, or Mathematics or a related field, or its equivalent. Programming experience in one or more languages (Java, JavaScript, Python, Shell/BASH, C/C, C#). #LI-HK01 Qualifications Desirable skills: OSCP certification a huge plus. Experience with web application scanning tools (e.g. Static / Dynamic, Interactive, etc.) including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Sui

Hiring Security Engineers @ Fintech Product Company in Chennai Experience Range: 4 - 8 years Looking for candidates to join in less than or 30 days notice period. Experience Over 4 years of hands-on experience in designing and implementing robust security systems. Deep expertise in Linux and network security, with a thorough understanding of both at an architectural level. Strong foundational knowledge in security engineering, with proficiency in authentication protocols, security frameworks, and applied cryptography. Expertise in scripting using one or more languages such as Perl, Python, Go, or Shell, with a focus on automation and efficiency. A dedicated security professional, passionate about identifying and mitigating emerging threats, while continuously updating knowledge of evolving security technologies. Excellent interpersonal skills, capable of effectively communicating complex security concepts across various teams and departments. Desirable Skills Experience with leading cloud platforms like AWS, Google Cloud, or Azure. Proven experience in implementing and managing HIDS/NIDS, FIM, and SIEM solutions for enhanced security monitoring. Familiarity with directory services and single sign-on (SSO) solutions, improving organizational access control. Strong knowledge of vulnerability management, patch automation, and VA/PT (Vulnerability Assessment & Penetration Testing) methodologies. Understanding of key security standards such as ISO 27001 and PCI-DSS, providing compliance and best practices.