209 Sast Jobs

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems . If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Job Opening is for multiple locations- Bangalore, Hyderabad, Trivandrum, Chennai, Pune Technical and Professional Requirements: Security testing with 3-10 years exp - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMSkills Required - Security Testing--Primary skills:Application Security,Application Security-Burpsuite,Application Security-Devsecops,Application Security-Ethical Hacking(CEH),Application Security-Nessus,Application Security-SSL(Secure Sockets Layer),Application Security-Threat Modeling,Application Security-Vulnerability Assessment/Penetration Testing,Application Security-Vulnerability Management,Application Security-Web Security,Application Security-Webservices Security,Security testing-Vulnerability testing,Technology-Application Security-Vulnerability Management-Qualys,Mobile Testing-Mobile Security Testing Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling Technology-Application Security-Ethical Hacking Technology-Application Security-Mobile Application Security Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Infrastructure Security-Secure Web Gateway-TrendMicro Interscan web security Virtual appliance

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology-Security Testing-Security Testing - ALL

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

As a Head of Quality Assurance at Commcise located in Bangalore, you will play a crucial role in managing testing activities to ensure the best user product experience. With 13-15 years of relevant experience, you will need to have an Engineering or IT Degree. Your strong expertise in software testing concepts and methodologies, along with excellent communication skills and technical aptitude, especially in automation, will be essential for this role. Your responsibilities will include having a deep understanding of capital markets, trading platforms, wealth management, and regulatory frameworks such as MiFID, SEC, SEBI, FCA. Experience with financial instruments and post-trade processes will also be necessary. You will be required to define and implement comprehensive testing strategies covering functional and non-functional testing, as well as developing test governance models and enforcing QA best practices. Your role will involve a strong grasp of programming concepts, coding standards, and test frameworks like Java, Python, and JavaScript. Expertise in test automation frameworks such as Selenium and Appium, as well as API testing and knowledge of connectivity protocols, will be advantageous. Understanding AI and Machine Learning applications in test automation and driving AI-driven automation initiatives will be part of your responsibilities. Experience in continuous testing within CI/CD pipelines, knowledge of infrastructure as code and cloud platforms, and familiarity with observability tools for real-time monitoring will also be required. You should have expertise in performance testing tools, security testing methodologies, and experience with resilience testing and chaos engineering. Strong leadership skills, team development abilities, and stakeholder management across various teams will be crucial in this role. Having an Agile mindset, leading Agile testing transformations, and implementing BDD/TDD practices will be part of your responsibilities. Strong strategic planning and execution skills, along with a willingness to be hands-on when required, will be essential for driving collaborative test strategies. This role offers an opportunity to work in a dynamic environment and contribute significantly to ensuring the quality and reliability of products in the financial technology industry.,

The role of an Application (software) Security Engineer is an entry-level, hands-on, engineering-focused position with the responsibility of fostering a Secure SDLC and secure by design approach and practice across all software engineering teams. You must possess a good combination of problem-solving and communication skills to effectively support the Application Security, InfoSec, and Software engineering teams. Your main responsibilities will include configuring and fine-tuning Application Security tests and vulnerability scans, integrating security testing into CI/CD pipelines, and collaborating with Senior Application Security engineers on Penetration tests set up and validation. Additionally, you will be expected to document and update processes and procedures, conduct research and consultations with colleagues, deliver secure software development training such as OWASP Top10, and collaborate with Security Analysts on software vulnerabilities and security issues. This will involve determining scope, severity, and potential impact of security issues, recommending next steps, and following through with risk treatment and mitigation. You will also be required to appropriately escalate issues to various teams and levels of authority within the organization. To qualify for this role, you must have a Bachelor's degree in a relevant business or technical discipline, along with a minimum of 3 years of relevant work experience. Demonstrated knowledge of application security concepts, best practices, and methods is essential, as well as experience with various application security tools including SAST, SCA, and DAST. Experience with Web Application security testing like Web Pentesting, Fuzzing, and Automated tests is also required. Ideally, you will also have experience securing cloud infrastructure and cloud applications, working knowledge of various architectures and design patterns, ability to code in at least one programming language (such as python, javascript, or go), familiarity with AWS native security tools, and knowledge of current and emerging security technologies and threats. Experience with threat analysis methodologies and tools, developer tools, project management, bug tracking systems, and integrating security tools into CI/CD pipelines would be considered advantageous for this role. This is a challenging yet rewarding opportunity for an individual with a passion for application security and a drive to contribute to the implementation of secure software practices within a dynamic organization.,

You are seeking a skilled SDET with a solid background in automation testing and proficiency in application security tools such as SAST and DAST. The ideal candidate will possess hands-on experience with Azure DevOps (ADO), Azure Load Testing, as well as familiarity with Selenium and JMeter. Your responsibilities will include developing and managing automated test scripts utilizing Selenium, integrating SAST and DAST tools into CI/CD workflows, and engaging with Azure DevOps pipelines for performance testing using Azure Load Testing and JMeter. Furthermore, you will collaborate with diverse teams to ensure the delivery of high-quality and secure applications, while also analyzing and resolving testing issues and furnishing detailed reports.,

The DevSecOps Security engineer will be responsible for enabling security testing services throughout the lifecycle of an application with the required processes and technologies. This includes cultivating a mindset of "secure by design" within the developer community, supporting driving automation via the application's CI/CD Pipeline, and supporting vulnerability remediation. The ideal candidate should have experience in Security testing activities such as SAST, DAST, Container Image scanning, and associated tools. A deep understanding of modern web application architectures including Microservices, SPAs, and APIs is essential. Experience with writing automation scripts, DevOps platforms like Tekton, CloudBuild, Github Actions, and cloud platforms such as GCP, Azure, or AWS is required. Good knowledge of Agile processes, AI/ML, and LLMs is also desired. Qualifications for this role include three or more years of experience in DevSecOps or Application Security Testing, along with an MCA or B.E/B.Tech (Computer Science/IT) or MS-IT degree from an accredited institution. DevSecOps or Application Security related certifications are preferred. Knowledge of Information Security Policies/Frameworks, being a self-starter, strong interpersonal skills, good communication and presentation skills, willingness to learn new technologies, and work flexible hours across time zones are necessary attributes. Position responsibilities involve defining policies and processes to support DevSecOps for the Enterprise, engaging early with developers in the software development lifecycle, identifying and implementing opportunities for automating security testing, facilitating the onboarding of applications into security tools, supporting application teams with vulnerability remediation, spreading awareness about application security and DevSecOps, working closely with security tool vendors, and producing necessary operational and vulnerability metrics for cyber and operations Leadership.,

As a Security Delivery Associate Manager at Accenture, you will be part of the Technology for Operations team, serving as a trusted advisor and partner to Accenture Operations. Your role will involve providing innovative and secure technologies to assist clients in building an intelligent operating model that drives exceptional results. Collaborating closely with the sales, offering, and delivery teams, you will identify and develop innovative solutions to meet client needs. Your responsibilities will include establishing and maintaining a security governance framework, supporting management structures and processes to ensure information security strategies align with business objectives and comply with relevant laws and regulations. By adhering to policies and internal controls, assigning responsibilities, defining metrics, and reporting, you will help manage risk and compliance requirements effectively. We are seeking a candidate with a commitment to quality, experience in research and development, strong negotiation skills, effective problem-solving abilities, and proficiency in risk management. The ideal candidate will possess in-depth knowledge in application security, hands-on experience in SAST, DAST, and penetration testing, as well as familiarity with DevSecOps and Software Composition Analysis. Additionally, expertise in scripting using Python, database knowledge, networking skills, and certifications such as CISSP, CCSP, CISM, CEH, and ECSA would be advantageous. In this role, you will analyze and resolve moderately complex problems, create new solutions by adapting existing methods and procedures, and align your work with the strategic direction set by senior management. Your primary interactions will be with your direct supervisor or team leads, as well as peers and management levels within Accenture and client organizations. You should be able to work independently on new assignments with minimal guidance, making decisions that impact your team and occasionally other teams. If in a leadership role, you may manage medium-sized teams or work efforts at a client or within Accenture. Please be aware that this position may involve working in rotational shifts.,

You are a skilled Lead GitLab Engineer responsible for managing and optimizing CI/CD pipelines, repository management, and DevOps workflows. Your deep expertise in using GitLab end-to-end will be crucial for this role. This position is based in Hyderabad. Your main responsibilities will include designing, developing, and maintaining automated build, test, and deployment pipelines in GitLab for all product lines and environments. You will collaborate with development teams to ensure successful deployments and implement and maintain the Git source control system. Developing and maintaining infrastructure as code, implementing Azure monitoring and alerting systems, and creating SOPs, security policies, and procedures will also be part of your role. You will be responsible for developing and maintaining documentation for all processes and should have knowledge of SAST and DAST tools. It would be beneficial to have knowledge of tools like Sonar Cube, SpotBugs, FindSecBug, and ZAP. Additionally, you will train and mentor other team members on DevOps best practices. To be successful in this role, you should have 8-11 years of experience in the Software Industry and DevOps. Deep understanding of DevOps concepts, repository setup and management with GIT and tools like BitBucket/SourceTree, hands-on knowledge of using Git commands, and GitLab practices are required. You should have in-depth expertise in Azure cloud infrastructure, Azure DevOps, AKS, and CI/CD. Proven ability to design containerized solutions using Docker and orchestration with Kubernetes, familiarity with monitoring and logging tools within the Azure ecosystem, and the ability to set up CI/CD pipelines including Maven for Java, Python, and ReactJS applications are essential. Experience with version control systems like GitLab, deployment methodologies, processes, and automation are also necessary. Non-technical/behavioral competencies required for this role include experience working with US-based clients in an onsite/offshore delivery model, strong verbal and written communication skills, technical articulation, listening, and presentation skills. Proven analytical and problem-solving skills, expertise in prioritization, time management, stakeholder management, being a quick learner, self-starter, proactive, and an effective team player are important traits for this position. Experience working under tight deadlines within a matrix organizational structure is also necessary.,

Conduct and participate in the regular governance calls with different stakeholders to enhance the public cloud security operations Management of security validations and exceptions raised on the public cloud infrastructure Drive the process implementation, enhancements and improvements on the Conduct regular governance with vulnerability and SOC teams to enhance the detection security posture on cloud Conduct risk assessments and security evaluations of public cloud applications/infrastructure in line with SGs framework/standards/guidelines Drive the pentest governance strategy, roll-out and remediations within its public cloud scope Drive the cloud native services non-compliance alert escalations, follow-up and reporting Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, secure by design processes) Enforce Group policies / standards and/or procedures / good security practices within its department. Develop and maintain process documentation, and reporting dashboards (KPIs, KRAs) Communicate risk and security recommendations to stakeholders Contribute to security audits support with artifacts (internal audit / regulators) within its scope To act as a security expert and point of contact on all the operational security and risk management activities Drive the remediation of critical vulnerabilities/alerts reported with vulnerability management team reported by CSPs Monitor and coordinate for timely closure of audit recommendations (internal / regulators), if necessary, intervene in support of operational teams. Review the security assessment and audit reports available from CSPs Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations. Prepare, update and review the major incident response plan with the CSPs and internal stakeholders Profile required 14+ years of experience in operational security and risk management, or related fields 8+ years of experience in public cloud security operations in Azure (Preferred) and AWS Strong understanding of cloud native security services on Azure and AWS Strong understanding of infrastructure application security architecture, compliance frameworks, and risk management principles Experience with infrastructure application security assessments, risk assessments, and security controls implementation Excellent analytical, problem-solving, and communication skills Familiarity with cloud security framework, tools, and technologies (e.g., CIS, OWASP, CNAPP, SOC, Infrastructure security, IAM, DevSecOps, DAST/SAST. NIST, CCM) Education Qualification and Certifications: o SC-100, CCSK, CEH or CPENT are mandatory o CCSP or CISSP (optional) Bachelors or master's in computer science/information technology/Information security (Mandatory)

Greetings, Hope you are doing well. We have an Opportunity for QA - Security Testing with our Reputed MNC company. So If you interested so kindly revert with your updated cv & below required details Experience- 3- 8 yrs Mode- Hybrid Location - Pune

Serko is a cutting-edge tech platform in global business travel & expense technology. When you join Serko, you become part of a team of passionate travellers and technologists bringing people together, using the world’s leading business travel marketplace. We are proud to be an equal opportunity employer. We embrace the richness of diversity, showing up authentically to create a positive impact. There's an exciting road ahead of us, where travel needs real, impactful change. With offices in New Zealand, Australia, North America, and China, we are thrilled to be expanding our global footprint, landing our new hub in Bengaluru, India. With a rapid growth plan in place for India, we’re hiring people from different backgrounds, experiences, abilities, and perspectives to help us build a world-class team and product. Requirements We are seeking an experienced and highly skilled Senior Security professional to join our fast moving and enthusiastic team at Serko. The ideal candidate will have a strong background in software engineering and DevSecOps, with a focus on integrating security practices throughout the software development lifecycle. This role involves leading security initiatives, managing risk, overseeing security operations, ensuring compliance, and providing detailed reporting to senior management. Serko has an inclusive, engaging and supportive culture and we need a motivated self-starter who can take the initiative without close supervision to deliver optimal security outcomes for the organisation. Someone who is eager to advance their professional career and play a crucial role in delivering effective security solutions, while collaborating closely with a highly skilled software engineering team that operates at pace. What you'll get to do Integrate Security Practices: Lead the integration of security practices into the DevOps lifecycle, ensuring security is embedded throughout the software development process. Collaborate with Teams: Work closely with development and operations teams to identify and mitigate security risks in software applications, infrastructure, and deployment pipelines. Security Automation: Implement and maintain security automation and orchestration tools to streamline security processes and improve overall security posture. Security Risk Management: Identify, assess, and manage security risks across the organisation. Develop and implement risk mitigation strategies and ensure that risk management practices are integrated into all aspects of the development and operations processes. Security Operations: Oversee day-to-day security operations, including monitoring, incident response, and threat intelligence. Develop and implement operational security strategies and assist with operational security management of the environment. Compliance: Ensure compliance with relevant security policies, as well as external regulations and standards, such as PCI-DSS, and SOC2 Reporting: Prepare and present detailed security reports to senior management, highlighting key risks, incidents, and mitigation strategies. Provide regular updates on the security posture of the organization. Security Awareness: Conduct security awareness campaigns and initiatives to educate staff on emerging threats and mitigation strategies. Emerging Technologies: Stay at the forefront of emerging security trends, technologies, and best practices, particularly in Azure security and DevSecOps domains. Security Tools: Evaluate and recommend new security tools, solutions, and technologies that enhance our security posture and streamline security operations. What you'll bring You will contribute through your expertise in: Experience: 5+ years of experience in a senior role focused on Security Operations, Risk Management, and Compliance, preferably within software engineering environments Security Knowledge: A deep understanding of security attack and defence methods. A demonstrable and hands on knowledge of ethical hacking tools and techniques would be highly beneficial. DevSecOps Tools: Proven experience with DevSecOps tools and services such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). Security Operations: Proven experience in managing Microsoft security products and services, including Azure Security Centre, Defender, Azure Active Directory, and Sentinel. Certifications: Relevant certifications such as CISSP or equivalent are preferred. Communication Skills: Excellent communication, presentation, and documentation skills. Team Collaboration: Ability to work collaboratively with cross-functional teams and lead security initiatives. Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Relevant certifications will be considered in lieu of a degree. Benefits At Serko we aim to create a place where people can come and do their best work. This means you’ll be operating in an environment with great tools and support to enable you to perform at the highest level of your abilities, producing high-quality, and delivering innovative and efficient results. Our people are fully engaged, continuously improving, and encouraged to make an impact. Some of the benefits of working at Serko are: A competitive base pay Discretionary incentive plan based on individual and company performance Focus on development: Access to a learning & development platform and opportunity for you to own your career pathways Family medical coverage, Meal coupons, Transport allowances, Mobile & Internet Reimbursement Flexible work policy Apply Hit the ‘apply’ button now, or explore more about what it’s like to work at Serko and all our global opportunities at www.Serko.com .

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Job Responsibilities: Conduct manual exploitation penetration testing , identifying vulnerabilities across various application types. Perform DAST (Dynamic Application Security Testing) for Web, API, and Thick Client applications. Execute SAST (Static Application Security Testing) , including secure code analysis and Software Composition Analysis (SCA). Apply strong Java coding skills to understand, analyze, and potentially exploit vulnerabilities, as well as assist with secure code development. Utilize security testing tools such as Fortify, BurpSuite Pro, Postman, and SOAP UI effectively in testing efforts. Work with Linux environments for security testing tasks. Engage in DevSecOps practices, integrating security into the CI/CD pipeline. Ensure adherence to security standards , particularly OWASP Top 10 scenarios, during all testing phases. Work within an onshore-offshore model , coordinating directly with customers. Facilitate effective stakeholder coordination to communicate findings and collaborate on remediation. Required Skills: Strong hands-on experience in Java coding skills . Expertise in manual exploitation penetration testing . Experience with DAST (Web, API, Thick Client) and SAST (Secure code analysis, SCA). Hands-on knowledge/experience with Linux and DevSecOps . Proficiency with Security Testing Tools (Fortify, BurpSuite Pro, Postman, SOAP UI, etc.). Understanding of Security Standards , especially OWASP Top 10 scenarios. Security Testing Certifications such as CEH or BurpSuite certified.

As a C#.NET Developer, you will collaborate closely with engineering teams and the Information Security group to ensure that client applications are developed with a strong focus on security. Your deep understanding of the OWASP Top 10 project and best practices for preventing vulnerabilities across various tech stacks will be crucial for success. You will play a key role in overseeing Static Application Security Testing (SAST) during the development lifecycle, ensuring proper remediation of reported vulnerabilities, and providing training to developers on vulnerability remediation. Implementing OWASP Application Security Verification Standards (ASVS) will also be part of your responsibilities. Additionally, you will serve as a role model for a small team and effective communication skills along with familiarity with DevOps pipelines are essential for this role. Your primary responsibilities will include shifting security left in the Software Development Life Cycle (SDLC) for different applications, providing guidelines, tools, and best practices for SAST, DAST, SCA, and RASP, offering guidance and coaching to teams on security remediation efforts, assisting teams in integrating security scans into their pipelines, ensuring dependency scans are part of the development process, delivering ongoing training on new application threats and remediation techniques, advising on OpenID Connect (OIDC) and OAuth2 best practices, helping engineering teams in planning long-term remediation solutions, collaborating with the Information Security team on prioritizing applications and vulnerabilities based on risk, and guiding teams on proper storage and retrieval of application secrets. The required skills and experience for this role include a minimum of 5 years of software development experience, expertise in SAST, DAST, SCA scans with primary skill set in C# .NET development, secondary skill set in Python or Java, some exposure to cloud platforms like Azure, AWS, or GCP, and familiarity with tools like Fortify on demand and Invicti Netsparker. While the exact compensation may vary based on factors such as skills, experience, and education, employees in this role will receive a comprehensive benefits package starting from day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan will begin after 90 days of employment. Additionally, employees will have access to paid sick leave and other paid time off benefits as mandated by the applicable law at the worksite location.,

Harness is a high-growth company that is disrupting the software delivery market. The mission at Harness is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely, and quickly. This not only increases customers" pace of innovation but also improves the developer experience. Harness offers solutions for every step of the software delivery lifecycle, including building, testing, securing, deploying, and managing reliability, feature flags, and cloud costs. The Harness Software Delivery Platform encompasses modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights, and is expanding rapidly. Led by technologist and entrepreneur Jyoti Bansal, who previously founded AppDynamics and sold it to Cisco for $3.7B, Harness is backed with $425M in venture financing from top-tier VC and strategic firms. Some of the notable backers include J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, and many others. **About The Role** Harness is seeking a Senior Product Manager to spearhead the strategy, roadmap, and delivery of the Traceable Application Security Testing module. The focus of this role is on developing cutting-edge solutions across SAST, Secrets Detection, Container Security, DAST, and API Security Testing. The Senior Product Manager will collaborate with engineering, customers, and cross-functional teams to launch products that enhance the security of modern applications at scale. **Key Responsibilities** - Own the vision, strategy, and roadmap for the Traceable AppSec Testing product line. - Define and prioritize features for SAST, Secrets Detection, Container Security, DAST, and API Security Testing. - Collaborate closely with engineering to ensure the delivery of high-quality, secure, and scalable products. - Engage directly with customers to grasp their security workflows, pain points, and priorities. - Work with marketing, sales, and support teams to orchestrate successful product launches and drive adoption. - Keep abreast of competitive trends and emerging threats to steer product direction. - Establish and measure success metrics while driving continuous improvement. **Required Qualifications** - 6-10 years of product management experience, with a focus on building and releasing enterprise security or developer products. - Profound understanding of DevSecOps practices and Application Security (AppSec), particularly in SAST, DAST, secrets detection, container security, and API security. - Demonstrated ability to shape product strategy and translate customer needs into actionable requirements. - Excellent communication, collaboration, and stakeholder management skills. - Experience collaborating with technical users such as developers, security engineers, and DevOps teams. **Preferred Qualifications** - Familiarity with CI/CD, cloud-native security, Kubernetes, or software supply chain security. - Background in software development or security engineering is a plus. **Work Location** The successful candidate for this role will be expected to be present in the Bangalore office three times a week. At Harness, you can expect: - Experience in building a transformative product - End-to-end ownership of your projects - Competitive salary - Comprehensive healthcare benefits - Flexible work schedule - Quarterly Harness TGIF-Off for four days - Paid Time Off and Parental Leave - Monthly, quarterly, and annual social and team building events - Monthly internet reimbursement **Harness In The News** - Harness Grabs a $150m Line of Credit - Welcome Split! - SF Business Times - 2024 - 100 Fastest-Growing Private Companies in the Bay Area - Forbes - 2024 America's Best Startup Employers - SF Business Times - 2024 Fastest Growing Private Companies Awards - Fast Co - 2024 100 Best Workplaces for Innovators *Note on Fraudulent Recruiting/Offers* If you suspect fraudulent recruiting attempts or have received unsolicited emails or messages claiming to be from Harness recruiters or hiring managers, please refrain from providing personal or financial information. Contact Harness immediately at security@harness.io. Further information on this type of scam can be found on the Federal Trade Commission's website. Alternatively, you can reach out to your local law enforcement agency.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The opportunity EY is looking for a Manager Technology Consulting/Software Architect. We are looking for a seasoned Software Architect with over 10+ years of hands-on experience in Full stack Application development, DevOps Platform tooling, and database development. The ideal candidate thrives in dynamic environments with aggressive project timelines. Strong proficiency in Full stack technologies preferably in Java, Angular and ReactJS, DevOps Platform tooling (CI/CD Toolchain like Jenkins, Maven, GitLab, Ansible, JMeter etc.). Key Responsibilities: - Managing a team of software developers to deliver high quality and robust web-based applications in a SaaS setup. - Attracting and retaining top talent and building capabilities within the team. - Effectively collaborating with key stakeholders including other managers/senior managers, product managers, platform, and operation teams. - Setting up technical standards and governance structure for the enterprise. - Providing technology architecture expertise and guidance across multiple business divisions & technology domains. - Assist business strategy and accordingly drive technology strategy from an architecture perspective. - Driving technology strategy from an architecture perspective, across a portfolio of applications, for resource optimization and risk mitigation. - Translating business requirements into specific system, application, or process designs, including working with business personnel and executives to identify functional requirements. - Define/maintain Target Architectures in Roadmaps. - Lead and/or assist efforts to scope and architect major change programs, leading strategic options analysis & proposing end-to-end solutions & highlighting trade-offs. - Review ongoing designs of major programs to identify strategic opportunities and resolve design issues during delivery. - Identify key technology enablers to optimize IT investment. - Develop highly complex solutions that exemplify quality optimization regarding reliability, availability, scalability, manageability, flexibility, usability/reusability, and high performance. - Lead other IT Architects to provide effective consulting on complex projects including RFP technical evaluations for various business domains. - Lead multifunctional teams in successful application of methodologies and architecture modeling tools. - As an architect, the person would be responsible for suggestion and implementation of new technologies. Collaborate with key stakeholders in Software development, IT infra domain, IT-vendors, and other architects to achieve enterprise business goals. Requirements: - BE/BTech in (Computer Science/Computer Science & Engineering/Information Technology/Software Engineering/Electronics & Communications Engineering or equivalent degree in relevant discipline) or MCA or MTech/MSc in (Computer Science/Information Technology/Electronic & Communications Engineering) from recognized University/Institute. - MBA as an additional qualification is preferred. - Minimum 10 years post basic qualification in IT field. - Minimum 5 years preferably in Data-centric organizations. - Working knowledge of Data warehouse and data lake architecture preferred. - Expertise in all or some of the technology like C++, Java, JavaScript, Type Scripts. - Expertise in SQL and ORM technologies like Hibernate and Spring Boot. - Expertise in UI/UX technologies preferably in Angular and ReactJS. - Working knowledge of Automation service provisioning and middleware configuration. - Working knowledge of REST-based microservices web application architecture is preferred. - Working knowledge of no-SQL databases like mongo, Casandra is preferred. - Experience in handling JSON, XML, CSV data through code is preferable. - DevOps Architectural knowledge is a must. - Expert/Professional level Certification in software architecture preferred. - Familiarity with agile software development methodologies. - Skills with RHEL and Windows Operating System. - Knowledge of Red Hat Ansible Automation Platform. - Familiar with security automation testing processes (e.g., SAST, DAST, etc.) and tools. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

Overview Skills :- Product Security, Devops, SCA, SAAS Platforms, SecDevops, SAST Location :- Hyderabad Shift Timing :- 2.00 pm -11.00 pm (IST) About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4500 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Role Overview We have an exciting opportunity for an Engineer, Product Security at our Hyderabad office. This role supports secure software development, risk mitigation, and product security best practices across automated platforms and infrastructure-as-code environments. The Product Security Engineer will perform vulnerability assessments, provide risk analysis, support incident response, and collaborate with development and DevOps teams to embed security into all stages of the product lifecycle. This role plays a vital part in enabling secure, scalable, and compliant services across Omnicom’s digital ecosystem. Responsibilities Assist in implementing secure software development standards and practices. Support integration of security measures into automated service platforms and infrastructure-as-code. Conduct regular security assessments and vulnerability scans for applications and infrastructure. Analyse and report on security risks and vulnerabilities; provide mitigation recommendations. Collaborate with the incident response team on investigations and real-time threat intelligence. Monitor and manage security tools to detect and respond to application and infrastructure threats. Continuously monitor cloud environments and SaaS platforms for emerging security threats. Work closely with development, QA, and IT teams to support secure software delivery. Prepare and present security metrics, reports, and summaries to Product Security Leads and stakeholders. Deliver security awareness training on secure software development and SecDevOps practices. Contribute to the maintenance of security documentation and internal guidelines. Qualifications 3-5 years of experience in cybersecurity, software engineering, or DevOps with a focus on product security. Familiarity with security assessment tools (e.g., SAST, DAST scanners) and CI/CD environments. Basic understanding of secure coding, cloud security, and infrastructure-as-code practices. Hands-on experience with tools such as GitHub, AWS, Terraform, Jenkins, Docker, etc. Understanding of IT governance frameworks (e.g., SDLC, ITIL) is a plus. Strong analytical, documentation, and troubleshooting capabilities. Bachelor's degree in Cybersecurity, Computer Science, IT, or related field. Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis Certifications such as Security+ or CEH are a plus. Preferred Qualifications AppSec depth (CSSLP, eWPT), Cloud specialization (AWS Security), Foundational credibility (Security+), and CEH are a plus. Experience with cloud security frameworks and zero trust architecture.

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether its medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable. Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity. We are seeking an experienced DevSecOps Engineer with a strong background in cloud security, infrastructure management, and secure software development. The ideal candidate will have extensive hands-on expertise across major cloud platforms, containerization technologies, and security frameworks. You will be responsible for architecting, implementing, and maintaining secure cloud environments while ensuring that security is seamlessly integrated throughout the development lifecycle. What youll be doing: Cloud Infrastructure & Security Architect and secure highly available, scalable, and fault-tolerant systems across AWS, GCP, and Azure environments Design and implement robust Layer 3/Layer 4 firewall solutions and network security controls Implement and manage intrusion detection systems (IDS) and intrusion prevention systems (IPS) Design and deploy container security strategies for Docker and Kubernetes environments Manage cloud security services including WAF, service mesh, and threat modeling Ensure 99.99% uptime while maintaining strong security posture DevOps & Automation Leverage automation technologies (Ansible, Chef, Puppet, Jenkins) to manage infrastructure and deployment pipelines Develop, deploy, and maintain infrastructure-as-code solutions using Terraform, CloudFormation, and cloud-specific CLIs Build and maintain secure CI/CD pipelines with integrated security testing Identify and implement open-source security tools as alternatives to commercial solutions without compromising reliability or performance Security Compliance & Auditing Ensure compliance with PCI-DSS requirements and prepare systems for PCI audits Participate in security assessments, including threat modeling and vulnerability scanning Document security controls and maintain evidence for compliance requirements Create and maintain security documentation and training materials API & Application Security Implement API security best practices including authentication, authorization, and rate limiting Troubleshoot and resolve SSL/TLS issues across various environments Perform security assessments of applications and APIs Develop secure coding guidelines and review processes Monitoring & Incident Response Lead incident response activities for security events Configure and maintain security monitoring solutions Develop automated security responses to common threats Conduct post-incident analysis and implement improvements Who you are: 7+ years of experience in DevOps, Security Engineering, or similar technical roles Strong hands-on experience with major cloud platforms (AWS, GCP, Azure) Deep understanding of network security concepts including Layer 3/Layer 4 firewalls Experience with intrusion detection systems (IDS) and intrusion prevention systems (IPS) Expertise in container security and Kubernetes security controls (CKA/CKAD/CKS preferred) Experience supporting systems requiring 99.99% uptime or higher Proven ability to implement open-source security tools as alternatives to commercial solutions Experience with PCI-DSS compliance requirements and audit processes Strong knowledge of API security implementation, including rate limiting and authentication Proficiency in troubleshooting SSL/TLS issues and certificate management Experience with infrastructure as code (Terraform, CloudFormation, etc.) Proficiency in at least one scripting/programming language (Python, Bash, Java, C#, etc.) Strong analytical, troubleshooting, and problem-solving skills Excellent communication skills to bridge technical and non-technical teams Proactive approach to identifying and mitigating security risks Ability to work in a fast-paced environment and manage multiple tasks concurrently Passion for continuous learning and staying current with security trends Preferred Qualifications: Security certifications (CISSP, CEH, AWS Security, PCI QSA) Cloud platform certifications (AWS Certified Solutions Architect, Azure Security Engineer, GCP Professional Cloud Security Engineer) Experience with other compliance frameworks (SOC2, ISO27001, NIST) Experience with security monitoring and SIEM tools Knowledge of zero-trust architecture principles Experience mentoring junior team members

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Required Skills & Experience: 6+ years of experience in DevSecOps, DevOps, or security engineering. Strong hands-on expertise with SAST tools (e.g., SonarQube, Fortify, Checkmarx). Deep knowledge of DAST tools (e.g., OWASP ZAP, Burp Suite, AppSpider). Experience with CI/CD tools : Jenkins, GitLab CI, Azure DevOps, GitHub Actions, etc. Proficient in container security (e.g., Docker, Kubernetes, image scanning). Experience of infrastructure as code (Terraform, Ansible, etc.) and secure cloud deployment. Experience with cloud security (AWS, Azure, or GCP). Strong scripting and automation skills (Python, Bash, etc.). Solid understanding of secure SDLC and OWASP Top 10

Software development support for Windows App Store and automated installation tooling. Responsibilities include creation and maintenance of automation policies for application deployments. Required education Bachelor's Degree Required technical and professional expertise 5+ years of experience in software development. 3+ years of working experience with JAVA/Python/JavaScript/C++ Knowledge with SQL Database implementations Knowledge of SAST/DAST/IAST vulnerability scanning tools such as Mend, SonarQube, Contrast, etc. Preferred technical and professional experience Experience in cloud technologies. Good Communication skills.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModellingAbility to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify