228 Sast Jobs - Page 3

Responsible for implementing the product build requirements & creating the installers Design and implement secure CI/CD pipelines that incorporate security checks at every stage, from code commit to deployment. Automate repetitive security tasks Required Candidate profile Demonstrable experience building and maintaining secure CI/CD pipelines. Knowledge of common security vulnerabilities, attack vectors, and mitigation techniques. Proficiency in Python/Shell

Note : 6 months contract with Vlink based on performance contract can be extended Roles & responsibilities Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Job Description:Mandatory technical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

About The Role Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. WM IT Risk and Security Manager o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. o Coordinate with APAC WM security actors, including India-based resources. o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. o Periodic reporting of security status to WM CISO APAC and WM Global CISO o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. o Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and Cloud security. o Identify the process gaps and provide solutions. Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets. o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider. Production Security Oversight (delegation on WM APAC scope) o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors o Reporting line to the WM GAIM Global CISO : alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products) DevSecOps : CI/CD toolchain knowledge of various tools o Source code management: sonarQuabe, bibucket, github/gitlab o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan) o Automation/orchestration: Ansible tower, Jenkins Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) Vulnerability Management o Nexpose, Nessus Ethical Hacking Knowledge o Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if required) Qualifications and Experience 10 years' experience in information security evaluation and design of technical architectures Functional as well as technical knowledge of the applications used within BNP Paribas Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies Team management experience is a must Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability to develop others & improve their skills Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Master Degree or equivalent

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

As a DevOps/SRE Engineer at Optum, a global organization dedicated to improving health outcomes through technology, your role will be pivotal in building and maintaining the cloud infrastructure to ensure reliability, scalability, and security of applications and services. You will work collaboratively with cross-functional teams to implement and automate CI/CD pipelines, manage cloud resources, and enhance development and deployment processes. Your responsibilities will include designing, implementing, and maintaining CI/CD pipelines using tools like Azure DevOps, Jenkins, and Git. Automating infrastructure provisioning and management through Ansible, Terraform, and Azure Cloud Native services will be a key aspect of your role. Collaboration with development teams to optimize application performance and scalability will also be crucial. Monitoring and alerting solutions using tools such as Dynatrace, Splunk, and Kibana will be part of your tasks. You will conduct security testing and vulnerability assessments utilizing SAST and DAST tools, troubleshoot and resolve production issues to ensure high availability and reliability of systems, and continuously enhance processes, tools, and infrastructure for increased efficiency. Staying abreast of industry trends and best practices in DevOps, SRE, and cloud technologies, identifying issues, recommending solutions, and complying with company policies and directives will be essential. The role requires a Bachelor's degree in Computer Science, Engineering, or related field, along with 3-6 years of experience in a similar role. Solid experience with Azure DevOps, Jenkins, Ansible, Terraform, Azure Cloud Native services, SAST and DAST tools, Git, Github, monitoring and logging tools, CI/CD pipelines, and automation workflows are necessary qualifications. Proven troubleshooting, communication, collaboration, and problem-solving skills are crucial. The ability to work both independently and in a team environment is also required. In this role, you will have the opportunity to make a significant impact on the communities served by advancing health equity on a global scale. Join us at Optum to contribute to caring, connecting, and growing together.,

As a Company Secretary within our organization, you will be responsible for various critical tasks to ensure seamless compliance and governance. Your role will encompass drafting agendas and minutes for board, committee, and general meetings. Additionally, you will play a key role in the preparation of the annual report, coordinating with other departments, and organizing virtual AGMs for our listed company. Your primary responsibilities will include managing LODR, SAST, and PIT related time and event-based compliances. This will involve filing board meeting intimations, TW closure intimations, investor call intimations, and quarterly and annual compliances. You will also handle ROC forms filing, including IEPF, DPT3, MSME, DIR3 KYC, AGM, AR, and BM related compliances. A strong understanding of corporate actions such as Buy-back, ESOPs, and dividends will be essential for this role. You will oversee overall compliance related to IEPF, including the transfer of unpaid dividends and corresponding shares. Expertise in the Companies Act, including rules and regulations, as well as RBI filings concerning FLA, APR, and other requirements, will be necessary. Furthermore, you will be responsible for subsidiary compliances, investor complaint handling, and coordination with RTA. Success in this position will involve meticulous attention to detail, a proactive approach to compliance, and effective communication with internal and external stakeholders. To qualify for this role, you must hold a degree in Company Secretaryship (LLB preferred) and have a minimum of 4 years of post-qualification experience in an NSE/BSE listed company. Candidates based in Mumbai will be given preference for this position. If you are a detail-oriented and experienced Company Secretary looking to make a meaningful impact in a dynamic organization, we encourage you to apply for this role and be a vital part of our compliance and governance team.,

Key Responsibilities: Hands on knowledge of Security testing methodologies like OWASP Top 10 SANS 25 etc Ability to perform automated and manual hands on penetration security testing e g DAST SAST and SCA identifying security risks within applications cloud infrastructure security controls and Network systems Experience with penetration testing tools e g Burp Extensive knowledge of attack payloads for discovering security vulnerabilities Plan execute and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web Thin and Thick Client Mobile and APIs Should have good and effective communication skills in English Oral and written Technical Requirements: The successful candidate must be highly motivated fast learner flexible willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements Exposure to scripting languages e g Shell Knowledge on DevSecOps Preferred Skills: Technology->Security Testing->Security Testing - ALL

Experience - 2-4 years Location - Bengaluru/Hyderabad Position Summary We are hiring a Security Analyst to support an enterprise-level initiative focused on identifying, triaging, and remediating exposed secrets across GitHub Enterprise code repositories. This role is part of a multi-location, cross-functional team delivering a secrets burndown strategy for one of the world's leading enterprise IT organizations. As a Security Analyst, you will play a key role in reviewing exposed credentials and other secrets detected in source control systems. You will help categorize findings, initiate remediation workflows, track resolution progress, and collaborate with both local and U.S.-based engineering and program leads. This role will include interaction with platforms like GitHub , ServiceNow , and potentially GitGuardian as part of a broader secrets governance program. This opportunity is ideal for an analyst with foundational security experience and interest in supporting DevSecOps initiatives in a global, enterprise-scale environment. Key Responsibilities Review alerts and reports of detected secrets within GitHub repositories (e.g., PATs, tokens, SSH keys, API secrets) Perform initial triage and categorization of findings to determine relevance, criticality, and action path Create, update, and manage tickets in ServiceNow or similar workflow platforms to support remediation tracking Coordinate with engineering teams to monitor remediation progress, identify blockers, and escalate unresolved items Support recurring reporting on secrets status, closure rates, and risk reduction over time Collaborate with both offshore and U.S.-based delivery leads to ensure consistent reporting and alignment with broader posture goals Document standard operating procedures, triage rules, and data handling guidelines for internal use Required Qualifications 24 years of experience in a security analyst, IT operations, or DevSecOps support role Familiarity with reviewing code repositories (e.g., GitHub, Azure DevOps) or similar developer tools Hands-on experience with ticketing systems such as ServiceNow , JIRA , or other incident/remediation platforms Ability to understand and categorize common credential types (API keys, SSH keys, tokens, etc.) Detail-oriented with strong documentation and organizational skills Clear and effective written and verbal communication in English Preferred Qualifications Experience working within a global team structure across U.S. and India time zones Exposure to GitHub Advanced Security , GitGuardian , or other secrets scanning tools Interest in enterprise security posture, DevSecOps practices, or compliance monitoring Familiarity with Prisma Cloud or posture visibility platforms is a plus Previous experience in consulting firms, large IT service organizations, or multinational enterprises Why Join Us? Be part of a globally distributed cybersecurity project making a measurable impact Collaborate with experienced engineering leads and program managers in a remote-first environment Gain exposure to high-demand platforms and tools such as GitHub, GitGuardian, and Prisma Cloud Contribute to an evolving DevSecOps capability with long-term career potential Join a supportive consultancy team with opportunities to grow in the enterprise security domain

Role Overview The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively. Key Responsibilities 1. SAST & SCA Strategy and Implementation Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications. Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, Black Duck) into CI/CD pipelines. Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities. 2. Vulnerability Management & Risk Mitigation Oversee the assessment, triage, and remediation of vulnerabilities identified through SAST & SCA scans. Establish risk-based prioritization for vulnerabilities, collaborating with development teams for timely fixes. Ensure compliance with industry standards (OWASP, NIST, ISO 27001, PCI-DSS) and internal security policies. 3. Collaboration & Stakeholder Management Work closely with development, DevOps, and security teams to promote secure coding practices Collaborate with third-party vendors for security tool management and support Present vulnerability trends, remediation progress, and risk insights to senior leadership and risk committees. 4. Governance, Training & Awareness Develop and enhance secure coding guidelines and best practices for development teams. Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices. Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs. Qualifications & Experience 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security**, with a strong focus on SAST and SCA. Deep understanding of secure SDLC, DevSecOps, and CI/CD integration. Hands-on experience with **SAST & SCA tools** (Fortify, Veracode, Checkmarx, Snyk, Black Duck, SonarQube, etc.) Strong knowledge of **secure coding practices**, vulnerability remediation, and risk management Comprehensive Experience with **programming languages** (Java, .NET, Python, JavaScript) and their security implications Able to write secure code Experience in **regulatory compliance** frameworks (OWASP Top 10, NIST, ISO 27001, PCI-DSS, RBI Guidelines) Strong leadership and stakeholder management skills Certifications preferred:** CISSP, OSWE, OSCP, CSSLP or any relevant security certification

Strong knowledge of ASP.NET Web Forms, Windows services, C# SQL Server 2008.Hands-on experience Azure DevOps, CICDworking with DevOps Net Framework 4.x and aboveWebAPI, WCF, Microsoft reporting tool (RDL) SSRSIIS SQL designDevSecOps tests: SAST, DAST

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards.Themanageroftheapplicationsecurityprogramwillberesponsible for - 1. To Integratesecuritytools,standards,andprocessesintothe productlifecycle(PLC). 2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatele velofsecurityknowledgetoperformtheir dailyactivities. 3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanal ysisandruntimetestingtools and securedevelopmentstandards. 4. Conduct and manage periodic penetration testing exercises through expert consulting, internal technology team, and managed services to identify the gaps and fulfill audit/ regulator requirements. 5. Create, Integrate and manage threat modelling process/ practices, following SSDLC and application framework. 6. Manage the secure configuration/ hardening guidelines and compliance. 7. Should create and manage application security KPIs. KRIs compliance reports and dashboards. 8. Should have strong hand-on experience of different tools, processes related to SAST, DAST, API Security and Threat Modelling. 9. Should take care of Infosec functions by coordinating with various stakeholders (App Team, Vendors, Auditors, Regulators). 10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST. 11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai) 12. Knowledge of Network and Data Security is a plus. Qualifications and Experience: 1. 8-10 years of hands-on experience in application security. 2. Strong understanding of application security best practices, frameworks, and security technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc. 3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Excellent communication, interpersonal, analytical and problem-solving skills. 6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

Job Role : DevOps Engineer Year Of Experience- 23 Years Location: Ghansoli Education: BE/ B.Tech Overview : Looking for a motivated and skilled DevSecOps Engineer with 23 years of hands-on experience in implementing DevSecOps practices, CI/CD pipelines, and integrating security into the development lifecycle. The ideal candidate will have working knowledge of Kubernetes (K8S), cloud platforms like GKE and AKS, and build/deployment automation tools including Azure DevOps and Jenkins. Experience with security scanning tools (SAST, DAST, Fortify, SonarQube) and scripting knowledge in Groovy, ANT, and JavaScript is essential. Job Role: Design, implement, and maintain secure and scalable CI/CD pipelines. Integrate security tools and processes into DevOps workflows (DevSecOps). Automate infrastructure and deployments using Azure DevOps and Jenkins. Deployment using On-Premises K8S clusters and Manage Kubernetes clusters - GKE and AKS. Deployment using Windows based servers - IIS Implement and maintain Static and Dynamic Application Security Testing (SAST/DAST) tools. Integrate and configure Fortify, SonarQube, and other security tools into pipelines. Write and maintain automation scripts using Groovy, ANT, and JavaScript. Collaborate with development, QA, and security teams to ensure secure software delivery. Conduct security assessments and remediations as part of the SDLC. Required Skills & Qualifications : Bachelor degree in Engineering or Equivalent. 23 years of hands-on experience in DevSecOps / DevOps. Strong knowledge and hands-on experience with: - Azure DevOps Pipelines and Jenkins for CI/CD. - Security tools: Fortify, SonarQube, Blackduck, DAST/SAST tools (e.g., OWASP ZAP, Burp Suite, etc.). - Kubernetes (K8s) with GKE and AKS. Proficiency in scripting languages such as Groovy, ANT, and JavaScript. Basic programming / scripting capabilities to automate security checks & workflows. Understanding of application security principles and best practices. Experience working in Agile and collaborative team environments. Excellent troubleshooting, documentation, and communication skills.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Dear Candidate, Greetings!! We are currently hiring for the Listing role, and the Job Description is provided below for your reference Processing and giving approval for preferential issue/Rights Issue/ Bonus/FCCBs/QIPs/Voluntary Delisting filed by listed entities while ensuring the following: Ensuring Compliance with SEBI Regulations and Exchange Checklist and guidelines Studying Valuation report in case same is applicable Meeting timelines specified by SEBI Regulations and Exchange Guidance Note Updating Exchange database post giving listing approval for shares etc. Responding to SEBI queries and providing Examination reports to SEBI Timely providing data to SEBI Preparing and presenting internal MIS Study existing systems and take initiatives for development including automation Leading Teams of different verticals. Preferred Skills: Working Experience in SEBI (ICDR) Regulations, SEBI (LODR) Regulations, SEBI (SAST) Regulations, SEBI(Delisting) Regulations, SEBI Master Circular on Schemes, Process for Preferential issue, Schemes, Stock Exchange Compliances, Study of Valuation Report.

Job Description: We are hiring a talented Software Engineer with deep expertise in static code analysis and SAST tools like Coverity for one of our prestigious clients. If you're enthusiastic about code quality, automation, and secure development practices, this is a fantastic opportunity to work on cutting-edge tech stacks. Responsibilities: Manage and integrate SAST tools (Coverity) into CI/CD pipelines. Analyze and interpret Coverity/Blackduck scan reports and defect types. Review and triage violations, offer remediation advice. Automate report generation and filtering using Python, Shell, or Groovy. Tune Coverity checkers, component mapping, suppression rules. Collaborate with dev teams to resolve issues and improve code quality. Optional: Deliver training on Coverity and SAST best practices. Required Skills: Proven experience with Coverity or similar tools (SonarQube, Helix QAC). Strong scripting skills: Python, Shell/Bash. Familiarity with CI/CD tools like Jenkins, Bitbucket. Solid understanding of Git workflows and SDLC. Proficient in reading/debugging C, C++ code (Embedded domain experience is a plus). Good communication and collaboration skills. Budget: As per market standards (Based on experience) Notice Period: Immediate to 30 days preferred

Job Tittle - Security Test Engineer Job Type: Full-time EXP 5+ Years Location - Gurgaon Roles & Responsibilities: Perform Security Assessments: Conduct various types of security testing, including: 1. Penetration Testing : Perform black-box, gray-box, and white-box penetration testing on web applications, APIs, mobile applications (iOS/Android), and network infrastructure. 2. Vulnerability Assessments : Utilize automated and manual techniques to identify security weaknesses. 3. Static Application Security Testing (SAST) : Analyze source code to identify potential vulnerabilities. 4. Dynamic Application Security Testing (DAST) : Test applications in a running state and vulnerabilities. 5. Interactive Application Security Testing (IAST) : Combine elements of SAST and DAST for comprehensive testing. 6. Configuration Reviews : Assess the security posture of various systems and applications. 7. Threat Modeling: Participate in threat modeling sessions to identify potential attack vectors and vulnerabilities early in the development lifecycle. 8. Vulnerability Management: Document identified vulnerabilities clearly and concisely, including steps to reproduce, impact, and severity. Communicate findings to development teams and stakeholders effectively. Track and manage vulnerabilities through their lifecycle, from discovery to remediation and retesting. Provide guidance and recommendations to development teams on remediation strategies. 9. Security Tooling & Automation : - Utilize and configure security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, Acunetix, Fortify, Checkmarx, Metasploit). - Develop and implement automated security tests and scripts to improve efficiency. - Stay up-to-date with the latest security testing tools, techniques, and best practices. 10. Collaboration & Communication: - Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC (Secure SDLC). - Educate and mentor developers on secure coding practices and common vulnerabilities. - Participate in security code reviews. - Present security findings and recommendations to technical and non-technical audiences. 11. Research & Development: - Stay informed about emerging security threats, attack vectors, and industry trends. - Contribute to the improvement of security testing methodologies and processes. Participate in security community activities, conferences, and training. Required Skills & Qualifications : - Education : Bachelor's degree in computer science, Information Security, or a related field (or equivalent practical experience). - Experience : Mid-Level: 3-6 years of experience in security testing, penetration testing, or application security. Senior Level: 6+ years of experience in security testing, leading penetration testing engagements and architecting secure solutions. Technical Skills : - Strong understanding of web application security vulnerabilities (e.g., OWASP Top 10, SANS Top 25). o Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit). - Experience with various operating systems (Linux, Windows). - Familiarity with scripting languages (e.g., Python, Ruby, PowerShell, Bash). Understanding of network protocols, firewalls, and intrusion detection/prevention systems. - Knowledge of secure coding principles and common programming languages (e.g., Java, Python, C#, JavaScript, Node.js). - Experience with cloud security (AWS, Azure, GCP) is a strong plus. Familiarity with CI/CD pipelines and integrating security into automated workflows. Soft Skills : - Excellent analytical and problem-solving skills. - Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical audiences. - Ability to work independently and as part of a team. - High attention to detail and a methodical approach to testing. - Curiosity and a strong desire to learn and stay current with security trends. Desired Certifications (Plus, but not required): OSCP OSWE CEH (Certified Ethical Hacker) CompTIA Security+ SANS certifications (e.g., GWEB, GWAPT, GPEN) CSSLP (Certified Secure Software Lifecycle Professional)

Key Responsibilities: Approx 5 years experience as a Security Architect Bachelor s degree in information technology security or similar Experience in providing security architecture support to a large development organization Information security credentials such as IGP CISSP or similar Well versed in cloud security on a generic level as well as AWS Secondary Skills SAST and DAST Solid diplomatic and communication skills in English The candidate will primary work with security assessments and as part of that also be able to provide guidance on how to close security gaps The candidate will also be part of shift left for assessments to automate and minimize the manyal work involved It is also expected that the candidate will assist in creating an assessment factory with a streamlined process for approaching assessments Preferred Skills: Technology->Enterprise Architecture->Data / Information Architecture

Skill required: Tech for Operations - Microsoft ASP.NET Designation: SW/App/Cloud Tech Support Sr Analyst Qualifications: Any Graduation Years of Experience: 5 to 8 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA platform to create dynamic and interactive Web applications using server-side scripting technology. What are we looking for Job SpecificationOverall Skills to manage & work on SQL & .Net technologies while working in collaborative and high-performance team environment.ResponsibilitiesFull Stack .net, MS SQL, LinQ, SQL Stored procedures, SSRSDev experience around 5+ yearsexperience with DAST/SAST vulnerabilities, scans, APIs etc. QualificationsExpertise & understanding in Full stack technologies with 5+years experience.Analytical, problem-solving skills.Strong empathy in understanding client needs/requirements.Communication and presentation skills.Representative behavior, client-facing experience.Strong team player with drive. Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Job Role : DevOps Engineer Year Of Experience- 2–3 Years Location: Ghansoli Education: BE/ B.Tech Overview : Looking for a motivated and skilled DevSecOps Engineer with 2–3 years of hands-on experience in implementing DevSecOps practices, CI/CD pipelines, and integrating security into the development lifecycle. The ideal candidate will have working knowledge of Kubernetes (K8S), cloud platforms like GKE and AKS, and build/deployment automation tools including Azure DevOps and Jenkins. Experience with security scanning tools (SAST, DAST, Fortify, SonarQube) and scripting knowledge in Groovy, ANT, and JavaScript is essential. Job Role: • Design, implement, and maintain secure and scalable CI/CD pipelines. • Integrate security tools and processes into DevOps workflows (DevSecOps). • Automate infrastructure and deployments using Azure DevOps and Jenkins. • Deployment using On-Premises K8S clusters and Manage Kubernetes clusters - GKE and AKS. • Deployment using Windows based servers - IIS • Implement and maintain Static and Dynamic Application Security Testing (SAST/DAST) tools. • Integrate and configure Fortify, SonarQube, and other security tools into pipelines. • Write and maintain automation scripts using Groovy, ANT, and JavaScript. • Collaborate with development, QA, and security teams to ensure secure software delivery. • Conduct security assessments and remediations as part of the SDLC. Required Skills & Qualifications : • Bachelor degree in Engineering or Equivalent. • 2–3 years of hands-on experience in DevSecOps / DevOps. • Strong knowledge and hands-on experience with: - Azure DevOps Pipelines and Jenkins for CI/CD. - Security tools: Fortify, SonarQube, Blackduck, DAST/SAST tools (e.g., OWASP ZAP, Burp Suite, etc.). - Kubernetes (K8s) – with GKE and AKS. • Proficiency in scripting languages such as Groovy, ANT, and JavaScript. • Basic programming / scripting capabilities to automate security checks & workflows. • Understanding of application security principles and best practices. • Experience working in Agile and collaborative team environments. • Excellent troubleshooting, documentation, and communication skills.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Bachelor's degree in Computer Science, Information Security, or a related field. 4+ years of experience in software development, with at least 3+ years specifically focused on application security or a security-centric development role. Strong proficiency in at least one major programming language Java J2EE preferred. In-depth understanding of web application security vulnerabilities and mitigation techniques. Experience with secure coding principles and practices. Familiarity with various security testing tools (SAST, DAST, SCA, penetration testing tools). Understanding of cryptographic principles and their appropriate application. Experience with cloud platforms (e.g., IBM Cloud, AWS, Azure, GCP) and cloud security best practices (e.g., IAM, network security, data encryption in cloud environments). Experience in a multi-tenant SaaS environment. Solid understanding of authentication and authorization mechanisms (e.g., OAuth, OpenID Connect, SAML, RBAC). Experience with Agile development methodologies. Excellent problem-solving skills and a proactive approach to identifying and addressing security risks. Required education Bachelor's Degree Required technical and professional expertise Bachelor's degree in Computer Science, Information Security, or a related field. 4+ years of experience in software development, with at least 3+ years specifically focused on application security or a security-centric development role. Strong proficiency in at least one major programming language Java J2EE preferred. In-depth understanding of web application security vulnerabilities and mitigation techniques. Experience with secure coding principles and practices. Familiarity with various security testing tools (SAST, DAST, SCA, penetration testing tools). Understanding of cryptographic principles and their appropriate application. Experience with cloud platforms (e.g., IBM Cloud, AWS, Azure, GCP) and cloud security best practices (e.g., IAM, network security, data encryption in cloud environments). Experience in a multi-tenant SaaS environment. Solid understanding of authentication and authorization mechanisms (e.g., OAuth, OpenID Connect, SAML, RBAC). Experience with Agile development methodologies. Excellent problem-solving skills and a proactive approach to identifying and addressing security risks. Preferred technical and professional experience Degree in Computer Science, , Engineering, or equivalent professional experience. An authority on Cloud Native Application architecture, Docker's and Microservices Working experience on Docker/Kubernetes, the DevOps, Micro services, RedHat OpenShift, Java J2EE Willing to lead and work on quick proof of concepts.

Work within the cybersecurity domain, focusing on automated security testing and enhancing the overall security posture Support the IKEA engineering community in building secure cloud infrastructure at scale Perform threat modeling and security risk assessments Ensure compliance with security standards such as GDPR, NIS2, ISO27000 Build and operate tools to monitor cloud environments and fix misconfigurations Provide expertise on infrastructure security and secure software development Use CI/CD practices to automate security testing tools such as SAST, SCA, IaC scanning, and container scanning Work in cloud-native environments, preferably on Google Cloud Platform or Azure Implement and secure REST APIs and manage API security Participate in security architecture and design reviews Collaborate with agile teams and contribute to continuous security improvement Engage in secure development practices across pipelines like GitHub Actions and Azure DevOps Leverage Kubernetes and infrastructure-as-code practices to support secure deployment Join the IKEA Cyber Security team with growth opportunities in skills and expertise

Your role Were hiring a Cybersecurity Architect to safeguard critical infrastructure! If you have expertise in Application Security,Cloud security , SAST,SCA, Cybersecurity compliance and threat modelling, apply now for Pan India locations . Join us in securing industrial environments Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure. You will support the engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. You will be a valued member of the team, providing sound perspectives on infrastructure security as well as secure software development. You will be part of the Cyber Security organization, with a lot of room to grow and develop your skills, knowledge, and experience. Your profile Experience in cloud native environments and preferably Google Cloud Platform or Azure& Cyber security complaince Experience utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc. Experience in working with REST APIs and API security. You have experience with threat modeling, security design reviews, and security architecture. Experience with CI/CD pipelines (preferably Github actions), Kubernetes and infrastructure-as-code is a plus.

Educational Bachelor of Engineering,Master Of Engineering Service Line Cyber Security Responsibilities Approx 5 years' experience as a Security Architect Bachelor's degree in information technology, security, or similar Experience in providing security architecture support to a large development organization Information security credentials such as IGP, CISSP or similar Well versed in cloud security on a generic level as well as AWSSecondary Skills: SAST and DASTSolid diplomatic and communication skills in EnglishThe candidate will primary work with security assessments and as part of that also be able to provide guidance on how to close security gaps The candidate will also be part of "shift left" for assessments to automate and minimize the manyal work involved It is also expected that the candidate will assist in creating an assessment " factory" with a streamlined process for approaching assessments Preferred Skills: Technology-Enterprise Architecture-Data / Information Architecture