13 Ssdlc Jobs

As an Associate Software Engineer at SmartBear, you will play a crucial role in the transformation of QMetry Test Management for Jira. You will be tasked with solving complex business problems and developing highly scalable applications that offer exceptional user experiences. Working under the guidance of the Lead Engineer, you will design, document, and implement new systems in Java 17/21, while adhering to security and Java best practices. Your responsibilities will include developing backend services and REST APIs using Java, Spring Boot, and JSON, as well as creating new products, writing code as per product requirements, and contributing to automated and system testing. You will collaborate with both technical and business stakeholders to ensure the delivery of high-quality products that meet business requirements. Additionally, you will be involved in developing scalable real-time low-latency data egress/ingress solutions in an agile environment. The ideal candidate for this role should have 2-4 years of experience working with Java 17 platform or higher and possess a Bachelor's Degree in Computer Science, Computer Engineering, or a related technical field. Proficiency in API-driven development, OOPs, Java, Spring Framework, and JPA is required. Experience with relational databases such as MySQL, PostgreSQL, MSSQL, Oracle, and familiarity with AWS services, Docker, GitHub, and Agile methodologies are desirable. Prior exposure to Atlassian suite of Products and SCRUM environment is a plus. Joining the SmartBear team offers you the opportunity to grow your career at every level. We value your success and provide collaborative workspaces where teams can work, innovate, and enjoy. Our culture celebrates individuality and diversity, and we believe that embracing differences leads to better outcomes. SmartBear is dedicated to ethical corporate practices, social responsibility, and making a positive impact in the communities we serve. If you are looking to be part of a dynamic team driving innovation in software development, SmartBear could be the perfect fit for you. Explore the possibilities with us and contribute to building great software solutions that empower developers, testers, and software engineers worldwide.,

As a Senior Information Security Engineer at Mastercard, you will play a crucial role in contributing to and maintaining reusable security requirements for software engineering teams. Your passion for cybersecurity, coupled with a broad knowledge and experience in various security domains, will be essential in ensuring the security and integrity of Mastercard's systems. In this role, you will have the opportunity to collaborate with cross-functional teams, create and maintain documentation, and provide security architecture advice to help design applications and services following industry best practices. Your responsibilities will include developing, delivering, and maintaining reusable security requirements, as well as creating documentation, procedures, and analytics related to these requirements. You will work closely with development and operational teams to ensure that security requirements are understood and incorporated efficiently. Additionally, you will conduct security reviews and threat modeling for Mastercard applications, demonstrating a strong understanding of information security principles, theories, and concepts. The ideal candidate for this position should have knowledge of information security, risk management, and data privacy in the domain of digital commerce. You should possess a good understanding of identity management, user authentication, and authorization principles, along with experience in implementing secure software development lifecycle practices at scale. Experience in designing secure multi-domain Internet-facing applications, providing security architecture advice for web-based network environments, and knowledge of mobile security architecture concepts are highly valued. Furthermore, familiarity with cryptography, experience with enterprise programming languages such as Java, and technical expertise in Linux will be advantageous. Your ability to communicate effectively with diverse audiences, translate security and risk management terminology into business terms, and recommend alternative solutions to stakeholders will be critical in this role. As a Senior Information Security Engineer at Mastercard, you are expected to abide by the company's security policies and practices, ensuring the confidentiality and integrity of the information being accessed. You must report any suspected information security violation or breach and complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. By joining the Business Security Engineering Guild, you will be part of a team dedicated to keeping Mastercard safe and secure from cyber and physical threats, contributing to a sustainable world that unlocks priceless possibilities for all.,

As an Associate Software Engineer III at SmartBear, you will play a key role in solving challenging business problems and building highly scalable applications that offer exceptional user experiences. Reporting to the Lead Engineer, you will be responsible for developing solutions using the latest tools and technologies, participating in problem resolution, and effectively communicating status, issues, and risks in a timely manner. Your primary responsibilities will include designing, documenting, and implementing new systems in Java 17/21, developing backend services and REST APIs using Java, Spring Boot, and JSON, and contributing to system testing and agile development processes. You will collaborate with both business and technical stakeholders to deliver high-quality products and services that meet business requirements while staying abreast of the latest technologies. To be successful in this role, you should have 2-4 years of experience working with Java 17 platform or higher, a Bachelor's Degree in Computer Science, Computer Engineering, or a related field, and a solid understanding of API-driven development, OOPs, Java, Spring Framework, and JPA. Experience with relational databases, AWS services, Atlassian suite of products, and Agile methodologies is highly desirable. At SmartBear, we offer a supportive environment where you can grow your career at every level. We value your success and well-being, and we encourage a healthy work-life balance by celebrating our team members and promoting a culture of inclusivity and diversity. Join us in making our technology-driven world a better place and be part of a team that is committed to ethical practices and social responsibility. SmartBear is headquartered in Somerville, MA, with offices worldwide, including locations in Ireland, the UK, Poland, and India. Our dedication to innovation and excellence has earned us prestigious industry awards, and we take pride in creating a workplace where every individual's unique experiences and perspectives contribute to our collective success.,

We are seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for conducting SSDLC security assessments, integrating security throughout the software development lifecycle, and ensuring that applications meet the highest security standards before deployment. Your key responsibilities will include conducting internal and third-party SSDLC risk assessments on critical assets and processes, coordinating with project teams to enforce security frameworks in all phases of the SSDLC, and preparing security effectiveness reports for management. You will also be tasked with performing SSDLC assessments aligning with security practices, ensuring that new applications undergo SSDLC assessments before induction into data centers, and defining and enhancing application security requirements for agile development and traditional architectures. Additionally, you will assist DevSecOps teams in creating secure CI/CD pipeline processes, follow up on and escalate closure of identified security gaps, and contribute to standardizing application security tools and methodologies. The ideal candidate should have at least 6 years of experience in Information Security with a focus on application and software security, along with 4 years of experience in software development lifecycle security reviews. You should also possess expertise in architecture reviews, software design reviews, threat modelling, and design flaw assessments, as well as hands-on experience with SAST, DAST, SCA, IAST, RASP, and other application analysis tools. Familiarity with OWASP, SANS, ISACA, NIST, IETF best practices is required, and the ability to develop detailed security frameworks for developers to integrate into the SDLC is essential. Preferred certifications include CISSP, CSSLP, Cloud Security Certifications, and DevSecOps Automation Certifications. If you meet these qualifications and are passionate about enhancing application security, we encourage you to apply for this position.,

As a Vulnerability Analyst I at our company, you will be part of the Vulnerability Management team, which consists of skilled professionals dedicated to conducting security testing of Mastercard applications and networks. Your role involves hands-on application security testing, collaborating with a diverse team, and ensuring all security tests are conducted within the established framework. Your responsibilities will include conducting security tests on web and mobile applications, using appropriate test cases and tools, providing guidance to development teams on identified vulnerabilities, and implementing improvements in the security testing domain. You will also coordinate with application development teams, work with a global team, and ensure a seamless testing and reporting experience. To excel in this role, you should have a proven track record in application security testing, possess strong communication and collaboration skills, and demonstrate problem-solving abilities. It is essential to be familiar with the full scope of Secure Software Development Life Cycle (S-SDLC) and hold certifications such as OSCP or SANS GMOB, ESCA, or equivalent. Experience in Cloud-based application testing or Bug Bounty programs will be advantageous. As part of our corporate security responsibility, you are expected to adhere to Mastercard's security policies, maintain the confidentiality and integrity of accessed information, report any security violations, and participate in mandatory security trainings. Join us in our mission to create a sustainable world that unlocks endless possibilities across the globe.,

Educational Bachelor of Engineering Service Line Quality Responsibilities In this role, you will help architect, deploy security solutions, tools for Application, DevSecOps & SSDLC, and Public Cloud Security. You need to learn about Infosys business initiatives, products and business needs to drive clients' security projects. Develop technical solutions and advisesecurity controls to mitigate security vulnerabilities. Partner with Security Engineers, Architects, and clients to drive security initiatives in technology and policy governance. Technical and Professional : Azure, AWS, GCP, Sentinel, GRC, Threat Analyst, NIST, MITRE ATT&CK, SOC2, ISO27001, ISO27002, Identity, Access management, Security Engineering, Security Automation, Resiliency, DevSecOps, SSDLC, SDLC, Threat Modelling, Risk Assessor, Security Audit, zero trust, ZTNA, conditional access Preferred Skills: Foundational-Cybersecurity Competency Management-Cyber Competency Strategy Planning

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards.Themanageroftheapplicationsecurityprogramwillberesponsible for - 1. To Integratesecuritytools,standards,andprocessesintothe productlifecycle(PLC). 2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatele velofsecurityknowledgetoperformtheir dailyactivities. 3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanal ysisandruntimetestingtools and securedevelopmentstandards. 4. Conduct and manage periodic penetration testing exercises through expert consulting, internal technology team, and managed services to identify the gaps and fulfill audit/ regulator requirements. 5. Create, Integrate and manage threat modelling process/ practices, following SSDLC and application framework. 6. Manage the secure configuration/ hardening guidelines and compliance. 7. Should create and manage application security KPIs. KRIs compliance reports and dashboards. 8. Should have strong hand-on experience of different tools, processes related to SAST, DAST, API Security and Threat Modelling. 9. Should take care of Infosec functions by coordinating with various stakeholders (App Team, Vendors, Auditors, Regulators). 10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST. 11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai) 12. Knowledge of Network and Data Security is a plus. Qualifications and Experience: 1. 8-10 years of hands-on experience in application security. 2. Strong understanding of application security best practices, frameworks, and security technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc. 3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Excellent communication, interpersonal, analytical and problem-solving skills. 6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

Educational Bachelor of Engineering Service Line Quality Responsibilities In this role, you will help architect, deploy security solutions, tools for Application, DevSecOps & SSDLC, and Public Cloud Security. You need to learn about Infosys business initiatives, products and business needs to drive clients' security projects. Develop technical solutions and advisesecurity controls to mitigate security vulnerabilities. Partner with Security Engineers, Architects, and clients to drive security initiatives in technology and policy governance. Preferred Skills: Foundational-Cybersecurity Competency Management-Cyber Competency Strategy Planning

Who are we? FalconX is a pioneering team of operators, investors, and builders committed to revolutionising institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX addresses the industry's foremost challenges: Navigating the digital asset market can be complex and fragmented, with limited products and services that support trading strategies, structures, and liquidity found in conventional financial markets. As a comprehensive solution for all digital asset strategies from start to scale, FalconX operates as the connective tissue empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape. Who is on the team? We are entrepreneurs. Many in our company have been founders or have aspirations to eventually start their own company. We take these ambitions and experiences to bring a solutions-oriented mindset to the problems we encounter day-to-day. We have been fortunate to have learned from mentors and peers at institutions such as Google, LinkedIn, JUMP Trading, Citadel, PEAK6 Investments, Goldman Sachs, JP Morgan, Harvard Business School, Carnegie Mellon, IIT, IIM +more. The team you would report to all have technical backgrounds in Application Security and Product Security. They cover a wide variety of products that fall within Cryptocurrency, High-Frequency Trading, and AI systems. In this role, youll dive deeply into these product lines and provide guidance as well as implementation when needed. Responsibilities : Engineer systems and internal security tools to improve application security across all of FalconX via SSDLC improvements; Interface with the rest of Engineering on the security of Falconxs software products (Cryptocurrency; High Frequency Trading; AI systems). Youll provide guidance / recommendations / and drive the Engineers to implement your recommendations. Review and provide eng-design / architectural guidance for application systems Occasional Vulnerability Management Occasional Pentesting Educate and Train Engineers on Application Security fundamentals Execute and improve security reviews and consulting processes with runbooks and automation. Knowledge, Skills & Abilities : Strong software engineering skills in Python, Golang or Ruby. You have a past of writing production-grade code and can comfortably interact with SWEs throughout FalconX. Bonus points if you have a background of security exposure in the contexts of cryptocurrency, high-frequency trading system, or AI development Proven impact in two or more of the following AppSec domains: AppSec Education and Training, API Security, Implementation of a SSDLC, App-Layer Pentesting (BurpSuite), Manual / Automated Secure Code Reviews (SAST Tools, DAST Tools), Application Security Architecture and Design, Implementation of Security Controls (Encryption; MFA / RBAC Permissions; etc), OWASP Top Ten, BSIMM / OpenSAMM Proficiency in threat modeling risks to product applications / associated infrastructure and driving the implementation of preventative controls in partnership with Engineering. Technical Project Management Strong familiarity with what a secure SDLC should look like and tools / techniques to implement an SSDLC Ability to collaborate with internal and external stakeholders while prioritizing tasks and work independently under minimal supervision. Vulnerability management, incident response Qualifications : Minimum of 6+ years of direct experience as a Software Engineer / Software Architect in Python, Ruby, Go, etc Minimum of 6+ years of direct experience in Product or Application Security as a hands-on-keyboard AppSec or ProdSec Engineer / Consultant Practical experience performing detailed application-layer risk assessments, performing secure code reviews, doing eng-design reviews with Engineers Exceptional written and verbal communication skills Strong technical curiosity within the spaces of Cryptocurrency, AI, and High Frequency Trading Systems

Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH.

1. Experience in the following process areas: Secure SDLC Methodologies for Waterfall/ Agile software development (Mandatory) Should be well-versed with Security best practices like OWASP and NIST guidelines (Mandatory) Ability to perform security review of microservices architecture, API Security (Mandatory) Hands on experience on Source Code reviews - SAST solution (Mandatory) Hands on experience on Dynamic Application Security Testing - DAST (Mandatory) Hands on experience in Software Composition Analysis - SCA (Mandatory) Hands on experience in performing Tech Stack Review -(Mandatory) Comfortable working in an environment that practices Agile development, engaging Product Owner and other stakeholders Good knowledge of Cloud platform/VMware Ability to identify vulnerabilities & threat actors in the application cycle and communicate effectively to the stake holders. Threat Modelling PASTA ,STRIDE etc (Good to Have) 2. Possesses ability to quickly understand the technical and functional aspects of the project to be able to communicate effectively with different stakeholders. 3. Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. 4. Ability to work effectively in a fast-paced, project-oriented environment 5. Ability to prioritize and execute tasks 6. Ability to handle sensitive and confidential information Strong analytical and problem-solving skills

Key Responsibilities Design and implement application security architecture for AWS-hosted services and applications. Ensures secure-by-design initiatives across SDLC, including threat modeling, risk assessments, and architectural reviews. Responsible for the production and review of Architecture Decision Records (ADRs). Collaborates with Define and promote secure coding standards and security-focused CI/CD pipelines. Provide application security guidance for integrated security tools (e.g., MAST, SAST, DAST, SCA, IaC scanning, secret detection) tailored for cloud environments. Develop and provide consultation on security design patterns and reusable reference architectures (platform level) for AWS microservices, APIs, containers, and serverless workloads. Monitor emerging AWS security features and provide recommendations for adoption. Support incident response and forensics related to application-layer attacks. Guide remediation strategies for vulnerabilities and design flaws. Serve as the SME for application security in security governance, audits, and compliance efforts. Provide architectural governance, reviewing projects to ensure alignment to technical strategy, company platform roadmaps, and enterprise standards Drive both high level and detailed design ensuring to partner with others where applicable Find opportunities to embrace innovative technologies, perform rapid POCs to experiment and build rails for the engineering / product teams Coach and mentor engineering colleagues on solution architecture; providing advice, mentorship and assistance as required Actively participate in team and enterprise-wide architecture and engineering discussions Introduce enterprise architectural paradigms and solutions into the portfolio Communicate to senior leaders regarding strategy direction and changes to ensure alignment with security best practices. software engineers, DevOps, various security teams and cloud architects Qualifications 7+ years in application security, software engineering, or security architecture roles. 3+ years of hands-on experience with AWS services, like IAM, KMS, CloudTrail, VPCs, CodePipeline, Terraform, etc. Deep understanding of AWS: Compute, Storage, Networking, Data, and Security. Deep understanding of secure development lifecycle (SSDLC) and cloud-native application patterns (e.g., microservices, containers, CI/CD). Experience implementing security controls in CI/CD pipelines using Jenkins, GitHub, GitHub Actions, etc. Expertise in at least one or more programming languages (e.g., Python, Java, Go, Node.js). Familiarity with OWASP Top 10, SANS CWE Top 25, and threat modeling methodologies (e.g., STRIDE). Proven ability to communicate risk to technical and executive stakeholders. At least one security related certification like: GDSA, GCAD, GWAT, GWEB, GPEN, GCPN GXPN, Others. Any of the following certifications are a plus, SABSA, TOGAF, AWS Certified Solutions Architect.

Responsibilities: Design and implement secure architecture on Google Cloud Platforms (GCP) using IAM, SDLC, CI/CD pipelines with Python or Java.