11+ Exploratory testing Jobs in India

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

About us

Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.

We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.

Experience Required:

• Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
• 3+ years of experience in VA/PT

Job Responsibilities:

• VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
• Developing & testing rule sets for our pentest suite
• Preparing pentest reports through Astra’s pentest suite
• Interacting with clients over remediation calls
• Explaining steps to fix to clients
• Maintaining our vulnerability management system

Key Skills Required:

• Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
• Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
• Knowledge of LAMP stack & PHP would be great to have

We Offer:

• Embrace the cosy remote work lifestyle.
• Feel the startup adrenaline pumping through your veins.
• Revel in our open, growth-centric ambiance; it's like a digital playground.
• Dive deep into the captivating world of cybersecurity.
• And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.

As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.

• Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
• Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
• Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
• Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
• Communicating findings and recommendations to management and other stakeholders.
• Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
• To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.

1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review

2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

3. False Positive removal and manual application testing      

4. Working exp of Python, Java, .Net etc         
5. Experience of using MF Fortify is a must

6. Proactively identify vulnerabilities and recommend fixes

7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time                                                                                     

8. Experience in using security tools to carry out manual as well as automated security assessments

9. Experience working with common product flows like payment gateway integration, authentication etc.                                                          

10. Client handling exp

11. Should be able to address client queries, work on proposals etc                                                        

12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams

Job Description

Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)

Responsibilities:

Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.

Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.

Minimum Requirements:

10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)

Hands-on experience with writing threat hunting hypothesis & active threat hunting

Experience with YARA rule and OpenIOC signature creation.

Experience with multi-tiered mission-critical systems.

Experience in opensource sandbox and honeypots.

Preferred Certification

GIAC Cyber Threat Intelligence (GCTI)

C| TIA (Certified Threat Intelligence Analyst)

CCTIA by the NICCS

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.