11+ Exploratory testing Jobs in India

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

About Shipsy

At Shipsy, we aim to revolutionize the logistics and supply chain industry through our innovative SaaS platform. We leverage cutting-edge technology to deliver solutions that enhance efficiency, improve sustainability, and create positive impacts across global supply chains.

Position Overview

We are seeking a skilled Security Operations Engineer to join our security operations team. This role is crucial for protecting our company’s assets, data, and IT infrastructure. The ideal candidate will possess a solid foundation in cybersecurity, experience with incident response, full stack development experience and a proven ability to work effectively within a team environment.

Key Responsibilities:

• Work with the product, devops, and development teams to identify the right security architecture for implementing new solutions, products, and features. Help develop, implement, and support product security strategy.
• Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture. Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc. ).
• Support security initiatives and serve as a point of contact to build and securely scale cloud platforms (EX. AWS, GCP & AZURE).
• Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks.
• Present strategies, project plans, and more to cross-functional teams delivering risk management solutions that add value.
• Experience in introducing security testing into software delivery pipelines (CI/CD)
• Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks
• Understanding of cloud-native applications and how to deploy them securely
• Create design specifications and prepare technical documentation and run-books.
• Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program

Requirements:

• 8 years of industry experience with at least 4 years experience in DevSecOps automation and tooling. 
• Proven experience with Amazon Web Services (AWS), including IAM, AWS Shield, AWS WAF (Web Application Firewall), and Amazon Inspector to enhance security measures and compliance within the cloud environment.
• Expertise in security tools and technologies, such as vulnerability scanners, penetration testing tools, and security information and event management (SIEM) systems. 
• Strong understanding of DevSecOps principles and practices. 
• Excellent communication, collaboration, and problem-solving skills. 
• Ability to work independently and as part of a team. 
• Experience collecting metrics, measuring systems, and interpreting data to make decisions. 

Qualifications

• Bachelor's degree in Computer Science, a related technical field, certifications, or equivalent practical experience

Good to have:

1. Experience in JavaScript, Node, React , Python & Database administration.
2. AWS Management, Security, Scalability, Reliability, Cost Optimization Education and Certifications
3. AWS Certified Security – Specialty or equivalent practical experience

Designation: DevSecOps Engineer

Location: Hyderabad

Work Mode: Office

Reporting to: Associate Director- DevOps

About the Role: As a DevSecOps Engineer at Foundation AI, you'll lead efforts to enhance security for infrastructure and products. You'll need technical expertise in identifying and addressing security vulnerabilities, ensuring compliance, and integrating security best practices across the development lifecycle. Your role also involves collaborating with cross-functional teams to embed security throughout the development process.

Responsibilities:

● WorkLocation Commitment: As a DevSecOps Engineer, you'll be expected to work from our office in Hyderabad. This reflects our preference for in-person collaboration and a commitment to team cohesion.

● Rich Industry Experience: You should possess a substantial 3-6 years of experience in DevSecOps and DevOps & should have worked for product-based companies (Startup/Scaleup). This extensive experience underscores your ability to navigate complex DevsecOps challenges effectively.

● Infrastructure as Code (IaC) Security: Ensuring that application configurations are secure and compliant with security policies. Performing security checks on infrastructure code (e.g., Terraform, CloudFormation) to ensure that resources are provisioned securely.

● Operating System Expertise: Your command over operating systems is particularly vital, with a strong emphasis on Linux. This expertise ensures a solid foundation for managing and optimizing system-level operations.

● DevSecOpsMethodology: By incorporating security into the DevOps workflow, DevSecOps aims to identify and mitigate security vulnerabilities more effectively, reduce the risk of security breaches, and accelerate the delivery of secure software.

● Static Application Security Testing (SAST): Scanning the code for security vulnerabilities using tools like SonarQube, Checkmarx, or Fortify as part of the build process.

● DynamicApplication Security Testing (DAST): Conducting security testing on running applications to find vulnerabilities that attackers can exploit. Tools like OWASP ZAP or Burp Suite can be integrated into the pipeline

. ● Effective Communication and Collaboration: Exceptional communication and collaboration skills are essential. You'll work closely with cross-functional teams, bridging the gap between development and operations, and ensuring smooth coordination.

● Cloud-Native Proficiency: Knowledge of security tools specific to cloud-native environments, such as container security scanners, cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPP).

● Understanding Distributed Computing: A solid grasp of Distributed Computing principles is fundamental. It enables you to design and implement systems that can handle complex, distributed workloads effectively.

● CodingProwess: Your coding skills, particularly in Bash Shell Scripting and Python, will play a pivotal role. These skills empower you to automate tasks and develop tools to enhance system reliability and efficiency.

 Role:

● AssistSDEsandDevOpsteamsonsecuredeploymentandbestpractices. ● CreateaKnowledgebaseonsecurityvulnerabilitiesandtestcases.

● PerformsecuritytestingonWebandMobileassetsthroughachecklist

● WorkcloselywiththeProduct teamandSDE/QAtofixvulnerabilities/ issues faced by customers

● Performredteamandphishingexercisestoimprovesecurityposture

● Assist/mentor teammates on security test cases and day-to-day activities

● Workonincidentmanagementandthird-partysecurityreports

● Initiateandimproveresponsibledisclosure/Bugbountyprogram

●Brownbagsessionsandpresentationstothetechteamonsecuritybestpractices and improvements

● Work closely with business stakeholders and influence the security policy of the org .

As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.

• Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
• Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
• Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
• Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
• Communicating findings and recommendations to management and other stakeholders.
• Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
• To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

• Manage security tools(Snyk, Fossa, Trivy).
• Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation 
• Monitor license violations.  
• Perform Security Assessments and Threat Modeling
• Security Incident Response. Be part of a security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis.
• Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection).
• Given our fast pace and startup nature, things change over time and your job responsibilities will too.

You'll need:

• Web application security experience.
• Familiarity with a modern SaaS infrastructure and application development.
• Manual and/or automated Penetration Testing (white box, black box & grey box).
• Good understanding of security risk(OWASP Top 10).
• Pen-testing: burp suite/ postman, etc.
• Vulnerability management: Snyk, fossa, NexusIQ, WhiteHat security, aqua security, GitHub security, etc.
• Familiarity with major security protocols.
• Collaboration, transparency, and integrity.
• BS/MS degree; 5+ years of relevant experience.

Nice to have:

• Experience in scripting languages(BASH, Python, JS, etc).
• CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry-recognized certifications.
•