Application Security

at Top IT MNC

icon
Chennai, Mumbai, Bengaluru (Bangalore), Pune, Coimbatore, Kochi (Cochin), Navi Mumbai, Gurugram, Noida, Kolkata, Delhi, Ghaziabad, Faridabad
icon
6 - 15 yrs
icon
₹10L - ₹25L / yr
icon
Full time
Skills
OWASP
Web application security
Network Security
Nessus
Burp suite
Metasploit
Qualys
HP Fortify
Checkmarx
Acunetix
Kali Linux
Experience: 6-8 years & 10+ years
  • OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
  • OWASP TOP 10 vulnerabilities and their mitigations
  • Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
  • Understand/modify exploit code and find logical security flaws in applications
  • Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
  • To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.
Why apply to jobs via Cutshort
Personalized job matches
Stop wasting time. Get matched with jobs that meet your skills, aspirations and preferences.
Verified hiring teams
See actual hiring teams, find common social connections or connect with them directly. No 3rd party agencies here.
Move faster with AI
We use AI to get you faster responses, recommendations and unmatched user experience.
2101133
Matches delivered
3712187
Network size
15000
Companies hiring

Similar jobs

Security Compliance Lead

at FPL Technologies Pvt Ltd

Founded 2018  •  Product  •  100-500 employees  •  Raised funding
Compliance
Network Security
Compliance Manager
Risk Management
System security
Security Information and Event Management (SIEM)
Amazon Web Services (AWS)
Cyber Security
Security audit
icon
Pune
icon
4 - 8 yrs
icon
₹15L - ₹25L / yr
About the company - 
Credit cards haven't changed much for over half a century so our team of seasoned
bankers, technologists, and designers set out to redefine the credit card for you - the
consumer. The result is OneCard - a credit card reimagined for the mobile
generation. OneCard is India's best metal credit card built with full-stack tech. It is
backed by the principles of simplicity, transparency, and giving back control to the
user.

The Engineering Challenge
“Re-imaging credit and payments from First Principles”
Payments is an interesting engineering challenge in itself with requirements of low
latency, transactional guarantees, security, and high scalability. When we add credit
and engagement into the mix, the challenge becomes even more interesting with
underwriting and recommendation algorithms working on large data sets. We have
eliminated the current call center, sales agent, and SMS-based processes with a
mobile app that puts the customers in complete control. To stay agile, the entire
stack is built on the cloud with modern technologies.

Check out our apps here:
OneCard (Best credit card app) : www.getonecard.app
OneScore (5 million downloads): http://www.onescore.app" target="_blank">www.onescore.app


Security Compliance Lead
Opportunity:
Opportunity to build GRC practice grounds up for new Age Fintech startup, lead and
implement PCI-DSS, ISO-27001, RBI compliances

What you will do:
● Be SME for all applicable regulations, guidelines and industry best practices
to manage risk and ensure compliance.
● Be the single point of contact for all external entities related to Security and
Compliance communications.
● Owner for all security documentation such as policies, standards, and
procedures.
● Owner for driving security controls across all organisation functions.
● Build continuous assessment practice which is superset of all required
regulatory compliance.
● Manages and supports Information Security Risk Management Life-cycle for
the organization.
● Provide adequate security and compliance against specific standards such as
NIST 800-53, NIST 800-171, ISO 27001, SOX, PCI, HIPAA and other
regulatory requirements.
● Identifies and formally documents deviations from published standards,
estimates risk level, recommends appropriate mitigation countermeasures in
operational and non-operational situations.
● Identify potential areas of IT compliance vulnerability and risk; guide the
accountable stakeholders to develop/implement corrective action plans for
resolution, and provide general guidance on how to avoid or deal with similar
situations in the future. Risks should be identified, assessed and monitored on
an ongoing firm-wide and individual entity basis

Experience Range:
4-8 years of experience in Cybersecurity & Risk Compliance Domain in areas
including and limited to: System Security, Network Security , SOC, Risk &
Compliance Management

Technical Expertise:
● Auditing experience in ISO-27001, SOX, NIST, PCI-DSS
● Experience with AWS Security and Compliance.
● Prior experience in the Banking and Financial domain is nice to have.
● Proven experience in Endpoint Security, Network Security, SIEM,SOC
Advanced security tools – SOAR platform, Vulnerability Management, SIEM
● Experience building Threat Modeling practice
● Strong communication skills
Job posted by
Darshana Kulkarni

Security Researcher

at ProtectOnce

Founded 2021  •  Product  •  20-100 employees  •  Profitable
OWASP
Web
Cloud Computing
Web application security
VAS
icon
Remote only
icon
2 - 6 yrs
icon
₹8L - ₹15L / yr

Role: Security Researcher

Location: Pune

Security and compliance enthusiasts to catalyze product R&D for a breakthrough product in the hyperactive world of SaaS, who are/have:

  • driven by a strong desire to seek challenges, observe patterns, analyze impacts, present insights, share experiences, and continually build upon the discovered information, for maintaining the latest knowledge about the state of Internet security
  • keenly follow the ever-evolving space of Web enabled supply chains and contribute towards securing interactions in the application layer
  • hands-on with leading open source tools and methodologies relevant to threat hunting, PoC development, and remediation management
  • strong background in application security, and a high degree of familiarity with resources such as OWASP Top 10 for API / Web / Cloud / Mobile, MITRE, CIS, and similar leading projects from OffSec, SANS, NIST, CSA, et al
  • conversant with industry standards, guidelines and best practices regarding pentesting focused on data and interactions concerning modern applications that are powered by DevOps and microservices
  • detail oriented and above-average communication skills, with demonstrable experience in understanding of CVEs, CVSS, CWE, report -writing, -submission and -followup
  • able to quickly skill up or adapt their techniques to keep step with the rate of innovation for business enablement as well as improvisation in adversary tactics
  • familiarity with relevant data-protection requirements prescribed by regulatory bodies / best practices / standards for compliance, information security or privacy, e.g. HIPAA, GDPR, PCI-DSS, ISO27001, etc.



Advantage points

The above, along with one or more listed below, would form a great combination:

  • able to share relevant credentials: CVE records, patents, papers, or other work-samples
  • conversant with projects such as OpenVAS, OpenCSPM, OpenSCAP, or any other implementations, tools, or use-cases with SCAP constituents, JOVAL or OSCAL
  • comfortable working with application and device logs
  • ability to translate threat reports or synopses into articles/ blogs, or educational content such as for subject oriented whitepapers, business oriented webinars, developer oriented guidelines, etc.
  • familiarity with IaC / SecOps / DevOps concepts & tools


To carry out:

 

Research and development in the field of SaaS security, specifically the trending sprawl of software services consumed over the Web, covering various domains that are essential for achieving – and maintaining – a robust security posture, including but not limited to:

  • hardening, or locking down, a Web-based / SaaS app to protect the data, users, and other assets for an enterprise
  • weighing the pros and cons of all the settings that a parameter can be configured to; using the app's admin panel, service API, or ordinary user interface, especially in the context of introduction, withdrawal or otherwise modification of application\service features by the vendors, advisories published by the security community, and other mandates or disruptions affecting the Cloud \ Web-based or SaaS ecosystem
  • recommending and documenting –accompanied by proof of concept where relevant to demonstrate or prescribe – the best security setting for a configuration parameter
  • researching diligently, through the app's official documentation, developer resources such as APIs, community boards/repositories, and so on, to generate hypotheses, knowledge-bases and evidences supporting the recommended security configuration
  • analyzing controls, tools and resources to preempt and manage threats to the security posture in terms of identities, use cases and user entity behaviors
  • researching, analyzing and advising best practices to protect the enterprise from data exposure, corruption, or leakage, resulting from its SaaS security posture
  • suggesting, reviewing, and updating the recommended configurations, across specific apps, or groups of similar apps, or other logical constructs
  • creating, reviewing, analyzing, correlating, mapping, and updating the list of controls from diverse compliance standards, frameworks or best-practices, as they correspond to relaxing, toughening, or altogether omitting one or more configuration settings
·  contributing to the larger effort, and exchanging or developing ideas with cross-functional colleagues, in the spirit of Agile product development
Job posted by
Sharvari Thengodkar
ISO/IEC 27001:2005
HIPAA
PCI DSS
Network Security
Amazon Web Services (AWS)
icon
Hyderabad
icon
3 - 7 yrs
icon
₹10L - ₹13L / yr
Job Summary:
We are looking for a candidate with strong experience into Information Security, 3rd Party Supplier assessments, Risk Management, Data Privacy, Audit Management with comprehensive understanding on
Risk Remediation, Security Operations, DLP, Network & Cloud Security, Experience in Independently Managing Information Security Audit would be mandatory.
Responsibilities:
· Responsible in Leading Internal InfoSec Assessments
· Responsible in Independently Manage 3rd Party Supplier Vendor Risks
· Responsible in driving audit remediations & ensure compliance by 
  effective risk mitigation plans.
· Liaison & Overseeing external audits like ISO27001, SOC1, SOC2 &
  Client Audits.
· Responsible & Lead the InfoSec Presales (RFPs, MSAs, Contract Sign-
  offs & Sales Calls).
· Responsible in refreshing InfoSec Policy re-structuring & Lead Security
  Awareness across the Organization.
· Responsible in addressing Data Privacy & Security Concerns
· Responsible in streamlining the process through Automation
  Techniques.
· Responsible in streamlining Risk Register.
· Responsible in Overseeing PoCs whenever there is a need &
  requirement.
· Responsible in Managing Team.
Requirements:
· Strong understanding of Infrastructure Security from an Assessment
  standpoint.
· Strong understanding & hands-on experience on Vulnerability
  Assessments, Penetration Testing,Application & Network Security.
· Strong understanding and experience on Vendor Information Security
  Risk Assessment
· Strong understanding of ISO 27001, HIPAA, PCI DSS, SOC 1, SOC2 &
  Cloud Security Alliance,AWS and Azure infrastructure.
· Strong understanding and hands-on experience in driving assessment
  remediation till closures.
· Strong understanding on Information Security, Data Privacy laws, rules
  & regulations like GDPR,HIPAA, PCI etc.
· Hands on experience in Independently leading internal assessments &
  identifying key information & technology risks.
· Comprehensive knowledge on IT Risk Management Domain.
· Comprehensive knowledge on InfoSec Presales, RFPs, & address client
  InfoSec queries.
· Good Communication skills.
· Comprehensive knowledge on Security Operations (Endpoint Security,
  Data Leakage Prevention, Endpoint Encryption, SIEM, IDS/IPS,
  Firewalls, CASB and CCM etc.
· Comprehensive knowledge on Security Incident Alerts & Management.
· Strong Knowledge on Information Governance & Policy Structuring
· Comprehensive knowledge conducting InfoSec awareness sessions.
· Ready to take ownership on the key deliverables with minimal
  handholding and drive independently.
· Ready to Manage Team from day 1 with minimum hand-holding.
Job posted by
Dhwani Shah

Software QA Analyst

at Beyond Seek Technologies Pvt Ltd

Founded 2020  •  Products & Services  •  0-20 employees  •  Profitable
Software Testing (QA)
Test Automation (QA)
Selenium
Appium
Manual testing
Mobile App Testing (QA)
Web application security
Functional testing
Regression Testing
Smoke Testing
Performance Testing
OWASP
Postman
icon
Remote only
icon
3 - 6 yrs
icon
₹5.5L - ₹10L / yr

As a QA engineer, you’ll be responsible for manual testing to start with and then automating the test cases for our mobile app, web, backend, and defi/blockchain products. Below is a list of skills required to efficiently deliver on responsibilities and requirements for this role:

Must have skills:

  • Minimum 2 years of experience as a QA/Test Engineer in a high-growth start-up with manual and automation testing
  • Good understanding of DeFi/blockchains
  • Experience working in an agile development model
  • Experience in Tools like OWASP ZAP, Postman, and JMeter
  • Strong understanding of various testing methodologies
  • Identify, analyze, troubleshoot and report product defects
  • Experience in Mobile, Web and API Testing
  • Adept in functional testing and reporting defects
  • Familiarity with various tools on QA lifecycle such as bug-tracking and test management tools like JIRA, TestRail, Clickup etc.
  • Strong experience in manual testing and follow extremely detail-oriented approach
  • Strong experience in formation of test scenarios and writing the test cases
  • Ability to take full ownership of features and functionality
  • Strong experience in designing and documenting formal test procedures and test plans
  • Extremely hands-on with an ability to roll up the sleeves and get work done in a timely manner
  • Excellent team player with an ability to guide and mentor the team members
  • Excellent analytical and communication skills
  •  

Nice to have skills:

  • Basic working knowledge of mobile automation testing on Android, iOS using Katalon Studio or Appium
  • Knowledge of Databases (MySQL)
  • Background in Fintech, Banking, or Blockchain
Job posted by
Basanth N

Associate Security Analyst (VAPT) - Fresher (Immediate Joinee)

at SynRadar

Founded 2017  •  Products & Services  •  0-20 employees  •  Bootstrapped
Web application security
Nmap
Nessus
OWASP
Penetration testing
icon
Remote only
icon
0 - 1 yrs
icon
₹1.5L - ₹3L / yr

This profile will include following responsibilities:

 

- Perform Web Application Security Testing

- Scan Network for Security Vulnerabilities

- Create detailed security report

- Research on Open source security tools & new security topics

- Create Security Knowledge base for the team

The candidate should be we well versed with application security concepts, network scanning tools. 
Job posted by
Paresh Jain

Software Architect/Solution Architect/CTO

at Nexus adwords

Founded 2020  •  Products & Services  •  20-100 employees  •  Raised funding
Java
Python
Javascript
Amazon Web Services (AWS)
Go Programming (Golang)
Web application security
Application lifecycle management
azure
icon
Ahmedabad
icon
7 - 15 yrs
icon
₹9L - ₹15L / yr
• Job Title:- Software Architect
• Location:- C.G Road, Ahmedabad 
• Working days:- 5 days, 2 Saturday alternate holidays.
• Experience:- Mini. 8yrs

Job Description:-

We are looking for a Software Architect to drive technology strategy, create the
technological vision and to ensure the designing and development of software solutions that fulfils the business requirements. You will be a key contributor to architectural decisions for products, drawing on your excellent technical, analytical and business acumen skills while effectively communicating with all levels in the organization to build high scalable and secure solutions.

KRA:-
Articulate architecture & Non functional requirements for the products and service with high precision. Gathering business requirements to analyse, identify, design and innovate solutions.
• Device strategy to implement NFRs
• Validate the design, development to confirm against the architecture and NFR
• Technical owner of the IT Projects
• Design and develop best practises in software development and architecture together with the team.
• Determining overall architectural principles, frameworks and standards.
• To provide hands-on development wherever appropriate specially on architecture transformation projects.
• Involve in unit testing, code reviews and bug fixing.
• Driving research, case studies on how latest technologies could be leveraged for software architecture and capabilities such as scalability, fault tolerance, extensibility, maintainability, etc.
• Documenting designs, estimates and implementation plans to iAND stakeholders.




Requirement:-
• Academics exposureExperience in architecting and designing technical solutions especially in area of mobile and cloud. for SaaS capabilities.
• Ability in scaling products and to tackle large traffic and amounts of data.
• Academics expertise in coding, programming and software design patterns.
• Passionate about technology and constantly growing your technical expertise.
Great to Have:-
• Professional Coding proficiency in Python and JavaScript. certifications like AWS, MS Azure
• Experience in insurance domain
Job posted by
Vinny Patel

Security Consultant / Penetration Tester

at NetSPI

Founded 2001  •  Products & Services  •  100-1000 employees  •  Profitable
Penetration testing
Network Pentesting
OSCP
Cyber Security
Web application security
Ethical Hacking
web application pentesting
CEH
icon
Pune
icon
0 - 9 yrs
icon
₹5L - ₹30L / yr

Security Consultant (Penetration Tester) - Associate/Mid/Senior

NetSPI


Headquartered in Minneapolis, MN—NetSPI provides a variety of server, network, and application penetration testing services. Our Penetration Testers (Security Consultants) have the opportunity to apply their creativity, business knowledge, and technical skills on a daily basis using new and innovative tools/techniques in a collaborative environment. If you are passionate about Pentesting - WE WANT TO MEET YOU!


A day in the life of a NetSPI Senior Security Consultant:

  • Perform web, mobile, and thick application penetration tests
  • Perform external, internal, and wireless network penetration tests
  • Create and deliver penetration test reports to clients
  • Collaborate with clients to create remediation strategies that will help improve their security posture
  • Research and develop innovative techniques, tools, and methodologies for penetration testing services
  • Participate in the ongoing development/enhancement of NetSPI services and processes, in addition to thought leadership (via blogs, presentations, white papers, webinars, podcast, vlogs and tweets)
  • Provide pre-sales support by assisting with scoping prospective engagements
  • Act as a resource for internal team members as it relates to in-depth technical questions or best practices
  • Other duties as assigned

Requirements:

  • Bachelor’s degree or higher, preferred with a concentration in Computer Science, Engineering, Math, or IT
  • 0-9 years of experience in penetration testing, including network, web or mobile application testing
  • Experience with offensive toolkits used for network and application penetration testing
  • Strong communication skills, both verbal and written
  • Knowledge of Linux and/or Windows administration

Preferred Qualifications:

  • Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#
  • GXPN, GPEN, OSCP, CISSP, GWA
  • PT or similar certifications
Job posted by
Khushboo Chavan

Sr. InfoSec Manager

at Grab A Grub Services Pvt Ltd.

Founded 2012  •  Services  •  100-1000 employees  •  Raised funding
Burp suite
Nmap
KALI
icon
Remote, Mumbai
icon
3 - 7 yrs
icon
₹3L - ₹5L / yr

Role & Responsibilities:

  • Plan and execute Security Assessment Strategy
  • Proactively implement security measures
  • Implement tools to Monitor and Report Security violations
  • Govern security specification guidelines adherence across product and organization

 

Skills & Qualification:

  • IIT, BE or B Tech
  • 4+ years of relevant work experience
  • Expert in Application Information Security, VAPT
  • Proficient using tools like BURP, NMAP, KALI etc.
  • Good understanding of web technologies, APIs and mobile app development practices
  • CEH certification preferred
Job posted by
Sangeeta Gawali

Manager - Information Security

at HDFC Life is one of India's leading and most valuable private life insurance company

Agency job
via Insignia Search
Network Security
Project Management
DevOps
application security
OWASP
OSSTM
FISMA
icon
Mumbai
icon
7 - 9 yrs
icon
₹14L - ₹17L / yr
Overall purpose of the job - This role would be responsible for identifying and implementing mitigations, practices and controls ensuring adequate application and infrastructure security posture is maintained all at times Key Performance Areas - • Good at application threat modeling and applications risk identification & remediation • Strong web application security experience with thorough understanding of web application vulnerabilities • Knowledge of database, application, and web server design and implementation • Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA) • Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc • Create, implement & review data protection strategy across the organization. • Experience in client handling including interaction with developers for understanding the mitigations • Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM • Knowledge of DevOps and other upcoming technologies used in SDLC • Experience in manual verification of false positives reported by automated tool • Devise and enforce standards and best practices for data protection in line with international standards and industry best practices. • Evaluate the adequacy of security measures including network security to protect organizational data and information assets • Define and implement project as per approved Plan of action. • Identify security solutions as per business needs • Manage POC for agreed and approved solutions as per defined process • Conduct partner reviews • Coordinate with vendors / partners on closure of projects / activities • Manage intra and inter department conflict amicably • Benchmark and compare security practices with the industry • Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable. • Information security risk assessments and controls selection activities • Track all audit schedules and ensure closure of all security gaps. • Reporting of all critical security issues • Co-ordinate for Risk Assessment of IT systems and Third Party workloads • Facilitate Internal process and IT audits • Software license compliance at all times • Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations • Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management • Review of Third Party applications / systems and network security on monthly basis • Adherence To Change Management Processes
Job posted by
Kushal Dadhich

Cybersecurity - OSCP

at AMBC INC

Founded 2001  •  Services  •  100-1000 employees  •  Profitable
Web application security
oscp
vapt
Fortify
OWASP
icon
Bengaluru (Bangalore)
icon
3 - 9 yrs
icon
₹8L - ₹12L / yr

Requirements:

  • Overall experience in the field of Information risk and security related initiatives/ projects.
  • Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
  • Ability to understand business concepts and integrate business risk elements into security operations.
  • Experience in conducting VAPT.
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
  • Strong ethics and understanding of ethics in business and information security.
  • Should have exposure to Code review, Network VA/PT and App VA/PT work.
  • Understanding and familiarity with common code review methods and standards.
  • Experience with code scanning toolsets such as Fortify and Ounce.
  • Understanding of HTTP and web programming.
  • Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
  • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
  • In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.
Job posted by
Ponmuthumari Mohan
Did not find a job you were looking for?
icon
Search for relevant jobs from 10000+ companies such as Google, Amazon & Uber actively hiring on Cutshort.
Get to hear about interesting companies hiring right now
iconFollow Cutshort
Want to apply to this role at Top IT MNC?
Why apply via Cutshort?
Connect with actual hiring teams and get their fast response. No spam.
Learn more
Get to hear about interesting companies hiring right now
iconFollow Cutshort