- OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
- OWASP TOP 10 vulnerabilities and their mitigations
- Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
- Understand/modify exploit code and find logical security flaws in applications
- Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
- To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.
Credit cards haven't changed much for over half a century so our team of seasoned
bankers, technologists, and designers set out to redefine the credit card for you - the
consumer. The result is OneCard - a credit card reimagined for the mobile
generation. OneCard is India's best metal credit card built with full-stack tech. It is
backed by the principles of simplicity, transparency, and giving back control to the
The Engineering Challenge
“Re-imaging credit and payments from First Principles”
Payments is an interesting engineering challenge in itself with requirements of low
latency, transactional guarantees, security, and high scalability. When we add credit
and engagement into the mix, the challenge becomes even more interesting with
underwriting and recommendation algorithms working on large data sets. We have
eliminated the current call center, sales agent, and SMS-based processes with a
mobile app that puts the customers in complete control. To stay agile, the entire
stack is built on the cloud with modern technologies.
Check out our apps here:
OneCard (Best credit card app) : www.getonecard.app
OneScore (5 million downloads): http://www.onescore.app" target="_blank">www.onescore.app
Security Compliance Lead
Opportunity to build GRC practice grounds up for new Age Fintech startup, lead and
implement PCI-DSS, ISO-27001, RBI compliances
What you will do:
● Be SME for all applicable regulations, guidelines and industry best practices
to manage risk and ensure compliance.
● Be the single point of contact for all external entities related to Security and
● Owner for all security documentation such as policies, standards, and
● Owner for driving security controls across all organisation functions.
● Build continuous assessment practice which is superset of all required
● Manages and supports Information Security Risk Management Life-cycle for
● Provide adequate security and compliance against specific standards such as
NIST 800-53, NIST 800-171, ISO 27001, SOX, PCI, HIPAA and other
● Identifies and formally documents deviations from published standards,
estimates risk level, recommends appropriate mitigation countermeasures in
operational and non-operational situations.
● Identify potential areas of IT compliance vulnerability and risk; guide the
accountable stakeholders to develop/implement corrective action plans for
resolution, and provide general guidance on how to avoid or deal with similar
situations in the future. Risks should be identified, assessed and monitored on
an ongoing firm-wide and individual entity basis
4-8 years of experience in Cybersecurity & Risk Compliance Domain in areas
including and limited to: System Security, Network Security , SOC, Risk &
● Auditing experience in ISO-27001, SOX, NIST, PCI-DSS
● Experience with AWS Security and Compliance.
● Prior experience in the Banking and Financial domain is nice to have.
● Proven experience in Endpoint Security, Network Security, SIEM,SOC
Advanced security tools – SOAR platform, Vulnerability Management, SIEM
● Experience building Threat Modeling practice
● Strong communication skills
Role: Security Researcher
Security and compliance enthusiasts to catalyze product R&D for a breakthrough product in the hyperactive world of SaaS, who are/have:
- driven by a strong desire to seek challenges, observe patterns, analyze impacts, present insights, share experiences, and continually build upon the discovered information, for maintaining the latest knowledge about the state of Internet security
- keenly follow the ever-evolving space of Web enabled supply chains and contribute towards securing interactions in the application layer
- hands-on with leading open source tools and methodologies relevant to threat hunting, PoC development, and remediation management
- strong background in application security, and a high degree of familiarity with resources such as OWASP Top 10 for API / Web / Cloud / Mobile, MITRE, CIS, and similar leading projects from OffSec, SANS, NIST, CSA, et al
- conversant with industry standards, guidelines and best practices regarding pentesting focused on data and interactions concerning modern applications that are powered by DevOps and microservices
- detail oriented and above-average communication skills, with demonstrable experience in understanding of CVEs, CVSS, CWE, report -writing, -submission and -followup
- able to quickly skill up or adapt their techniques to keep step with the rate of innovation for business enablement as well as improvisation in adversary tactics
- familiarity with relevant data-protection requirements prescribed by regulatory bodies / best practices / standards for compliance, information security or privacy, e.g. HIPAA, GDPR, PCI-DSS, ISO27001, etc.
The above, along with one or more listed below, would form a great combination:
- able to share relevant credentials: CVE records, patents, papers, or other work-samples
- conversant with projects such as OpenVAS, OpenCSPM, OpenSCAP, or any other implementations, tools, or use-cases with SCAP constituents, JOVAL or OSCAL
- comfortable working with application and device logs
- ability to translate threat reports or synopses into articles/ blogs, or educational content such as for subject oriented whitepapers, business oriented webinars, developer oriented guidelines, etc.
- familiarity with IaC / SecOps / DevOps concepts & tools
To carry out:
Research and development in the field of SaaS security, specifically the trending sprawl of software services consumed over the Web, covering various domains that are essential for achieving – and maintaining – a robust security posture, including but not limited to:
- hardening, or locking down, a Web-based / SaaS app to protect the data, users, and other assets for an enterprise
- weighing the pros and cons of all the settings that a parameter can be configured to; using the app's admin panel, service API, or ordinary user interface, especially in the context of introduction, withdrawal or otherwise modification of application\service features by the vendors, advisories published by the security community, and other mandates or disruptions affecting the Cloud \ Web-based or SaaS ecosystem
- recommending and documenting –accompanied by proof of concept where relevant to demonstrate or prescribe – the best security setting for a configuration parameter
- researching diligently, through the app's official documentation, developer resources such as APIs, community boards/repositories, and so on, to generate hypotheses, knowledge-bases and evidences supporting the recommended security configuration
- analyzing controls, tools and resources to preempt and manage threats to the security posture in terms of identities, use cases and user entity behaviors
- researching, analyzing and advising best practices to protect the enterprise from data exposure, corruption, or leakage, resulting from its SaaS security posture
- suggesting, reviewing, and updating the recommended configurations, across specific apps, or groups of similar apps, or other logical constructs
- creating, reviewing, analyzing, correlating, mapping, and updating the list of controls from diverse compliance standards, frameworks or best-practices, as they correspond to relaxing, toughening, or altogether omitting one or more configuration settings
We are looking for a candidate with strong experience into Information Security, 3rd Party Supplier assessments, Risk Management, Data Privacy, Audit Management with comprehensive understanding on
Risk Remediation, Security Operations, DLP, Network & Cloud Security, Experience in Independently Managing Information Security Audit would be mandatory.
· Responsible in Leading Internal InfoSec Assessments
· Responsible in Independently Manage 3rd Party Supplier Vendor Risks
· Responsible in driving audit remediations & ensure compliance by
effective risk mitigation plans.
· Liaison & Overseeing external audits like ISO27001, SOC1, SOC2 &
· Responsible & Lead the InfoSec Presales (RFPs, MSAs, Contract Sign-
offs & Sales Calls).
· Responsible in refreshing InfoSec Policy re-structuring & Lead Security
Awareness across the Organization.
· Responsible in addressing Data Privacy & Security Concerns
· Responsible in streamlining the process through Automation
· Responsible in streamlining Risk Register.
· Responsible in Overseeing PoCs whenever there is a need &
· Responsible in Managing Team.
· Strong understanding of Infrastructure Security from an Assessment
· Strong understanding & hands-on experience on Vulnerability
Assessments, Penetration Testing,Application & Network Security.
· Strong understanding and experience on Vendor Information Security
· Strong understanding of ISO 27001, HIPAA, PCI DSS, SOC 1, SOC2 &
Cloud Security Alliance,AWS and Azure infrastructure.
· Strong understanding and hands-on experience in driving assessment
remediation till closures.
· Strong understanding on Information Security, Data Privacy laws, rules
& regulations like GDPR,HIPAA, PCI etc.
· Hands on experience in Independently leading internal assessments &
identifying key information & technology risks.
· Comprehensive knowledge on IT Risk Management Domain.
· Comprehensive knowledge on InfoSec Presales, RFPs, & address client
· Good Communication skills.
· Comprehensive knowledge on Security Operations (Endpoint Security,
Data Leakage Prevention, Endpoint Encryption, SIEM, IDS/IPS,
Firewalls, CASB and CCM etc.
· Comprehensive knowledge on Security Incident Alerts & Management.
· Strong Knowledge on Information Governance & Policy Structuring
· Comprehensive knowledge conducting InfoSec awareness sessions.
· Ready to take ownership on the key deliverables with minimal
handholding and drive independently.
· Ready to Manage Team from day 1 with minimum hand-holding.
As a QA engineer, you’ll be responsible for manual testing to start with and then automating the test cases for our mobile app, web, backend, and defi/blockchain products. Below is a list of skills required to efficiently deliver on responsibilities and requirements for this role:
Must have skills:
- Minimum 2 years of experience as a QA/Test Engineer in a high-growth start-up with manual and automation testing
- Good understanding of DeFi/blockchains
- Experience working in an agile development model
- Experience in Tools like OWASP ZAP, Postman, and JMeter
- Strong understanding of various testing methodologies
- Identify, analyze, troubleshoot and report product defects
- Experience in Mobile, Web and API Testing
- Adept in functional testing and reporting defects
- Familiarity with various tools on QA lifecycle such as bug-tracking and test management tools like JIRA, TestRail, Clickup etc.
- Strong experience in manual testing and follow extremely detail-oriented approach
- Strong experience in formation of test scenarios and writing the test cases
- Ability to take full ownership of features and functionality
- Strong experience in designing and documenting formal test procedures and test plans
- Extremely hands-on with an ability to roll up the sleeves and get work done in a timely manner
- Excellent team player with an ability to guide and mentor the team members
- Excellent analytical and communication skills
Nice to have skills:
- Basic working knowledge of mobile automation testing on Android, iOS using Katalon Studio or Appium
- Knowledge of Databases (MySQL)
- Background in Fintech, Banking, or Blockchain
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Scan Network for Security Vulnerabilities
- Create detailed security report
- Research on Open source security tools & new security topics- Create Security Knowledge base for the team
The candidate should be we well versed with application security concepts, network scanning tools.
• Location:- C.G Road, Ahmedabad
• Working days:- 5 days, 2 Saturday alternate holidays.
• Experience:- Mini. 8yrs
We are looking for a Software Architect to drive technology strategy, create the
technological vision and to ensure the designing and development of software solutions that fulfils the business requirements. You will be a key contributor to architectural decisions for products, drawing on your excellent technical, analytical and business acumen skills while effectively communicating with all levels in the organization to build high scalable and secure solutions.
Articulate architecture & Non functional requirements for the products and service with high precision. Gathering business requirements to analyse, identify, design and innovate solutions.
• Device strategy to implement NFRs
• Validate the design, development to confirm against the architecture and NFR
• Technical owner of the IT Projects
• Design and develop best practises in software development and architecture together with the team.
• Determining overall architectural principles, frameworks and standards.
• To provide hands-on development wherever appropriate specially on architecture transformation projects.
• Involve in unit testing, code reviews and bug fixing.
• Driving research, case studies on how latest technologies could be leveraged for software architecture and capabilities such as scalability, fault tolerance, extensibility, maintainability, etc.
• Documenting designs, estimates and implementation plans to iAND stakeholders.
• Academics exposureExperience in architecting and designing technical solutions especially in area of mobile and cloud. for SaaS capabilities.
• Ability in scaling products and to tackle large traffic and amounts of data.
• Academics expertise in coding, programming and software design patterns.
• Passionate about technology and constantly growing your technical expertise.
Great to Have:-
• Experience in insurance domain
Security Consultant (Penetration Tester) - Associate/Mid/Senior
Headquartered in Minneapolis, MN—NetSPI provides a variety of server, network, and application penetration testing services. Our Penetration Testers (Security Consultants) have the opportunity to apply their creativity, business knowledge, and technical skills on a daily basis using new and innovative tools/techniques in a collaborative environment. If you are passionate about Pentesting - WE WANT TO MEET YOU!
A day in the life of a NetSPI Senior Security Consultant:
- Perform web, mobile, and thick application penetration tests
- Perform external, internal, and wireless network penetration tests
- Create and deliver penetration test reports to clients
- Collaborate with clients to create remediation strategies that will help improve their security posture
- Research and develop innovative techniques, tools, and methodologies for penetration testing services
- Participate in the ongoing development/enhancement of NetSPI services and processes, in addition to thought leadership (via blogs, presentations, white papers, webinars, podcast, vlogs and tweets)
- Provide pre-sales support by assisting with scoping prospective engagements
- Act as a resource for internal team members as it relates to in-depth technical questions or best practices
- Other duties as assigned
- Bachelor’s degree or higher, preferred with a concentration in Computer Science, Engineering, Math, or IT
- 0-9 years of experience in penetration testing, including network, web or mobile application testing
- Experience with offensive toolkits used for network and application penetration testing
- Strong communication skills, both verbal and written
- Knowledge of Linux and/or Windows administration
- Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C#
- GXPN, GPEN, OSCP, CISSP, GWA
- PT or similar certifications
Role & Responsibilities:
- Plan and execute Security Assessment Strategy
- Proactively implement security measures
- Implement tools to Monitor and Report Security violations
- Govern security specification guidelines adherence across product and organization
Skills & Qualification:
- IIT, BE or B Tech
- 4+ years of relevant work experience
- Expert in Application Information Security, VAPT
- Proficient using tools like BURP, NMAP, KALI etc.
- Good understanding of web technologies, APIs and mobile app development practices
- CEH certification preferred
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.