Cybersecurity - OSCP

A BIT ABOUT US

Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 40+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

• Skills - Application Penetration Testing, experience with IoT testing, source code audits.
• Technology Stack: Python
• Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues, research on new technologies/vulnerabilities

Minimum Requirements

• Should have at least 2 years of experience in security or show something that proves experience doesn’t matter
• Must be comfortable with tools like burp suite, 
• Strong Analytical Skills
• Strong grasp of fundamentals of information security
• Strong Grasp of Web and API Pen-Testing
• Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
• Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.

Responsibilities

• Security assessment of web applications.
• Develop and interpret security standards and guides
• Automation of security test cases
• Understand and explain the results with impact on business and compliance status
• Continuously learning and training on the latest tools and techniques

 Work Expectations

Within 1 month

Training on processes, security workflow

Within 3 months

Pentesting Web, Mobile and API endpoints

Within 6 months

Research and publish whitepapers, contribute to the Appknox Web Scanner

Personality traits we admire:-

• A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
• Great attitude to ask questions, learn and suggest process improvements.
• Has attention to detail and helps identify edge cases.
• Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
• Follow timelines and have an absolute commitment to deadlines.
•  

Interview Process - would be team specific

• Round 1 - Profile Evaluation
• Round 2 - Appknox CTF Challenge
• Round 3 -Technical Interview with security team members
• Round 4 - Technical Interview with the CTO and Team Lead
• Round 5 - HR Round

Compensation

•  As per Industry Standards

Why Join Us:-

• Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
• Great Salary & Equity: We keep up with the market standards & provide pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also provide equity options for our top performers.
• Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
• Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will allow you to experience it all first-hand.

A BIT ABOUT US

Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 30+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

• Anyone pursuing their graduation or post-graduation related to IT security 
• Skills - Application Penetration Testing, 
• Knowledge or experience of IoT testing, and source code audits are plus points
• Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues

Minimum Requirements

• Must be comfortable with tools like burp suite, nmap, sqlmap, r2 etc
• Strong Analytical Skills
• Strong grasp of fundamentals of information security
• Strong Grasp of Web, API and mobile Pen-Testing
• Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
• Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.
• Basic understanding of cloud platforms like AWS or GCP. Security knowledge in this domain is a plus.

Responsibilities

• Security assessment of web and mobile applications.
• Understand and explain the results with impact on business and compliance status
• Continuously learning and training on latest tools and techniques

Personality traits we really admire

• A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
• Great attitude to ask questions, learn and suggest process improvements.
• Has attention to details and helps identify edge cases.
• Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
• Follow timelines and absolute commitment to deadlines.

Interview Process 

• Round 1 CTF Round - Profile and skill Evaluation
• Round 2 - Technical Interview with security team member
• Round 3 - Technical Interview with the Team Lead
• Round 4 - HR Round

 Why Join Us

• Great Stipend& PPO: We keep up with the market standards & provide stipend/pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also PPO for our top interns.
• Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
• Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
• Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand.

As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.

• Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
• Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
• Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
• Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
• Communicating findings and recommendations to management and other stakeholders.
• Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
• To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.

• OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
• OWASP TOP 10 vulnerabilities and their mitigations
• Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
• Understand/modify exploit code and find logical security flaws in applications
• Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
• To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

• Extensive experience in designing & supporting Azure Managed Services Operations.  
• Maintaining the Azure Active Directory and Azure AD authentication. 
• Azure update management – Handling updates/Patching. 
• Good understanding of Azure services (Azure App Service, Azure SQL,  Azure Storage Account..etc). 
• Understanding of load balancers, DNS, virtual networks, NSG and firewalls in cloud environment. 
• ARM templates writing, setup automation for resources provisioning. 
• Knowledge on Azure automation and Automation Desire State Configuration. 
• Good understanding of High Availability and Auto scaling. 
• Azure Backups and ASR (Azure Site Recovery) 
• Azure Monitoring and Configuration monitoring (performance metrics, OMS) 
• Cloud Migration Experience(On premise to Cloud). 
• PowerShell scripting for custom tasks automation. 
• Strong experience in configuring, maintaining, and troubleshooting Microsoft based production systems. 
  
  Certification: 
  
  Azure Administrator (AZ-103) & Azure Architect (AZ-300 & AZ-301) 

• Document technical and functional specifications
• Perform unit testing of objects/ solutions created
• Perform configuration, integration, and personalizations in Oracle HCM EBS/Cloud
• Work in a functional and technical capacity and analyze business requirements, design, develop and deploy solutions
• Excellent troubleshooting, analytical and problem-solving skills
• Explore & investigate the client's pain areas, extend the scope, and keep the client satisfied

• Minimum a Bachelor’s degree.
• 3 to 10 years of experience as an Oracle HCM Techno-Functional Consultant
• 30% Functional and 70% Technical
• Strong experience in core HR, Payroll, Fast Formula, OTL and SSHR
• Should have expertise in Oracle HCM Cloud advanced tools such as HCM Extracts, HDL, PBL, BI Publisher, OTBI, Application Security, Page Composer, Page Configurator, REST APIs, SOAP, Webservices
• Able to provide strong leadership to develop best practices for effective Techno functional support for the enterprise business process area
• Good communication skills
• In-depth knowledge of the business process and capability to understand business requirements.

DevOps Consultant!! MERN Stack Project Manager – Systems (Enterprise or Solutions) Architect needed!

Hello superstar,

I appreciate you taking time to read this. I have posted a job for developers to work on a start-up, the link is ......

I would need someone with DevOps experience, to ensure that the project is undertaken with the highest standards possible. I have had many experiences where ‘completed’ software after years of development was filled with bugs and it would be more cost-effective to start from scratch than to attempt to find and correct all the bugs.

I have attempted to learn as much as possible, but I now have an opportunity and it would better serve the venture to have someone handle the management of the project to ensure that;

• We choose the most appropriate technology
• We choose competent developers in those technologies
• The architecture and data modeling are clearly defined in a ‘blueprint’ plan
• A DevOps environment and processes are set up and the developers understand what is required
• Proper tests are carried out to ensure everything works as intended
• There are processes for testers to follow and competent testers are selected to follow them
• Accessibility, localization, and internationalization are planned ahead of time
• Security, scalability, and other future probabilities that I may not even be aware of are considered and planned ahead of time
• Documentation and code reviews, refactoring and other quality assurance processes are undertaken
• Working software is produced and systems that enable new developers or teams of people to easily take over and/or contribute new modules or updates in a controlled and organized fashion
• Cost estimates or budgets/projections or use of SaaS, hosting and other 3rd party services and applications

I am more concerned with a professional and world-class organizational system than with any particular type of software been produced as the strong foundation will enable anything to be creating with efficacy and precision.

Again, thank you for reading this, please reply with the word “superstar” anywhere in the second line of your response.  I look forward to hearing from you.

Warm wishes DevOps Evangelist,