About us
Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.
Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.
We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.
Experience Required:
- Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
- 3+ years of experience in VA/PT
Job Responsibilities:
- VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
- Developing & testing rule sets for our pentest suite
- Preparing pentest reports through Astra’s pentest suite
- Interacting with clients over remediation calls
- Explaining steps to fix to clients
- Maintaining our vulnerability management system
Key Skills Required:
- Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
- Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
- Knowledge of LAMP stack & PHP would be great to have
We Offer:
- Embrace the cosy remote work lifestyle.
- Feel the startup adrenaline pumping through your veins.
- Revel in our open, growth-centric ambiance; it's like a digital playground.
- Dive deep into the captivating world of cybersecurity.
- And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.
About Astra Security
Astra is on a mission to make world a more secure place. As cyber security becomes need of the hour, Astra is making security more accessible to internet businesses.
Backed by Techstars, Astra has been awarded by President of France and PM of India at the Global Conference of Cyber Security for its innovation.
Your work will directly be stopping millions of cyber attacks on thousands of our customers. You will be working on our security suite, Astra, to build and maintain security software which runs on 1000's of client websites.
More details right here: https://www.getastra.com/team-and-culture
Similar jobs
As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.
- Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
- Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
- Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
- Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
- Communicating findings and recommendations to management and other stakeholders.
- Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
- To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.
1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review
2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
3. False Positive removal and manual application testing
4. Working exp of Python, Java, .Net etc
5. Experience of using MF Fortify is a must
6. Proactively identify vulnerabilities and recommend fixes
7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time
8. Experience in using security tools to carry out manual as well as automated security assessments
9. Experience working with common product flows like payment gateway integration, authentication etc.
10. Client handling exp
11. Should be able to address client queries, work on proposals etc
12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams
About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.
Roles & Responsibilities:
- Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
- Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
- Managing penetration tests and security reviews for core applications and APIs.
- Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
- Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
- Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
- Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
- Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
- Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
- Investigate privacy breaches.
- Educate employees on data privacy & security.
- Prioritize security requirements based on their severity of impact and product roadmap.
- Maintain a balance of security and business values across the organisation.
Required Skills:
- Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
- Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.
- Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.
- Experience in Log Management, Security Event Correlation, SIEM.
- Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.
Good to Have Skills:
- Online Fraud Prevention.
- Bug Bounty experience.
- Security Operations Center (SOC) management.
- Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
- Experience / Knowledge on tools like Fortify and Nessus.
- Experience in handling logging tools on docker container images (ex. Fluentd).
JOB DESCRIPTION
(NOTE- we are looking for those candidates who join immediately or notice period of within 15-20days)
• Job Scope
o Conduct penetration testing on internal website/system owned by EC-Council
o Produce a report and presentation to the system owner explaining the security
structure and the vulnerabilities of the system
o Conduct scoping for any new projects
o Research and recommend fixes for issues/vulnerabilities identified during the
penetration testing
o Create and update security test plan regularly according to the nature of the website
assigned
o Conduct research on new vulnerabilities and threats regularly to improve oneself
capabilities
• Minimum Requirements
o At least 3 year experience in conducting any three of the following
▪ Network Penetration Testing
▪ Mobile Application Penetration Testing
▪ Web Application Penetration Testing
▪ Source Code Review
▪ Writing, extending and modifying exploits, shellcode
▪ Reverse engineering malware, data obfuscation and ciphers
o Bachelor’s degree in IT security related field or equivalent
o Any (2) of the following certification ; OSCP, OSCE, OSEP, OSWE, CRT, LPT or
equivalent
o Proficiency in at least 1 programming language such as PHP, ruby, Python, Perl
o Strong understanding of encryption (SSL/TLS, PKI) and other authentication methods
o Good experience with tools used for penetration testing such as Metasploit,
BurpSuite, w3af, Kali Linux, SQLMap, Skipfish
o Excellent written and verbal communication skills, especially when dealing with
large reports and datasets with a high standard of documentation
o Mastery in linux/unix operating system and bash/Powershell
Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting