A BIT ABOUT US
Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS start-up headquartered in Singapore & working from Bengaluru.
The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.
Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.
We are a 30+ incredibly passionate team working to make an impact and helping some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited and let’s speak further.
The Opportunity
To join the security team engaging with multiple clients, helping them with end to end security audits, also research about new topics and vulnerabilities to be added to the scanner, present it in conferences.
What An Ideal Candidate Would Look Like:
- Skills - Application Penetration Testing (Web, iOS and Android), experience with IoT testing, source code audits.
- Technology Stack: AWS, GCP, Objective C, Java, Python
- Responsibilities: Engage with clients for scoping call, perform security audits, remediation call with clients to patch the issues, research on new technologies/vulnerabilities
Minimum Requirements
- Should have at least 2 years experience in security or show something that proves experience doesn’t matter
- Strong Analytical Skills
- Strong grasp of fundamentals of information security
- Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
- Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
- Provide appropriate remediation and mitigations of the identified vulnerabilities.
Responsibilities
- Security assessment of web/mobile/cloud application on various platforms
- Focusing on Mobile Application Security
- Static and Dynamic Code Analysis
- Develop and interpret security standards and guides
- Automation of security test cases
- Understand and explain the results with impact on business and compliance status
- Continuously learning and training on latest tools and technique
Work Expectations |
|
Within 1 month |
Training on processes, security workflow |
Within 3 months |
Pentesting web, mobile, API endpoints |
Within 6 months |
Research and publish whitepapers, contribute to the Appknox Scanner |
Personality traits we really admire:-
- A confident and dynamic working persona, which can bring fun to the team, and a sense of humour, is an added advantage.
- Great attitude to ask questions, learn and suggest process improvements.
- Has attention to details and helps identify edge cases.
- Highly motivated and coming up with fresh ideas and perspective to help us move towards our goals faster.
- Follow timelines and absolute commitment to deadlines.
Interview Process -
- Round 1 Interview - Profile Evaluation; HR
- Round 2 - Testing Assignment
- Round 3 - Technical Interview with security team members
- Round 4 - Technical Interview with the CTO and Team Lead
- Round 5 - HR Round
Compensation
- As per industry standards
Why Join Us:-
- Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
- Great Salary & Equity: We keep up with the market standards & provide pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also provide equity options for our top performers.
- Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
- Transparency: Being a part of a start-up is an amazing experience one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand.
- Health insurance: We offer health insurance coverage upto 5 Lacs for you and your family including parents.
About Appknox
Appknox, a leading mobile app security solution HQ'D in Singapore & Bangalore was founded by Harshit Agarwal and Subho Halder.
Since its inception, Appknox has become one of the go-to security solutions with the most powerful plug-and-play security platform, enabling security researchers, developers, and enterprises to build safe and secure mobile ecosystems using a system-plus human approach.
Appknox offers VA+PT solutions ( Vulnerability Assessment + Penetration Testing ) that provide end-to-end mobile application security and testing strategies to Fortune 500, SMB and Large Enterprises Globally helping businesses and mobile developers make their mobile apps more secure, thus not only enhancing protection for their customers but also for their own brand.
During the course of 8 years, Appknox has scaled up to work with some major brands in India, South-East Asia, Middle-East, Japan, and the US and have also successfully enabled some of the top government agencies with its On-Premise deployments & compliance testing. Appknox helps 500+ Enterprises which includes 20+ Fortune 1000 and with ministries/regulators across 10+ countries and some of the top banks across 20+ countries.
A champion of Value SaaS, with its customer and security-first approach Appknox has won many awards and recognitions from G2, Gartner and is one of the top mobile app security vendors in its 2021 Application security Hype Cycle report.
Our forward-leaning, pioneering spirit is backed by SeedPlus, JFDI Asia, Microsoft Ventures, and Cisco Launchpad and a legacy of expertise that began at the dawn of 2014.
Similar jobs
We are looking for Cyber Security Specialists who are strong in any Cloud providers like GCP, AWS & Azure.
Strong awareness of security considerations and security tools used to integrate with the build pipelines etc.,
Networking (VPC / VPCSC / VPN) fundamentals
Partner with InfoSec and Security teams to deliver on key information security and IT risk related initiatives.
A wide knowledge of technology and platforms with an understanding of good development practices, SecDevOps and Cloud.
Design and configure perimeter security
Define, configure, and automate firewall configurations and procedures
Verify and validate implementation of firewall configurations and security scripts
This is for a UK client and we need your availability from 2 PM to 8 PM IST weekdays,
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
Sr. Penetration Tester
at Beauto Systems Private Limited
Key Responsibility Areas:
Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners
Required Skills:
2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.
Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Qualification: Masters/Bachelor’s Degree
Information Security Specialist
Information Security Specialist
Notice Period: 45 days / Immediate Joining
Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA.
We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.
It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges.
Key Qualifications
· Design, deploy, and support Information Security Solutions provided by BDS
· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms
· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.
· Research and strategic analysis of existing, and evolving all IT and data security technologies
· Establish baselines to define required security controls for all infrastructure components and application stack
· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.
· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts
· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up
· Must be able to work a flexible schedule during off-hours
Key Skills & Qualification
· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance
· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)
· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk
· Exposure of the security audit tools on public cloud platforms
· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture
· Certified Ethical Hacker would be a plus
· Handling of Security audits is a must
· Proven interpersonal skills while contributing to team effort by accomplishing related results
· Passion for learning new technologies and the ability to do so quickly.
http://www.banyandata.com" target="_blank">www.banyandata.com
Position: IT Auditor
Experience: 4-12 Years
Location: Pune
Key Skills Required:
CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker
Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,
IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
• Evaluate IT systems, processes and projects in place;
• Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
• Ensure information management processes are in compliance with IT-specific laws, policies and standards;
• Determine inefficiencies in IT systems, IT projects and associated management processes and
• Consult in IT projects, new initiatives and organizational frameworks.
Description
Audit Planning
1) Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2) Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3) Participate in the preparation of work program
Audit Process
1) Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2) Request and collect relevant audit data for analysis from respective business areas.
3) Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4) Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5) Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6) Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7) Prepare the draft audit report and submit the same to the IT Audit Manager and the Head of IT Audit India Hub for review.
8) Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9) Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10) Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11) Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12) Relevant knowledge is shared among the team members.
13) Consult in IT projects, new initiatives and organizational frameworks.
14) Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15) Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16) Evaluate IT systems, processes and projects in place.
17) Determine inefficiencies in IT systems, IT projects and associated management processes.
Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
Security Engineer (SDE 1/2/3)
at Urbancompany (formerly known as Urbanclap)
The local and home services industry is very fragmented and unorganized. Prior to Urban Company, hiring a plumber, beautician, yoga trainer, math tutor etc. was a painful process. There were no standards, no concept of trust, pricing inefficiencies etc. In a nutshell, the industry was shackled in the “yellow pages” era, and had seen no fundamental innovation for far too long.
The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.
Why are we building Urbancomapny?
Organized service commerce is a large yet young industry in India. While India is a very large market for a home and local services (~USD 50 Billion in retail spends) and expected to double in the next 5 years, there is no billion-dollar company in this segment today.
The industry is bare ~20 years old, with a sub-optimal market architecture typical of an unorganized market - fragmented supply side operated by middlemen. As a result, experiences are broken for both customers and service professionals, each largely relying upon word of mouth to discover the other. The industry can easily be 1.5-2x larger than it is today if the frictions in user and professional's journeys are removed - and the experiences made more meaningful and joyful.
The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.
Job Description :
Urbancompany has grown 3x YOY and so as our tech stack. We have evolved in data-driven approach solving for products over the last few years. We deal with around 10TB in data analytics with around 50Mn/day. We adopted platform thinking pretty at the very early stage of UC. We started building central platform teams who are dedicated solve for core engineering problems around a 2-3 years ago and now it has evolved to a full-fledged vertical. Out platform vertical majorly includes Data Engineering, Service and Core Platform, Infrastructure and Security. We are looking for Security Engineers to build security vertical from scratch. Person who loves hacking, standardisation, have strong knowledge and hands-on experience around building security platform and dictating strong security practices will be an ideal fit here.
Job Responsibilities
- Working on complex design and architectural problems.
- Solving security vulnerabilities and building highly insightful security platform
- Experience in conducting VAPT and handle data security
- Visioning out the roadmap and thought process behind taking current security loopholes and plan to take it to next level
- Building and maintaining the high NPS of 70% of Urbancomapny security
- Strong decision-maker with hands-on experience around coding
- Think about abstractions, systems, and services and write high-quality code.
- Think through complex architecture to build robust platforms to solve for security loopholes, automation and protection
Job Requirements
- A thinker with strong opinions and ability to get those opinions into reality
- Prior experience of creating complex systems in the past.
- Ability to build scalable, sustainable, reliable, and secure products based on past experience.
- Ability to bring new practices, architectural choices, and new initiatives onto the table to make the overall tech stack more robust.
- History and familiarity with server-side architecture based on APIs, databases, infrastructure, and systems.
- Ability to own the technical road map for systems/components.
What can you expect?
- A phenomenal work environment, with massive ownership and growth opportunities.
- A high performance, high velocity environment at the cutting edge of growth.
- Strong ownership expectation and freedom to fail.
- Quick iterations and deployments – fail-fast attitude.
- Opportunity to work on cutting edge technologies.
- Massive, and direct impact of the work you do on lives of people.
- Having the skin in the game with lucrative ESOPs
Requirements:
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.