11+ Exploratory testing Jobs in India
Apply to 11+ Exploratory testing Jobs on CutShort.io. Find your next job, effortlessly. Browse Exploratory testing Jobs and apply today!
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
About us
Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.
Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.
We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.
Experience Required:
- Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
- 3+ years of experience in VA/PT
Job Responsibilities:
- VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
- Developing & testing rule sets for our pentest suite
- Preparing pentest reports through Astra’s pentest suite
- Interacting with clients over remediation calls
- Explaining steps to fix to clients
- Maintaining our vulnerability management system
Key Skills Required:
- Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
- Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
- Knowledge of LAMP stack & PHP would be great to have
We Offer:
- Embrace the cosy remote work lifestyle.
- Feel the startup adrenaline pumping through your veins.
- Revel in our open, growth-centric ambiance; it's like a digital playground.
- Dive deep into the captivating world of cybersecurity.
- And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.
As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.
- Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
- Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
- Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
- Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
- Communicating findings and recommendations to management and other stakeholders.
- Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
- To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.
Security (AM/Executive)
• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review
2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
3. False Positive removal and manual application testing
4. Working exp of Python, Java, .Net etc
5. Experience of using MF Fortify is a must
6. Proactively identify vulnerabilities and recommend fixes
7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time
8. Experience in using security tools to carry out manual as well as automated security assessments
9. Experience working with common product flows like payment gateway integration, authentication etc.
10. Client handling exp
11. Should be able to address client queries, work on proposals etc
12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams
Primary Skills |
Experience on network vulnerability scanning penetration testing |
Experience with Nessus NetCat, NMAP Backtrack, Metasploit,Wireshark , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone) |
Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) |
In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database |
Thorough and practical knowledge of OWASP |
Hands on experience with popular application security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux |
Working knowledge of manual testing of web applications |
Good knowledge of modifying and compiling exploit code |
Good understanding and knowledge of codes languages |
Has practical experience in auditing various OS , DB , Network and Security technologies |
Microsoft office – Word, Excel, PowerPoint |
Job Description
Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)
Responsibilities:
Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.
Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.
Minimum Requirements:
10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)
Hands-on experience with writing threat hunting hypothesis & active threat hunting
Experience with YARA rule and OpenIOC signature creation.
Experience with multi-tiered mission-critical systems.
Experience in opensource sandbox and honeypots.
Preferred Certification
GIAC Cyber Threat Intelligence (GCTI)
C| TIA (Certified Threat Intelligence Analyst)
CCTIA by the NICCS
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
Operations and Technical Advice
Monitoring applications over WAF for Security incidents (24*7 Service Window)
WAF Implementation, and Day-to-Day Task ,Application Integration, Testing ,Learning ,Blocking , Migrations.
Application Security Understanding,Creating, modifying, or implementing policies or rules.
Add, remove, and modify, update security policy parameters and attack signatures policies as per Airtel Africa business requirement and standard practices
Understanding of Network Protocol
Hand-on Packet Capture /Analyser
Perform WAF signature & hotfix updates.
Quarterly review the created Policy/Rule with Client
Respond to Ticket management tool requests for WAF Incidents, Changes, and Services.
Coordinate with OEMs for product related issues and bugs
Integrate SIEM & monitoring tool with WAF virtual appliances
Upgrading the Radware OS version from N to N-1 shall be considered based on the criticality of discovered vulnerabilities during the VA scan.
Assist the Client team in mitigating vulnerabilities or observations reported during security audits, VA&PT, and regulatory technology audits (internal, external, and concurrent) for and in WAF
Analyse security breaches, make required changes/additions, and report RCA for any WAF security incident
Support Window 24X7 ,
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts
Requirements:
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.