14+ OWASP Jobs in India
Apply to 14+ OWASP Jobs on CutShort.io. Find your next job, effortlessly. Browse OWASP Jobs and apply today!
at Foxit eSign Genie
Application Security Engineer
About us:
Foxit is remaking the way the world interacts with documents through advanced PDF and digital signature technology. We are a leading global software provider of fast, affordable, and secure PDF and digital signature solutions that are used by millions of people worldwide. Winner of numerous awards, Foxit has customers in more than 200 countries and global operations. We have a complete product line and an exciting and aggressive development schedule. Our proven PDF and digital signature technology is disrupting the status quo establishment and has accelerated our company growth. We are proud to list as customers Google, Amazon, and NASDAQ, and with your skills and help, we plan to add many more. Foxit has offices all over the world, including locations in the US, Asia, Europe, and Australia.
For more information, please visit https://www.foxit.com/
You would be working for the product Foxit eSign, India office which is registered with the name of eSign Genie Software Private Limited.
Job Brief
- Review Software applications for potential security vulnerabilities by conducting application security reviews i.e., Requirements review, Design review, Code Review.
- Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, SQL injection, session hijacking, and authorization bypass vulnerabilities.
- In-depth research on Web security, familiar with the origin of various Web security problems and solution, having a tracking of Security threats of network.
- Expertise in testing web application vulnerabilities and Network related vulnerabilities.
- Practical understanding and use of commercial application security tools
- Knowledge of the Vulnerability Fixations.
- Hands on development using Java / J2EE
- Solid understanding and experience with establishing application security policies across an organization.
- Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.
- Strong self-starter who can operate independently.
What we offer you
- The chance to contribute to the creation of a sophisticated and appealing product, built from scratch with a fresh, global team!
- A fast, flexible, and rewarding incubator-like environment but with the solidity and seriousness of large and stable company in the background
- Be part of the exquisite team that will shell out the next big Foxit product all eyes on us!
- A Pluralsight subscription
- Competitive remuneration package
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
at Celebal Technologies Pvt Ltd
Must-Have:
• Web development frameworks and tools, such as AngularJS, and React JS • Knows frameworks and programming languages such as .NET, C#, JavaScript, and NodeJS. • Must have an idea about hybrid cloud platforms like Azure or AWS • Knowledge about build Tools like Webpack and Grunt • Should know basic design principles and coding practices, such as linters and types • Secure coding practices and protocols such as the Open Web Application Security Project (OWASP) • Basic knowledge of CMS tools and their workings, CMS like Sitecore • Having experience in API and service-based architectures using REST APIs, microservices, and utilizing JSON for web or mobile applications
Good to Have:
• Testing frameworks and tools like Jest, Codecept, Tosca, Jenkins • SQL, PL/SQL, and NoSQL database management. • Knowledge of various web tools and software like Miro, Figma, Visual Studio, VS Code, PyCharm, Jira, Confluence, and DevOps portals • Could have knowledge of payment gateways and their implementations on e-commerce management tools like Hybris • Having knowledge of product life cycle management
As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.
- Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
- Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
- Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
- Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
- Communicating findings and recommendations to management and other stakeholders.
- Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
- To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.
Primary Skills |
Experience on network vulnerability scanning penetration testing |
Experience with Nessus NetCat, NMAP Backtrack, Metasploit,Wireshark , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone) |
Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) |
In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database |
Thorough and practical knowledge of OWASP |
Hands on experience with popular application security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux |
Working knowledge of manual testing of web applications |
Good knowledge of modifying and compiling exploit code |
Good understanding and knowledge of codes languages |
Has practical experience in auditing various OS , DB , Network and Security technologies |
Microsoft office – Word, Excel, PowerPoint |
Global IT risk management company
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
- OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
- OWASP TOP 10 vulnerabilities and their mitigations
- Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
- Understand/modify exploit code and find logical security flaws in applications
- Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
- To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.
at SynRadar
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Scan Network for Security Vulnerabilities
- Create detailed security report
- Research on Open source security tools & new security topics
- Create Security Knowledge base for the teamThe candidate should be we well versed with application security concepts, network scanning tools.
An American digital consulting company
Your Impact:
• Implements Digital Consumer experiences based on a foundation of SFCC (Salesforce commerce cloud) to meet expected quality standards
• Ensures functional requirements and high-level solution designs are understood and are translated into detailed technical design
• Implement proofs of concept to prove any new technologies, application flows or integration scenarios and identify customizations needed to SFCC platform for meeting client requirements
• Guides the performance tuning and scalability of the ecommerce solution
• Diagnose and solve technical problems during implementation and support phases
Your Skills & Experience:
• 4-8 Years with 2+ years of implementing commerce application on any eCommerce platform in last 3 years
• If you have not worked in eCommerce platform, we can still discuss with you if you are expert in Java/.Net and understand REST/SOAP webservices.
• Demonstrate proficiency in build and release management using CI/CD strategies (leveraging tools like Jenkins and DevOps practices), implement Mocha/Chai unit and functional test cases in order to reduce costs while ensuring quality
• Contributes to designing, implementing and documenting the build release process as well as system configuration and deployment characteristics of the applications
• Participates in technical walkthroughs/ code reviews of other team members’ components, test plans and results and help them with gaps
• Collaborate with architect to define implementation processes and quality gates and standards
• Identifies risks and issues, and help monitor them
• Guides the development of reference and resource materials
• Mentors developers in improving their platform knowledge and development skills
• Communicate technical design to the developers and help/guide them in the implementation
• Participates in Agile sprints
Set Yourself Apart With:
• eCommerce platform certification
• Security considerations – OWASP, CSRF, reCAPTCHA etc. – Basic knowledge or experience
• Git Development workflow – Proficient
• Visual Studio Code IDE or Eclipse IDE - Proficient
• Knowledge on Agile methodology and desired tools like Jira, confluence etc.
• Scripting/development experience with Node.js, Mocha/Chai
• Experience working in any Salesforce cloud environment like SFMC, SFSC etc.
• Excellent written, verbal communication and articulation skills & Good team player
• Self-starter and self-learner with keen interest to grow
• Process orientation and the ability to define and setup processes
• Ability to provide necessary coaching to bring team members up to speed on the technology
• Ability to prioritize and manage multiple tasks
• Excellent and innovative approach to problem solving and finding solutions
• Flexible and proactive/self-motivated working style with excellent personal ownership of problem resolution
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Perform Mobile Application Security Testing
- Scan Network for Security Vulnerabilities
- Co-ordinate with the clients for Project related queries
- Undertake meeting with the client teams for discussing security issues and recommendations
- Create detailed security reports
- Keep track of project progress & send regular updates
- Research on Open source security tools & new security topics
- Create Security Knowledge base for the teamThe candidate should be we well versed with application security concepts, including the mitigation techniques:
- Web Application Security – OWASP Top 10
- Mobile Application Security – Mobile OWASP Top 10
- Threat Modelling
- Risk Rating Frameworks
- Web Traffic Interception (For Web/Mobile apps)
- SSL
- Network Concepts
- Web Development Basics - HTTP/HTML/JavaScript
- Basic Mobile Application Concepts (either Android or IOS)
Rajasthan Studio is looking for young and bright minds for its upcoming innovative, never-experienced-before app platform for virtual art experiences.
We are looking for programmers with problem-solving skills and critical thinking abilities for the position of Back End developer. Back End developers are responsible for creating a bridge between customers and business logic, optimizing applications for maximum efficiency, creating dashboards for internal teams, and maintaining brand consistency across the application, among other duties.
Backend Web Developers are responsible for managing the interchange of data between the server and the users. The role's primary focus will be the development of all server-side logic, definition, and maintenance of the central database, and ensuring high performance and responsiveness to requests from the front-end. A basic understanding of front-end technologies is necessary as well.
Responsibilities -
- Creating RESTful API/GraphQL to be consumed by Flutter developers
- Building reusable code and libraries for future use
- Optimization of the application for maximum speed and scalability
- Implementation of security and data protection
- Design and implementation of data storage solutions
- Participate in the entire application lifecycle, focusing on coding and debugging
- Write clean code to develop functional web applications
- Troubleshoot and debug applications
- Provide training and support to internal teams
Skill & Qualifications -
- Basic understanding of front-end technologies and platforms, such as JavaScript, HTML5, and CSS3
- Understanding accessibility and security compliances
- User authentication and authorization between multiple systems, servers, and environments
- Integration of multiple data sources and databases into one system
- Management of hosting environment, including database administration and scaling an application to support load changes
- Data migration, transformation, and scripting
- Setup and administration of backups
- Outputting data in different formats
- Understanding differences between multiple delivery platforms such as mobile vs desktop, and optimizing output to match the specific platform
- Creating database schemas that represent and support business processes
- Implementing automated testing platforms and unit tests
- Proficient understanding of code versioning tools, such as Git
- Proficient understanding of OWASP security principles
- Understanding of “session management” in a distributed server environment
- Knowledge of Yii framework - version 2 (preferred)
- Strong object oriented concepts. Experience in structure object oriented modelling with preferred expertise in using tools like Enterprise Architect or similar. Experience in working with TOGAF standards is preferred.
- Experience in architecting the technical scale and scope of high volume, scalable enterprise software solutions including logical and physical landscape requirements with specific attention to design, development, and deployment strategies
- Capability to adapt, learn and work with multiple technology platforms.
- Knowledge in Application Security including Information security principles & realization, OWASP & PCI DSS Compliance ( Security Design & Technology Skills )
- In depth knowledge and experience in large scale database management, data modelling and database design in RDBMS and NoSQL.
- Experience in recommending and implementing DevOps tools for enterprise projects.
- Capability to evaluate tools, technologies and processes, including assessing their strategic benefit in the solution.
- Willingness to work hands-on with engineers to review, troubleshoot coding problems quickly and efficiently.
- Expertise in following technologies – ASP.Net MVC, Web API, ASP.Net Core, Entity Framework, Entity Framework Core, ASP.Net Identity, REST
- Experience in implementing various application deployment models and monitoring the server infrastructure using industry standard tools.
- Experience in docker based deployment models.
- Experience in architecting, developing and deploying cloud based (One or more among AWS, Azure, Google Cloud) enterprise solutions.
- Experience in designing and developing micro-services based applications.
- Experience in designing and developing solutions with TDD (Test Driven Development)
Requirements:
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.