7+ Penetration testing Jobs in Bangalore (Bengaluru) | Penetration testing Job openings in Bangalore (Bengaluru)
Apply to 7+ Penetration testing Jobs in Bangalore (Bengaluru) on CutShort.io. Explore the latest Penetration testing Job opportunities across top companies like Google, Amazon & Adobe.
Marrow is a learning platform for doctors, medical students, and other healthcare practitioners with topic-wise learning modules, tests and performance analytics, and high-quality recorded medical video classes. Marrow is currently used by over 5 lakh medical students in India to prepare for the country’s largest medical competitive exam - NEET PG.
USP of Marrow
1) Loved by more than 70% of aspiring doctors in India.
2) NEET-PG 2020, 2021, 2022,2023 - Top 10 Rankers were the Marrow users.
DailyRounds is a healthcare startup focused on organizing “Knowledge of practice of Medicine” and building a community of Doctors (and healthcare professionals). We hold the largest IP (intellectual property) in clinical medicine in India. We hope to put this IP, network, and our best efforts to help Doctors improve how they diagnose and treat. We are a diverse team of 300 people based in Bangalore.
We are product-driven. We believe businesses should scale and be profitable. We avoid fads and focus on what makes business sense, what can scale, and what can make a positive impact (in that order).
In April 2019 M3 India, the Indian subsidiary of Japanese Healthtech company M3 (one of the largest healthcare networks globally, listed on the Tokyo Stock Exchange), picked up a majority stake in DailyRounds to foray into case-based problem-solving, community platform, and
medical test preparation business in India.
We seek a highly skilled and experienced Mobile Application Security Engineer to join our dynamic security team. The ideal candidate will possess a deep understanding of mobile security for both Android and iOS platforms, with hands-on experience in identifying and mitigating security vulnerabilities. This role involves ensuring the security of mobile applications through rigorous testing, threat modeling, and implementation of security best practices.
What are we looking for
- 2-5 years of experience in mobile application security for Android and iOS platforms.
- Proven expertise in vulnerability assessment, penetration testing (VAPT), and security analysis of mobile applications.
- Strong understanding of Android and iOS security architectures.
- Proficiency in security tools such as Frida, Burp Suite, OWASP Mobile Security Testing Guide (MSTG), etc.
- Experience with common mobile security vulnerabilities (e.g., OWASP Mobile Top 10) and mitigation strategies.
- Knowledge of CVE databases and experience in reporting and managing vulnerabilities.
- Familiarity with secure coding practices and security standards.
What you will be doing here
Security Assessment and Testing:
- Conduct thorough security assessments of mobile applications, including static and dynamic analysis.
- Perform vulnerability assessments and penetration testing (VAPT) on Android and iOS applications.
- Utilize tools such as Frida, Burp Suite, and other mobile security testing frameworks to identify security weaknesses.
Vulnerability Management:
- Identify, report, and track mobile application security vulnerabilities (Common Vulnerabilities and Exposure)
- Work closely with development teams to ensure vulnerabilities are addressed and resolved.
- Develop and maintain a vulnerability management program for mobile applications.
Security Architecture and Design:
- Collaborate with development and product teams to design secure mobile applications.
- Implement security best practices and guidelines for mobile app development.
- Conduct threat modeling and risk assessments to identify potential security threats.
Security Tools and Automation:
- Develop and maintain custom scripts and tools to automate security testing.
- Stay updated with the latest security tools, technologies, and trends in mobile security.
Documentation and Reporting:
- Create detailed security assessment reports and documentation.
- Provide recommendations for security improvements and risk mitigation.
- Document security policies, procedures, and guidelines for mobile application security.
Please note that only shortlisted candidates will be contacted.
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review
2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
3. False Positive removal and manual application testing
4. Working exp of Python, Java, .Net etc
5. Experience of using MF Fortify is a must
6. Proactively identify vulnerabilities and recommend fixes
7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time
8. Experience in using security tools to carry out manual as well as automated security assessments
9. Experience working with common product flows like payment gateway integration, authentication etc.
10. Client handling exp
11. Should be able to address client queries, work on proposals etc
12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams
Amazon Web Services (AWS)About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
- Manage security tools(Snyk, Fossa, Trivy).
- Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation
- Monitor license violations.
- Perform Security Assessments and Threat Modeling
- Security Incident Response. Be part of a security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis.
- Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection).
- Given our fast pace and startup nature, things change over time and your job responsibilities will too.
You'll need:
- Web application security experience.
- Familiarity with a modern SaaS infrastructure and application development.
- Manual and/or automated Penetration Testing (white box, black box & grey box).
- Good understanding of security risk(OWASP Top 10).
- Pen-testing: burp suite/ postman, etc.
- Vulnerability management: Snyk, fossa, NexusIQ, WhiteHat security, aqua security, GitHub security, etc.
- Familiarity with major security protocols.
- Collaboration, transparency, and integrity.
- BS/MS degree; 5+ years of relevant experience.
Nice to have:
- Experience in scripting languages(BASH, Python, JS, etc).
- CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry-recognized certifications.
1. Monitor the quality of results of the automated system in the detection of attacks,
intrusions, and unusual, unauthorized or illegal activities.
2. Build and maintain scripts that collect cyber threats data from external sources as well as
from the in-house analytics engine, data quality inspection, and dataset creation for ML
with manual annotation.
3. Assist Data Scientists & Machine Learning Engineers in developing systems that
automate risk assessment/mitigation workflows.
4. Keep up to date with the latest security and technology developments.
5. Research and evaluate emerging cybersecurity threats and ways to manage them.
Required skills
1. Attention to details and a quality first mindset.
2. Knowledge of current hacking techniques, vulnerabilities, and security analysis
techniques.
3. Basic programming experience, and the ability to automate tasks.
4. Manual code review or source code analysis experience.
Note: We are a startup, you will have much more responsibilities.
Benefits
1. A competitive salary.
2. Health Insurance.
3. An awesome team that will challenge and respect you.
4. Lunch, Unlimited snacks and drinks.
5. Top notch office in the heart of Bangalore City.
Programming
Follow Cutshort