36+ Web application security Jobs in India

About us:

Astra is a cyber security SaaS company that makes otherwise chaotic pen-tests a breeze with its one of a kind Pentest Platform.

Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 650+ companies across the globe.

In 2023 Astra uncovered 2 million+ vulnerabilities for its customers, saving customers $69M+ in potential losses due to security vulnerabilities. 

We've been awarded by the President of France Mr. François Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security. Loom, MamaEarth, Muthoot Finance, Canara Robeco, ScripBox etc. are a few of Astra’s customers.

Your mission:  

• Carrying out VA/PT for web apps, mobile apps, Cloud infrastructure, SaaS apps, network devices, open-source projects etc.
• Developing and testing rule sets for our DAST scanner.
• Interacting with clients over remediation calls.
• Facilitating clients to map out the steps for fixing vulnerabilities.
• Maintaining our vulnerability management system.

Requirements for the role:

• CEH or OSCP or CREST certified
• 1-2 years of experience in doing pentests on multiple assets including web apps, cloud infrastructure etc. Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities
• Experience directly interfacing with customers over calls & emails
• Able to write & understand code in any one programming language.

Good to have:

• A few published CVE’s
• Good bug bounty/CTF experience

Benefits of joining teh Astra Squad:

• Embrace the cosy remote work lifestyle.
• Feel the startup adrenaline pumping through your veins.
• Your brilliance showcased to thousands of eager readers and users.
• Revel in our open, growth-centric ambiance; it's like a digital playground.
• Dive deep into the captivating world of cybersecurity.
• And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett. 

A BIT ABOUT US

Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 30+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

• Anyone pursuing their graduation or post-graduation related to IT security 
• Skills - Application Penetration Testing, 
• Knowledge or experience of IoT testing, and source code audits are plus points
• Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues

Minimum Requirements

• Must be comfortable with tools like burp suite, nmap, sqlmap, r2 etc
• Strong Analytical Skills
• Strong grasp of fundamentals of information security
• Strong Grasp of Web, API and mobile Pen-Testing
• Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
• Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.
• Basic understanding of cloud platforms like AWS or GCP. Security knowledge in this domain is a plus.

Responsibilities

• Security assessment of web and mobile applications.
• Understand and explain the results with impact on business and compliance status
• Continuously learning and training on latest tools and techniques

Personality traits we really admire

• A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
• Great attitude to ask questions, learn and suggest process improvements.
• Has attention to details and helps identify edge cases.
• Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
• Follow timelines and absolute commitment to deadlines.

Interview Process 

• Round 1 CTF Round - Profile and skill Evaluation
• Round 2 - Technical Interview with security team member
• Round 3 - Technical Interview with the Team Lead
• Round 4 - HR Round

 Why Join Us

• Great Stipend& PPO: We keep up with the market standards & provide stipend/pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also PPO for our top interns.
• Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
• Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
• Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand.

About us

Astra is a cyber security SaaS company that makes otherwise chaotic pentests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 650+ companies across the globe. In 2023 Astra uncovered 2 million+ vulnerabilities for its customers, saving customers $69M+ in potential losses due to security vulnerabilities. 

We've been awarded by the President of France Mr. François Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security. Loom, MamaEarth, Muthoot Finance, Canara Robeco, ScripBox etc. are a few of Astra’s customers.

Role Overview

As an SDE 2 Back-end Engineer at Astra, you will play a crucial role in the development of a new vulnerability scanner from scratch. You will be architecting & engineering a scalable technical solution from the ground-up.

You will have the opportunity to work alongside talented individuals, collaborating to deliver innovative solutions and pushing the boundaries of what's possible in vulnerability scanning. The role requires deep collaboration with the founders, product, engineering & security teams.

Join our team and contribute to the development of a cutting-edge SaaS security platform, where high-quality engineering and continuous learning are at the core of everything we do.

Roles & Responsibilities:

• You will be joining our Vulnerability Scanner team which builds a security engine to identify vulnerabilities in technical infrastructure.
• You will be the technical product owner of the scanner, which would involve managing a lean team of backend engineers to ensure smooth implementation of the technical product roadmap.
• Research about security vulnerabilities, CVEs, and zero-days affecting cloud/web/API infrastructure.
• Work in an agile environment of engineers to architect, design, develop and build our microservice infrastructure.
• You will research, design, code, troubleshoot and support (on-call). What you create is also what you own.
• Writing secure, high quality, modular, testable & well documented code for features outlined in every sprint.
• Design and implement APIs in support of other services with a highly scalable, flexible, and secure backend using GoLang
• Hands-on experience with creating production-ready code & optimizing it by identifying and correcting bottlenecks.
• Driving strict code review standards among the team.
• Ensuring timely delivery of the features/products
• Working with product managers to ensure product delivery status is transparent & the end product always looks like how it was imagined
• Work closely with Security & Product teams in writing vulnerability detection rules, APIs etc.

Required Qualifications & Skills: 

• Strong 2-4 years relevant development experience in GoLang
• Experience in building a technical product from idea to production.
• Design and build highly scalable and maintainable systems in Golang
• Expertise in Goroutines and Channels to write efficient code utilizing multi-core CPU optimally
• Must have hands-on experience with managing AWS/Google Cloud infrastructure
• Hands on experience in creating low latency high throughput REST APIs
• Write test suites and maintain code coverage above 80%
• Working knowledge of PostgreSQL, Redis, Kafka
• Good to have experience in Docker, Kubernetes, Kafka
• Good understanding of Data Structures, Algorithms and Operating Systems.
• Understanding of cloud/web security concepts would be an added advantage

What We Offer:

• Adrenalin rush of being a part of a fast-growing company
• Fully remote & agile working environment
• A wholesome opportunity in a fast-paced environment where you get to build things from scratch, improve and influence product design decisions
• Holistic understanding of SaaS and enterprise security business
• Opportunity to engage and collaborate with developers globally
• Experience with security side of things
• Annual trips to beaches or mountains (last one was Chikmangaluru)
• Open and supportive culture 

At ISA ERP, we develop highly inventive ERP and decision-support Software to enhance productivity and address the challenges faced by global manufacturers due to the dynamically changing market. We embrace an inquisitive mindset, provide freedom to experiment, and encourage the acquisition of new skills. This offer is only for those who would not spare any pains to grow, innovate, and derive satisfaction by contributing significantly.

BD Software Distribution Pvt. Ltd. is a leading Value Added Distributor (VAD) in the Indian market, offering industry-leading consumer, SMB, and Enterprise-level solutions. We are the Country Partner for top brands in the cybersecurity industry, including Bitdefender. With a strong partner network and technical expertise, we provide comprehensive protection against malware and cyber threats to government organizations, businesses, and consumers. With over 750,000 users in India, we are committed to helping achieve cyber peace.

Job Overview

We are seeking a Renewal Specialist to join our team at BD Software Distribution Pvt. Ltd. This role involves managing the renewal process for our software solutions and ensuring customer satisfaction. The ideal candidate should have 1 to 3 years of experience in a similar role, strong communication skills, and a customer-centric approach. This is a full-time position based in Navi Mumbai, Maharashtra, India.

Qualifications and Skills

1 to 3 years of experience in a Renewal Specialist or similar role

Strong understanding of software solutions and the renewal process

Excellent communication and interpersonal skills

Customer-centric approach with a focus on delivering high-quality service

Ability to build and maintain relationships with customers

Strong problem-solving and negotiation skills

Ability to work collaboratively in a cross-functional team environment

Proficiency in CRM software and MS Office

Attention to detail and strong organizational skills

Roles and Responsibilities

Manage the renewal process for software solutions, ensuring timely renewals and customer satisfaction

Develop and maintain strong relationships with customers, understanding their needs and addressing any inquiries or issues

Provide product knowledge and recommendations to customers, ensuring they are maximizing the value of our solutions

Collaborate with internal teams, including Sales and Support, to achieve renewal targets and resolve customer concerns

Track and monitor customer accounts, identifying opportunities for upselling and cross-selling

Prepare and present reports on renewal activities, highlighting trends, challenges, and opportunities

Stay up-to-date with industry trends and competitive landscape to contribute to product enhancements and market positioning

Maintain accurate and updated customer information in the CRM system

Sr. Offensive Security Engineer:

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security. 

You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.

To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.

WHAT YOU’LL DO:

• Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
• Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings

YOUR QUALIFICATIONS:

• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
• 3+ years of experience with dynamic and manual code auditing to identify security issues
• 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
• Experience with threat modeling, design review, or other threat analysis techniques

Bonus points:

• Experience with mobile application penetration testing
• Knowledge of cloud service providers, especially Google Cloud
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTFs, CVE research, and/or Bug Bounty programs

Job Responsibilities:

• Server Monitoring: Monitor server performance and respond to alerts promptly. Troubleshoot and resolve system and network issues.
• Server Disk Cleanup: Regularly analyze and clean up server storage to optimize performance and resource allocation.
• Deployment of New Linux Instances: Create and configure new Linux server instances based on project requirements. Ensure proper security measures and updates during deployment.
• DNS Management: Manage DNS records, domains, and configurations for internal and external services.
• Backing up/Archiving Logs: Implement backup and archiving strategies for server logs to maintain data integrity and facilitate auditing.
• MySQL Backups: Create and manage automated backups of MySQL databases to ensure data integrity. Develop disaster recovery plans.
• System Administration Strategies: Develop and implement system administration strategies to enhance server performance, security, and scalability. Stay updated with industry best practices and emerging technologies

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
• Proven experience as a Linux Administrator or similar role (5+ years).
• Proficiency in Linux server administration (CentOS, Ubuntu, etc.).
• Strong knowledge of: Server monitoring tools (e.g., Nagios, Zabbix). Configuration management tools (e.g., Ansible, Puppet). Virtualization and containerization (e.g., Docker, Kubernetes). DNS management (e.g., BIND, AWS Route 53). Backup solutions (e.g., Bacula, AWS Backup). Log management and analysis (e.g., ELK Stack, Graylog). Database administration (e.g., MySQL, MariaDB). Security best practices and firewall configuration. Scripting languages (e.g., Bash, Python). Version control systems (e.g., Git). Cloud platforms (e.g., AWS, Azure, Google Cloud). Monitoring and alerting tools (e.g., Grafana, Prometheus). Networking concepts (TCP/IP, routing). System administration strategies and documentation. Excellent problem-solving skills and the ability to work independently.

• Strong communication and teamwork skills.

Force Point trainer- One candidate

Should be certified as an administrator in at least one of these products- Force point web security / DLP/ NGFW

Should have implementation ( hands on skills) on implementing Web security or DLP

Should have conducted training on at least one of the above topics to corporate companies or at least internal staff

Should have a flair for conducting trainings

Should be ready to travel to conduct trainings

( 2-3 years of experience)

Experience Required: 5 -10 yrs.

Job location: Sec-62, Noida

Work from office (Hybrid)

Development Platform: Backend Development- Java/J2EE, Struts, Spring, MySQL, OWASP

Job Brief:

Requirements:

·      5+ years of experience in developing distributed, multi-tier enterprise applications, APIs.

·      Fully participated in several major product development cycles.

·      Solid background in design, OOP, object, and data modelling.

·      Deep working knowledge of Java, Struts,Spring, Relational Database.

·      Experience in design and implementation of service interface and public APIs.

·      Actively involved/writing codes in current project.

·      Development knowledge and experience of working with AWS, Azure etc. will be an added plus.

·      Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, CSRF, SQL injection, session hijacking, and authorization bypass vulnerabilities.

·      Find and resolve the security concerns on the product/application.

·      Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.

·      Strong self-starter who can operate independently.

As part of the Cloud Platform / Devops team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –

• Building Infrastructure on AWS driven through terraform and building automation tools for deployment, infrastructure management, and observability stack 
• Building and Scaling on Kubernetes
• Ensuring the Security of Upswing Cloud Infra
• Building Security Checks and automation to improve overall security posture 
• Building automation stack for components like JVM-based applications, Apache Pulsar, MongoDB, PostgreSQL, Reporting Infra, etc.
• Mentoring people across the teams to enable best practices 
• Mentoring and guiding team members to upskill and helm them develop work class Fintech Infrastructure

What will you do if you join us?

• Write a lot of code
• Engage in a lot of cross-team collaboration to independently drive forward infrastructure initiatives and Devops practices across the org 
• Taking Ownership of existing, ongoing, and future initiatives 
• Plan Architecture- for upcoming infrastructure
• Build for Scale, Resiliency & Security 
• Introduce best practices wrt Devops & Cloud in the team
• Mentor new/junior team members and eventually build your own team

You should have

• Curiosity for on-the-job learning and experimenting with new technologies and ideas
• A strong background in Linux environment
• Must have Programming skills and Experience
• Strong experience in Cloud technologies, Security and Networking concepts, Multi-cloud environments, etc.
• Experience with at least one scripting language (GoLang/Python/Ruby/Groovy)
• Experience in Terraform is highly desirable but not mandatory
• Experience with Kubernetes and Docker is required 
• Understanding of the Java Technologies and Stack
• Any other Devops related experience will be considered

Application Security Engineer

About us:

Foxit is remaking the way the world interacts with documents through advanced PDF and digital signature technology. We are a leading global software provider of fast, affordable, and secure PDF and digital signature solutions that are used by millions of people worldwide. Winner of numerous awards, Foxit has customers in more than 200 countries and global operations. We have a complete product line and an exciting and aggressive development schedule. Our proven PDF and digital signature technology is disrupting the status quo establishment and has accelerated our company growth. We are proud to list as customers Google, Amazon, and NASDAQ, and with your skills and help, we plan to add many more. Foxit has offices all over the world, including locations in the US, Asia, Europe, and Australia.

For more information, please visit https://www.foxit.com/

You would be working for the product Foxit eSign, India office which is registered with the name of eSign Genie Software Private Limited.

Job Brief

• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e., Requirements review, Design review, Code Review.
• Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, SQL injection, session hijacking, and authorization bypass vulnerabilities.
• In-depth research on Web security, familiar with the origin of various Web security problems and solution, having a tracking of Security threats of network.
• Expertise in testing web application vulnerabilities and Network related vulnerabilities.
• Practical understanding and use of commercial application security tools
• Knowledge of the Vulnerability Fixations.
• Hands on development using Java / J2EE
• Solid understanding and experience with establishing application security policies across an organization.
• Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.
• Strong self-starter who can operate independently.

What we offer you

• The chance to contribute to the creation of a sophisticated and appealing product, built from scratch with a fresh, global team!
• A fast, flexible, and rewarding incubator-like environment but with the solidity and seriousness of large and stable company in the background
• Be part of the exquisite team that will shell out the next big Foxit product all eyes on us!
• A Pluralsight subscription
• Competitive remuneration package

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

Force Point trainer- One candidate

§ Should be certified as an administrator in at least one of these products- Force point web security / DLP/ NGFW

§ Should have implementation ( hands on skills) on implementing Web security or DLP

§ Should have conducted training on at least one of the above topics to corporate companies or at least internal staff

§ Should have a flair for conducting trainings

§ Should be ready to travel to conduct trainings

1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review

2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

3. False Positive removal and manual application testing      

4. Working exp of Python, Java, .Net etc         
5. Experience of using MF Fortify is a must

6. Proactively identify vulnerabilities and recommend fixes

7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time                                                                                     

8. Experience in using security tools to carry out manual as well as automated security assessments

9. Experience working with common product flows like payment gateway integration, authentication etc.                                                          

10. Client handling exp

11. Should be able to address client queries, work on proposals etc                                                        

12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams

Primary Responsibilities

Cognitio Analytics is looking for a Lead Application Developer, driven by innovation and a desire to make a difference. We are seeking a clever, dedicated development lead who enjoys what they do, likes leading and working with teams, is curious with new ideas; someone who can appropriately apply technology to solve problems and provide services to our clients.

Duties include working in a professional environment with a team of developers, data engineers, data scientists, business analysts, and product owners. The ability to effectively lead teams that are fiercely focused on client service, innovation, and delivering products that create and capture value is required. Successful candidates will be able to lead development projects, plan and design solutions with heavy focus on data integration and Azure cloud capabilities and analysis methods needed to support project goals. 

Core Skills

• Communication. Ability to share your ideas and lead overall development activities in a collaborative environment
• Problem solving. Knowing how to make a task easier, more maintainable and stable
• Curiosity. Knowing what’s on the horizon in cloud capabilities and web development and when to use it
• Adaptability. Able to quickly learn and adapt to new technologies
• Ability to manage a complex range of tasks and meet deadlines
• Understanding and application of the agile development lifecycle

Required Qualifications

• Bachelor’s in Computere Science or related experience 
• Practical web & application development experience
• Full Stack Web development skills and experiences 
• An attitude and commitment to being an active participant of our employee-owned culture is a must

Preferred Qualifications – experience with a few of the following is a plus:

• Minimum of eight (8) years’ experience in software development;
• Experience with agile development practices through Azure Dev/Ops
• JavaScript (including ES6), HTML, and CSS(SASS/LESS);
• Responsive web design and UI frameworks (Bootstrap, Foundation, etc.)
• JavaScript frameworks ( React, etc.);
• Experience with server-side technologies (.NET, NodeJS, etc.);
• RESTful web services;
• Cloud computing - Azure
• Unit testing and continuous integration and deployment

• Document technical and functional specifications
• Perform unit testing of objects/ solutions created
• Perform configuration, integration, and personalizations in Oracle HCM EBS/Cloud
• Work in a functional and technical capacity and analyze business requirements, design, develop and deploy solutions
• Excellent troubleshooting, analytical and problem-solving skills
• Explore & investigate the client's pain areas, extend the scope, and keep the client satisfied

• Minimum a Bachelor’s degree.
• 3 to 10 years of experience as an Oracle HCM Techno-Functional Consultant
• 30% Functional and 70% Technical
• Strong experience in core HR, Payroll, Fast Formula, OTL and SSHR
• Should have expertise in Oracle HCM Cloud advanced tools such as HCM Extracts, HDL, PBL, BI Publisher, OTBI, Application Security, Page Composer, Page Configurator, REST APIs, SOAP, Webservices
• Able to provide strong leadership to develop best practices for effective Techno functional support for the enterprise business process area
• Good communication skills
• In-depth knowledge of the business process and capability to understand business requirements.

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

• OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
• OWASP TOP 10 vulnerabilities and their mitigations
• Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
• Understand/modify exploit code and find logical security flaws in applications
• Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
• To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Scan Network for Security Vulnerabilities

- Create detailed security report

- Research on Open source security tools & new security topics

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Perform Mobile Application Security Testing

- Scan Network for Security Vulnerabilities

- Co-ordinate with the clients for Project related queries

- Undertake meeting with the client teams for discussing security issues and recommendations

- Create detailed security reports

- Keep track of project progress & send regular updates

- Research on Open source security tools & new security topics

• Web Application Security – OWASP Top 10
• Mobile Application Security – Mobile OWASP Top 10
• Threat Modelling
• Risk Rating Frameworks
• Web Traffic Interception (For Web/Mobile apps)
• SSL
• Network Concepts
• Web Development Basics - HTTP/HTML/JavaScript
• Basic Mobile Application Concepts (either Android or IOS)

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• Extensive experience in designing & supporting Azure Managed Services Operations.  
• Maintaining the Azure Active Directory and Azure AD authentication. 
• Azure update management – Handling updates/Patching. 
• Good understanding of Azure services (Azure App Service, Azure SQL,  Azure Storage Account..etc). 
• Understanding of load balancers, DNS, virtual networks, NSG and firewalls in cloud environment. 
• ARM templates writing, setup automation for resources provisioning. 
• Knowledge on Azure automation and Automation Desire State Configuration. 
• Good understanding of High Availability and Auto scaling. 
• Azure Backups and ASR (Azure Site Recovery) 
• Azure Monitoring and Configuration monitoring (performance metrics, OMS) 
• Cloud Migration Experience(On premise to Cloud). 
• PowerShell scripting for custom tasks automation. 
• Strong experience in configuring, maintaining, and troubleshooting Microsoft based production systems. 
  
  Certification: 
  
  Azure Administrator (AZ-103) & Azure Architect (AZ-300 & AZ-301) 

What you need to have:

DevOps Consultant!! MERN Stack Project Manager – Systems (Enterprise or Solutions) Architect needed!

Hello superstar,

I appreciate you taking time to read this. I have posted a job for developers to work on a start-up, the link is ......

I would need someone with DevOps experience, to ensure that the project is undertaken with the highest standards possible. I have had many experiences where ‘completed’ software after years of development was filled with bugs and it would be more cost-effective to start from scratch than to attempt to find and correct all the bugs.

I have attempted to learn as much as possible, but I now have an opportunity and it would better serve the venture to have someone handle the management of the project to ensure that;

• We choose the most appropriate technology
• We choose competent developers in those technologies
• The architecture and data modeling are clearly defined in a ‘blueprint’ plan
• A DevOps environment and processes are set up and the developers understand what is required
• Proper tests are carried out to ensure everything works as intended
• There are processes for testers to follow and competent testers are selected to follow them
• Accessibility, localization, and internationalization are planned ahead of time
• Security, scalability, and other future probabilities that I may not even be aware of are considered and planned ahead of time
• Documentation and code reviews, refactoring and other quality assurance processes are undertaken
• Working software is produced and systems that enable new developers or teams of people to easily take over and/or contribute new modules or updates in a controlled and organized fashion
• Cost estimates or budgets/projections or use of SaaS, hosting and other 3rd party services and applications

I am more concerned with a professional and world-class organizational system than with any particular type of software been produced as the strong foundation will enable anything to be creating with efficacy and precision.

Again, thank you for reading this, please reply with the word “superstar” anywhere in the second line of your response.  I look forward to hearing from you.

Warm wishes DevOps Evangelist,

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.