Owasp Jobs in Bengaluru

Job Title: Application Security Engineer About PhonePe Group PhonePe is India s leading digital payments company with 500 million registered users and 37 million merchants, covering over 99% of India s postal codes. Building on its leadership in digital payments, PhonePe has expanded into financial services, including insurance, mutual funds, stock broking, and lending. It has also ventured into adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store, India s first localized app store. The PhonePe Group is a portfolio of businesses aligned with the company s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we empower our people and trust them to do the right thing. We create an environment that enables you to give your best every day, from day one. If you are passionate about building technology that impacts millions, ideating with the brightest minds, and executing with purpose and speed, PhonePe is the place for you! Job Description We are looking for a skilled Application Security Engineer to join our team and strengthen our security posture. You will proactively identify and mitigate vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities (What You Will Do) Penetration Testing: Perform penetration testing on web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. Secure Code Review: Conduct both manual and automated secure code reviews, primarily in Java, Python, and JavaScript. Security Automation: Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. Collaborate with Development Teams: Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. Threat Modeling: Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. Security Education: Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors. Effectively communicate security findings to stakeholders. What Makes You a Great Fit Experience: 1-5 years of experience in application security, penetration testing, or related fields. Penetration Testing Expertise: Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI, and other mobile security testing frameworks. DevSecOps Knowledge: Experience integrating security into the SDLC and familiarity with DevSecOps tools. Secure Coding Knowledge: Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. Scripting Skills: Strong scripting skills (Python preferred) for security automation. Communication Skills: Excellent communication and stakeholder management abilities. Continuous Learning: Passion for continuous learning and staying updated on security trends. Certifications (Optional): Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF participation are a plus. PhonePe Full-Time Employee Benefits Insurance Benefits: Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance. Wellness Program: Employee Assistance Program, Onsite Medical Center, Emergency Support System. Parental Support: Maternity and Paternity Benefits, Adoption Assistance Program, Day-care Support. Mobility Benefits: Relocation Benefits, Transfer Support Policy, Travel Policy. Retirement Benefits: Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment. Other Benefits: Higher Education Assistance, Car Lease, Salary Advance Policy. Why Work at PhonePe Working at PhonePe is a rewarding experience. With great people, a work environment that thrives on creativity, and the opportunity to take on roles beyond your defined job description, PhonePe offers a chance to grow your career in an innovative, dynamic company.

Senior Engineer - Quality Engineering (Apparel and Retail) About the Role: We are seeking a highly motivated and experienced Senior Engineer - Quality Engineering to join our team within the Apparel and Retail domain. This role requires 9-13 years of experience and a strong background in leading and managing quality engineering processes to ensure high-quality software products. The ideal candidate will develop and implement quality assurance strategies, test plans, and test cases utilizing SQL, SDET practices, Java, REST APIs, and data access skills. Collaboration with cross-functional teams, automation of test cases using Selenium and Python, mentoring junior engineers, leading automation efforts, and driving continuous improvement in quality engineering practices are also key responsibilities. Staying current with industry trends is essential. Responsibilities: Lead and manage the quality engineering process, ensuring the delivery of high-quality software products. Develop and implement quality assurance strategies, test plans, and test cases. Utilize SQL, SDET practices, Java, REST APIs, and data access skills to conduct thorough testing. Collaborate with cross-functional teams to improve testing processes and enhance product quality. Automate test cases using Selenium and Python. Mentor and coach junior quality engineers. Lead automation efforts to streamline testing procedures and enhance test coverage. Drive continuous improvement in quality engineering practices. Stay updated on industry trends and best practices. Conduct code reviews and ensure adherence to quality standards. Qualifications: Bachelor of Technology (B.Tech) in Computer Science Engineering or Master of Technology (M.Tech) in Software Engineering. 9-13 years of extensive experience demonstrating advanced proficiency in SQL, SDET practices, Java programming, REST API development, and data access mechanisms. Deep understanding and practical application of each of these core skills. Preferred Qualifications: ISTQB Certified Tester certification. AWS Certified Solutions Architect certification. Experience with automation testing using Selenium with Python. About Altimetrik: Altimetrik delivers outcomes for our clients by rapidly enabling digital business & culture and infusing speed and agility into enterprise technology and connected solutions. We are practitioners of end-to-end business and technology transformation. We tap into an organization s technology, people, and assets to fuel fast, meaningful results for global enterprise customers across financial services, payments, retail, automotive, healthcare, manufacturing, and other industries. Founded in 2012 and with offices across the globe, Altimetrik makes industries, leaders and Fortune 500 companies more agile, empowered and successful. Altimetrik helps companies get unstuck . We re a technology company that gives organizations a process and context to solve problems in unconventional ways. We re a catalyst for organizations talent and technology, helping teams push boundaries and challenge traditional approaches. We make delivery more bold, efficient, collaborative and even more enjoyable. Qualification : Bachelor of Technology (B.Tech) in Computer Science Engineering or Master of Technology (M.Tech) in Software Engineering

At Tide, we re building a finance platform to help small businesses save time and money. We offer business accounts and banking services alongside a comprehensive set of administrative solutions, from invoicing to accounting. Launched in 2017, Tide is trusted by over 1 million small businesses worldwide and is available to SMEs in the UK, India, and Germany. Headquartered in London, we have offices in Sofia, Hyderabad, Delhi, Berlin, and Belgrade, with a global team of 2,000+ employees. As we expand into new markets, we re constantly seeking passionate individuals to help us empower small businesses. About the Team The Security Engineering Team at Tide is divided into three core areas: Product Security, Threat Detection & Response, and Identity. Product Security (this role) focuses on embedding security throughout our product lifecycle, from secure design reviews and threat modeling to penetration testing, ensuring security is baked into every stage of development. Threat Detection & Response builds a robust detection and automation platform, proactively defending against emerging threats and making Tide resilient. Identity manages Tide s staff identity platform, ensuring secure access with modern strategies like zero trust and multi-factor authentication. Collaboration is central to our work standups, shared channels, and cross-functional projects keep us aligned and cohesive. About the Role We re seeking a Senior Product Security Engineer with a passion for application security and resilient software development. You ll be responsible for hunting vulnerabilities in our web and mobile applications, collaborating with engineering teams to remediate strategically, and ensuring security is seamlessly integrated into our development process. You ll be an advocate for security across the organization, mentoring engineers, and introducing the latest security tools and trends. As a Senior Product Security Engineer, you will: Dive deep into mobile and web technologies to proactively hunt for vulnerabilities. Secure cloud-native applications, ensuring best practices across Tide s AWS cloud environment. Perform threat modeling and guide teams in secure design principles to prevent vulnerabilities. Remediate vulnerabilities through strategic initiatives and hands-on patching. Act as a subject matter expert across a range of security areas, particularly application security. Mentor and coach junior engineers, sharing your expertise to raise the security bar. Integrate security into our CI/CD pipelines, leveraging automation to catch vulnerabilities early. What We re Looking For: Extensive experience in Application Security (AppSec), with a deep understanding of concepts like Secure Enclave, URL Schemes vs. Universal Links, and presigned URLs in S3. Proficiency with tools like Burp Suite (bonus points if you ve built custom extensions). Excellent communication skills able to clearly articulate vulnerabilities and advocate for their remediation. Hands-on experience with cloud-native applications and consistently applying security best practices. Ability to write proof-of-concept (POC) scripts to demonstrate findings and their potential impact. A passion for the security community public speaking, blogging, bug bounties, or sharing your work on GitHub is a plus. Our Tech Stack: Cloud Environment: 100% containerized on AWS EKS. Infrastructure as Code (IaC): Managed via Terraform and Terragrunt. Deployment: GitOps with Argo CD, supported by Helm and Crossplane. CI/CD: GitHub Actions and all source code hosted on GitHub. What You ll Get in Return: Competitive salary Health Insurance (Self & Family) Term & Life Insurance OPD Benefits Mental Well-being Support through Plumm Learning & Development Budget WFH Setup Allowance Leave Benefits: 15 Privilege Leaves, 12 Casual Leaves, 12 Sick Leaves, 3 Paid Days Off for Volunteering or L&D Activities Stock Options Tidean Ways of Working: We support a flexible workplace model, balancing remote and in-person work to meet the needs of different teams. While remote work is encouraged, we believe in face-to-face interactions to foster innovation and strengthen team spirit. Our offices are hubs for collaboration and community-building. Diversity & Inclusion at Tide: At Tide, diversity and inclusion are at the heart of our culture. Our Tideans come from diverse backgrounds, bringing unique perspectives that help us build products that resonate with our members. We are committed to creating an environment where everyone s voice is heard, and all individuals regardless of ethnicity, gender identity, sexual orientation, or disability are welcomed and celebrated. We are One Team, fostering transparency and inclusion in everything we do.

Our Exciting Opportunity: We are looking for a Security Engineer to manage, track, and support security-related activities within our organization, ensuring the continuous availability and performance of services as per Service Level Agreements (SLA). This role will involve incident management, security tool integration, process improvement, and governance reporting. As a Security Engineer, you will play a key role in ensuring that security incidents are identified, responded to, and resolved effectively and quickly. You'll work with various teams to mitigate risks and improve overall security posture. What you will do: Incident Management: Respond to after-hours security incidents (on-call support). Coordinate event collection, log management, and compliance automation. Address day-to-day security change requests related to security operations. Conduct research and intelligence gathering on emerging threats and exploits. Create new security rules based on identified threats. Perform postmortem analysis of logs, traffic flows, and activities to identify malicious activity. Analyze security incidents involving networking devices, operating systems, endpoint analysis, and network attacks. Work with Technical Authority teams to resolve security incidents. Provide Root Cause Analysis for security incidents, outages, or impairments. Administer authentication and access controls, including user provisioning and deprovisioning. Tools Integration: Integrate security tools (SIEM, VA, IAM) with various network nodes. Deploy policies, signatures, parsers, and rules for security infrastructure. Communicate with vendors (e.g., SIEM, IPS/IDS, IAM) for application-related issues. Process Improvement: Mentor Level 1 analysts to improve detection capabilities within the Security Operations Center (SOC). Prepare Use Cases and MOPs (Method of Procedures) based on identified scenarios. Create and maintain technical operational work instructions. Drive continuous improvement by identifying opportunities to enhance current processes. Governance and Reporting: Provide business intelligence reporting based on SOC and customer needs. Identify and report risks related to security. Perform periodic security reporting and present findings to management or customers. To be successful in this role, you must have: Strong knowledge of information security concepts and best practices. Experience with SIEM tools (e.g., McAfee ESM, QRadar, ArcSight, Splunk). Experience with scanning tools (e.g., Nessus, Qualys, IBM AppScan). Experience with PAM tools (e.g., BeyondTrust, CyberArk). Knowledge of Linux and MS Windows systems with a technical understanding of TCP/IP networks. Understanding of enterprise computing environments, distributed applications, and security controls. Key Qualifications: Education: Graduate in Computer Science or a similar field. Experience: 5 to 11 years of experience, with at least 2 years in IT and 2 years in security. Certifications (Preferred): ITIL certification CCSP (Certified Cloud Security Professional) OSCP (Offensive Security Certified Professional) Security+ CCNA Security or similar certifications. Why This Role? This is a fantastic opportunity for a Security Engineer to develop your career by working with cutting-edge security technologies and supporting a highly dynamic and crucial role in an organization. You will have the chance to mentor junior team members, improve security processes, and work with state-of-the-art tools to ensure the highest levels of security for the organization. Apply now to join our team and contribute to maintaining and improving the security infrastructure! Qualification : Graduate in Computer Science or similar

Red Team Hacker / Pen Tester (Onsite, Bangalore) Who We Are ColorTokens We re on a mission to keep businesses running safe and sound even when cyber attackers try to mess things up. Our next-gen platform, ColorTokens Xshield , stops ransomware and malware from spreading sideways inside companies, so critical stuff stays locked down and working. We ve got mad skills in spotting and controlling traffic between all kinds of devices and users from your typical laptops to IoT and medical gadgets. That means we can slice and dice security zones to keep bad actors contained. Forrester calls us a Leader in Microsegmentation (Q3 2024), and we help global companies avoid big $$$ downtime. Our Vibe We re all about hustling with heart. You ll get to own your projects, work with smart teammates, and solve tough problems that actually protect people from kids in hospitals to entire cities. If you re driven, curious, and ready to make a real impact, you ll fit right in. The Gig What You ll Do Run epic red team ops that mimic real-world hackers trying to break in. Hack (ethically!) into networks, apps (web, mobile, APIs), and cloud setups to find weaknesses. Build your own scripts and tools to level up your tests and dodge detection. Team up with defenders (blue team) to boost how we spot and stop attacks. Write clear, no-fluff reports with proof-of-concept hacks and smart fixes. Keep your finger on the pulse of the latest threats and hacker tricks. Jump into purple teaming and adversary simulations to sharpen our edge. Bachelor s in Cybersecurity, CS, or you ve got real-world chops that match. 6+ years deep in red teaming, pentesting across web, APIs, infrastructure, and cloud. Pro with tools like Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, and scripting (Python/PowerShell/Bash). Solid grasp of MITRE ATT&CK, threat modeling, and adversary emulation. Know Windows & Linux inside out, Active Directory, plus cloud platforms (AWS, Azure, GCP). Bonus points if you re into social engineering, phishing, or physical security. Skilled at writing docs that actually make sense. Must-have certifications: OSCP is a must; CRTP, OSCE, OSEP, CRTE, GPEN, GXPN are pluses. Qualification : Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

Job Title: Information Security Engineer Location: Bengaluru Company: Altisource (NASDAQ: ASPS) About Altisource At Altisource, we develop cutting-edge technologies and services for the mortgage and real estate industry. We re a trusted partner to 7 of the top 10 U.S. mortgage servicers, operate one of the leading real estate auction platforms, and support a cooperative with over 15% market share in the $1.8 trillion U.S. originations market. If you're passionate about cybersecurity and want to make an impact in a high-growth, tech-driven environment this is the role for you. Position Summary We re looking for a highly motivated Information Security Engineer to support our growing security operations. You will play a vital role in identifying and mitigating security risks across applications, systems, and networks. This role involves vulnerability assessments, code reviews, and automation of security tasks ensuring Altisource remains secure and compliant in a fast-paced environment. Key Responsibilities Conduct vulnerability assessments on applications, networks, and systems. Perform manual verification to reduce false positives and validate security fixes. Communicate identified vulnerabilities and recommend remediation steps to internal teams. Perform secure code reviews and assist development teams in fixing identified issues. Identify and mitigate risks throughout the software development lifecycle. Leverage commercial and open-source tools for vulnerability detection (e.g., Qualys, Nessus, Burp Suite). Assist in internal penetration testing initiatives. Develop internal tools and automate security tasks, leveraging AI where applicable. Stay updated on the latest threats, tools, and best practices in cybersecurity. Create detailed assessment reports and present findings to technical and non-technical stakeholders. Train and mentor team members on vulnerability management processes and tools. Required Qualifications Bachelor s degree in Computer Science, Engineering, or a related field. 3 to 5 years of hands-on experience in information security or related roles. Relevant certifications such as CEH, GIAC, or similar. Solid experience in: Network vulnerability assessments Application scanning and secure code review Windows, Linux, and Unix operating systems Familiarity with OWASP tools, methodologies, and security best practices. Strong communication skills both written and verbal. Preferred Skills Experience with tools like: Qualys, Nessus, Nexpose, SAINT Burp Suite Pro, HP WebInspect Static analysis tools (e.g., IBM AppScan Source, Fortify) Proficiency in one or more programming languages: Java, C, C++, .NET (C#, VB). Experience delivering training or presenting technical content to teams. Background in technical writing or web development is a plus. Be part of a team securing technologies used by top players in the mortgage and real estate space. Work with modern tools and frameworks. Enjoy a collaborative environment that supports innovation, growth, and learning. Qualification : Bachelors degree in Computer Science, Engineering, or a related field

UI Architect Location: Bengaluru, India Company: Adobe Experience: 12+ years About Adobe At Adobe, we empower creators and brands globally with cutting-edge digital experience tools. We are passionate about innovation, inclusion, and delivering exceptional digital interactions across every platform. Role Overview As a UI Architect, you will lead the design and development of scalable, maintainable web applications by collaborating with AEM Architects and multiple engineering teams. You will own the full technical lifecycle of frontend solutions, driving architecture decisions, enforcing standards, and ensuring high-quality delivery aligned with business goals. Key Responsibilities Collaborate with Backend Architects and engineering teams to define and document frontend architecture vision and implementation standards. Lead technical design decisions and translate high-level architecture into detailed designs. Oversee UI team s implementation to ensure adherence to architecture and coding standards. Consult and mentor frontend developers to align solutions with best practices and the architecture vision. Identify and address technical debt and proactively recommend improvements. Research emerging technologies and integrate them to optimize the technology stack. Lead cross-team knowledge sharing and technical discussions. Own continuous improvement of development processes and tooling. Required Experience & Skills 12+ years of software development experience, with 10+ years focused on frontend web development. Proven track record leading successful solutions and working with multiple teams. Expertise in ReactJS and component-based architecture (Redux, Vue experience is a plus). Strong skills in JavaScript (ES6+), HTML5, CSS3 (including preprocessors like Less/Sass, BEM methodology). Experience with RESTful and GraphQL API integration. Familiarity with UI testing frameworks (Jest, Jasmine, Playwright). Knowledge of web performance optimization, accessibility standards (WCAG), Core Web Vitals, and security best practices (OWASP). Experience with build tools and pipelines: Webpack, Babel, NPM, CI/CD. Ability to design and implement Progressive Web Apps (PWA). Experience with Agile methodologies and software development standards. Strong communication skills and ability to lead technical discussions and resolve conflicts. Bonus Points Experience building frontend for Adobe Experience Manager (AEM) platforms. Familiarity with design systems, atomic design principles, and unified UI libraries. Knowledge of headless commerce and ecommerce platforms. Experience with Node.js and advanced build tooling. Work with cutting-edge digital technologies in a collaborative, innovative environment. Lead large-scale projects impacting millions of users worldwide. Thrive in a culture valuing creativity, diversity, and continuous learning. Enjoy competitive compensation and career growth opportunities.

Job Title: Lead Systems Software Engineer Location: Bengaluru, Karnataka, India (On-Site) Team Overview: Join our Application Security team at Cloud Software Group, where we focus on protecting web applications and services from security threats. As a part of this passionate team, you will engage in application layer attack protection, threat intelligence, and the mitigation of OWASP attacks. We are highly focused on emerging security trends and delivering cutting-edge solutions to defend against advanced cyber threats. Job Description: As a Lead Systems Software Engineer, you will be responsible for implementing, configuring, and maintaining Web Application Firewalls (WAFs) to safeguard web applications and services. This role involves identifying security threats, performing security assessments, and collaborating with cross-functional teams to ensure security best practices are followed throughout the development lifecycle. Key Responsibilities: WAF Implementation & Maintenance: Implement and maintain Web Application Firewalls (WAFs) to protect web applications and services from security threats, including bot attacks. Security Policies & Rules: Develop and manage security policies and rules for WAFs to ensure the prevention of OWASP-Top-10 vulnerabilities, unauthorized access, data breaches, and other security incidents. Security Assessments & Penetration Testing: Conduct security assessments and penetration testing of web applications and services to identify vulnerabilities and recommend remediation measures. Collaboration: Work closely with other security teams and developers to ensure security best practices are integrated into the design, development, and maintenance of web applications and bot management systems. Emerging Threats Awareness: Stay informed on the latest security threats, technologies, and best practices to continually improve the security posture and protect against evolving threats for WAF and API. Incident Response: Participate in incident response and investigations as needed to identify the root cause of security incidents and implement corrective actions to prevent recurrence. Continuous Improvement: Lead initiatives to improve processes, systems, or products to enhance job area performance. Address complex security problems by considering multiple issues across various specialties. Qualifications: Education: Bachelor s (BE/B.Tech) or Master s degree in Computer Science, Information Security, or related fields, or equivalent work experience. Experience: 9-11 years of experience in network protocols (TCP, UDP, HTTP, DNS, SSL/TLS) and web application security, with a focus on WAFs and bot mitigation. Technical Expertise: Experience with industry-leading WAFs such as Citrix NetScaler AppFirewall, Imperva, ModSecurity, or F5 BIG-IP ASM. Proficiency in C, C++, and scripting languages like Python and Perl. Analytical Skills: Strong problem-solving abilities with a demonstrated capacity to identify and respond to security threats quickly. Communication Skills: Excellent verbal and written communication skills with the ability to collaborate effectively across teams and with stakeholders. About Us: Cloud Software Group is one of the largest cloud solution providers globally, serving over 100 million users. Our suite of cloud-based products powers productivity and collaboration, enabling real work to get done from anywhere. We value passion for technology, risk-taking, and innovation. If you re ready to be part of a company on the brink of transformative growth, now is the perfect time to join us. We are committed to Equal Employment Opportunity (EEO) and compliance with all applicable laws, ensuring a diverse and inclusive workplace for all. This position is ideal for individuals passionate about cybersecurity and looking to be at the forefront of web application protection and security innovations. Qualification : Bachelors (BE/B.Tech) or Masters degree in Computer Science, Information Security, or related fields, or equivalent work experience.

Job Title: Senior Systems Software Engineer Location: Bengaluru, Karnataka, India Team Overview: Join a team of Application Security experts at Cloud Software Group, where we focus on securing web applications and services. Our team is passionate about application layer attacks, protection mechanisms, threat intelligence, and protecting against OWASP threats. We re constantly evolving, staying at the forefront of emerging security trends. Job Description: As a Senior Systems Software Engineer, you will be responsible for implementing, configuring, and maintaining Web Application Firewalls (WAFs) to secure web applications and services from potential threats, including bot attacks. This role involves ensuring the effective operation of WAFs to prevent common vulnerabilities and unauthorized access, conducting security assessments, and collaborating with other security and development teams to enhance the security posture of our web applications. Key Responsibilities: WAF Implementation & Maintenance: Implement, configure, and maintain Web Application Firewalls (WAFs) to protect against security threats like OWASP-Top-10 vulnerabilities, unauthorized access, data breaches, and bot attacks. Security Policy & Rule Development: Develop and manage security policies and rules for WAFs to enhance their effectiveness in preventing security incidents. Penetration Testing & Security Assessments: Perform security assessments and penetration testing of web applications and services to identify vulnerabilities and recommend remediation actions. Collaboration: Work closely with other security teams, developers, and stakeholders to ensure security best practices are followed in the design, development, and deployment of features for web applications and bot management. Stay Updated on Security Trends: Keep informed about emerging security threats and technologies, continually improving security mechanisms to safeguard against new threats for WAF and API. Incident Response: Participate in incident response and investigations to understand the root cause of security breaches and implement corrective actions to prevent future incidents. Process Improvement: Lead initiatives for improving processes, systems, and products to optimize the performance and effectiveness of security measures. Qualifications: Education: Bachelor's (BE/B.Tech) or Master s degree in Computer Science, Information Security, or related fields, or equivalent professional experience. Experience: At least 5 years of experience working with network protocols like TCP, UDP, HTTP, DNS, SSL/TLS, and web application security, particularly in WAF and bot mitigation. Technical Skills: Proficiency with industry-leading WAF solutions like Citrix NetScaler AppFirewall, Imperva, ModSecurity, or F5 BIG-IP ASM. Experience in programming languages such as C, C++, and scripting languages like Python or Perl. Problem-Solving Skills: Strong analytical and problem-solving abilities to identify, assess, and mitigate security threats quickly. Communication & Collaboration: Excellent communication skills, with the ability to effectively collaborate with stakeholders across teams. About Us: Cloud Software Group is one of the world s largest providers of cloud solutions, empowering more than 100 million users globally. At Cloud Software Group, we re building the future of work, enabling people to get things done from anywhere. Our team thrives on passion for technology, embracing the courage to take risks and innovate. We re on the brink of another significant leap in technology evolution and we need experts like you to help us get there. If you're passionate about cybersecurity and eager to drive innovations, this is the perfect time to join us and be part of something transformative. Qualification : Bachelor's (BE/B.Tech) or Masters degree in Computer Science, Information Security, or related fields, or equivalent professional experience.

Job Title: Principal SDET Location: Bangalore (On-site; full-time) About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform. Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics. Job Overview: About the Role As a Principal SDET at Locus, you will play a critical role in driving the quality and reliability of our platform. This role goes beyond traditional testing; you will design, develop, and enhance automated test frameworks, ensure seamless integration of quality engineering practices, and mentor team members to establish a quality-first culture. Key Responsibilities: Automation Framework Design and Development: Architect, develop, and maintain robust test automation frameworks for backend, APIs, and frontend components. Ensure the frameworks are scalable, reusable, and aligned with the latest industry standards. Test Strategy and Planning: Collaborate with product managers, developers, and DevOps to define comprehensive test strategies for new features and system enhancements. Own the end-to-end testing lifecycle, from requirement analysis to test case creation, execution, and reporting. Drive better QA practices (In areas Like: defect creation, Capturing scope of feature, Sign offs , matrix of coverage in functional and automation etc) Quality Advocacy and Best Practices: Drive the adoption of best practices in testing, coding standards, and CI/CD processes across teams. Act as a champion of quality by fostering a quality-first mindset and instilling a culture of rigorous testing. Test Execution and Debugging: Conduct functional, performance, and security testing, ensuring the product meets the highest quality standards. Debug complex issues and work closely with developers to identify and resolve root causes. Continuous Improvement: Analyze test results and metrics to identify areas for improvement in testing processes and product quality. Contribute to the development and enhancement of monitoring and alerting systems to proactively address production issues. Mentorship and Collaboration: Mentor and guide junior SDETs and quality engineers, sharing knowledge and expertise to elevate the team s capabilities. Collaborate effectively with cross-functional teams to ensure quality is integrated into every stage of the development process. Develop a good understanding of velocity in teams and across the org and work towards removing roadblocks to improve release velocity Qualifications: 5-8 years of experience in software testing, with at least 3 years focused on test automation. Proficiency in programming languages such as Java, Python, or JavaScript. Hands-on experience with test automation tools and frameworks for Web and API automation like Selenium, Appium, TestNG, JUnit, or similar. Exp of working on any AI enabled testing tools or frameworks is a plus. Expertise in API testing and automation using tools like Postman, RestAssured, or equivalent. Familiarity with performance testing tools such as JMeter or Gatling. DevOps and CI/CD: Experience with CI/CD pipelines using tools like Jenkins, GitLab CI/CD, or GitHub Actions. Knowledge of Docker, Kubernetes, and cloud platforms (AWS, GCP, or Azure) is a plus. Strong debugging skills and the ability to identify root causes of issues quickly. Excellent communication, collaboration, and leadership skills. Experience in testing large-scale, distributed systems. Knowledge of security testing and tools like OWASP ZAP or Burp Suite. Exposure to machine learning models and their testing challenges. Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

Job Title: Security Engineer - II Location: Bangalore (On-site; full-time) About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform. Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics. Job Overview: Key Responsibilities: Conduct comprehensive threat modeling for applications, cloud infrastructure, and overall systems architecture. Perform secure code reviews and security assessments for web, Android, and iOS applications, with a strong focus on cloud infrastructure security. Proactively identify and mitigate vulnerabilities across platforms, collaborating with development and DevOps teams to implement secure solutions. Automate and streamline security processes, aligning with the principle that Complexity is the enemy of Security. Oversee Vulnerability Management and Patch Management processes, ensuring timely remediation. Design and implement robust security measures and contribute to Red Team activities, including assessments of cloud, network, wireless, physical, and social engineering scenarios. Take ownership of assigned tasks and drive the continuous improvement of security practices across the organization. Assist in setting up and maintaining monitoring systems to identify and respond to potential incidents in real time. Develop custom tools, scripts, and scanners to address unique security challenges and automate repetitive tasks. Provide architectural guidance for securing cloud-based applications and DevOps pipelines. Continuously stay updated on emerging security technologies and techniques, sharing knowledge with the team. Qualifications: 3-5 yrs experienced Sr security engineer. Expertise in cloud security (AWS, Azure, or GCP) with a strong understanding of securing applications and infrastructure in cloud environments. Proficiency in DevOps and DevSecOps practices, including secure CI/CD pipeline integration and automation. Strong knowledge of OWASP and SANS testing methodologies for identifying and mitigating security vulnerabilities. Good understanding of software security weaknesses, architecture vulnerabilities, and mitigation strategies. Hands-on experience in threat modeling, vulnerability assessments, and penetration testing. Proficiency in any scripting language - Python. Experience in developing or customizing tools, scanners, or extenders for specific security needs. Ability to work independently and collaboratively within a team to solve complex security challenges. Experience in implementing security monitoring systems for early incident detection. Strong problem-solving skills and the ability to think creatively to simulate attack scenarios. Certification in security-related fields (e.g., AWS Certified Security, CISSP, CEH, OSCP). Experience with container security and orchestration platforms like Kubernetes and Docker. Knowledge of Infrastructure as Code (IaC) tools like Terraform or CloudFormation. Familiarity with modern DevOps tools (e.g., Jenkins, GitLab, Ansible). Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

Infosec Lead Experience: 5-7 Years | Location: Bengaluru About Gameskraft: Founded in 2017, Gameskraft is one of India s fastest-growing online gaming companies. Our mission is to build a safe, secure, and responsible gaming ecosystem while delivering unmatched experiences through innovation and technology. As the industry s only ISO 27001 and ISO 9001 certified company, we set the highest benchmarks in security, design, and performance. Job Summary: We are seeking an experienced Infosec Lead to drive our security strategy, ensuring robust web security, application security, and compliance across the organization. You will be responsible for leading a team of security professionals, implementing best-in-class security measures, and ensuring compliance with industry regulations such as HIPAA, PCI-DSS, ISO, and GDPR. Key Responsibilities: Security Strategy & Program Management: Develop, implement, and maintain a comprehensive security program to safeguard company assets, systems, and data. Collaborate with cross-functional teams to integrate security into product development and business operations. Conduct risk assessments and vulnerability analyses to identify and mitigate security threats. Compliance & Regulatory Adherence: Ensure compliance with HIPAA, PCI-DSS, ISO, GDPR, and other relevant security frameworks. Maintain security certifications and drive adherence to regulatory standards. Develop and enforce security policies, standards, and procedures. Incident Response & Risk Management: Lead incident response efforts, including investigation, containment, and remediation. Continuously monitor security threats, emerging trends, and vulnerabilities to strengthen cyber resilience. Provide security guidance and risk analysis during product launches and infrastructure changes. Team Leadership & Stakeholder Collaboration: Lead and mentor a team of security professionals, fostering a culture of security awareness across the organization. Work closely with engineering, IT, legal, and business teams to embed security best practices. Present regular security reports and key performance metrics to senior management. What You Bring to the Table: Education: Bachelor s or Master s degree in Computer Science, Information Security, or a related field. Experience: 5-7 years of experience in information security, with a strong focus on web security, application security, and compliance. Proven track record in leading security teams and managing enterprise security programs. Technical Expertise: Strong knowledge of security technologies such as firewalls, IDS/IPS, SIEM, encryption, authentication protocols, and penetration testing tools. Experience with cloud security (AWS, Azure, GCP) and DevSecOps methodologies. Familiarity with secure coding practices and application security frameworks (OWASP, NIST, CIS Controls). Hands-on expertise in risk assessment, vulnerability management, and security architecture design. Certifications (Preferred): CISSP, CISM, CISA, CEH, or equivalent industry-recognized security certifications. Soft Skills & Leadership: Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to influence and drive security initiatives across multiple teams. Work Culture at Gameskraft: Startup Environment: Fast-paced, ownership-driven culture where innovation and agility thrive. Impactful Work: Direct contribution to securing one of India s largest gaming platforms. Collaboration: Work alongside some of the best minds in the gaming and consumer internet industry. Data-Driven: Leverage analytics to enhance security posture and decision-making. Compensation & Benefits: Attractive Compensation & ESOPs Competitive salary with equity options. Health Insurance 5 Lakh medical cover for you and your family. Car Lease Policy Exclusive leasing options for employees. Relocation Benefits Assistance with moving to Bengaluru. Free Lunch & Stocked Pantries Enjoy great food while you work! Performance-Based Growth Transparent appraisals and rapid career progression. Join Us & Secure the Future of Gaming! If you re passionate about cybersecurity, risk management, and building secure digital ecosystems, we d love to have you on board. Apply now and be part of an exciting journey at Gameskraft! Qualification : Bachelors or Masters degree in Computer Science, Information Security, or a related field.

Job Role: Vulnerability Assessment Specialist The Vulnerability Assessment Specialist will be responsible for managing vulnerability scanners, executing security assessments, and proactively identifying vulnerabilities across Vodafone s IT environments. This role requires collaboration with various teams to address and mitigate risks, ensuring a secure infrastructure. Experience and Skills Required Experience: 5+ years of relevant experience in vulnerability management and vulnerability assessment. Proven expertise in vulnerability scanning tools like Qualysguard VMDR, WAS, and cloud scanning management. Industry-recognized security certification such as CEH (Certified Ethical Hacker). Hands-on experience with scanning and penetration testing tools such as Retina, ACUNETIX, Nessus, Open VAS, Metasploit framework, NMAP, and Nagios. Familiarity with operating systems like Linux and Windows, web application security, virtualization platforms (VMware), and network/infrastructure security assessments. Knowledge of OWASP, Sandbox, Kali Linux, Burp Suite, CVE, SSL PKI, 2FA, IAM, Perimeter Security, and SIEM solutions. Experience compiling VAPT (Vulnerability Assessment and Penetration Testing) reports and conducting penetration testing on test environments. (Optional but preferred) Knowledge of advanced penetration testing techniques and tools. Key Responsibilities: Execute security assessments to highlight and articulate risks to the business. Participate in defining the scope of security scanning and vulnerability assessment activities. Act as a technical subject matter expert for security scanning tools and processes. Manage the overall scanning infrastructure and ensure the quality and accuracy of scanning activities and deliverables. Proactively identify vulnerabilities across Vodafone environments and ensure timely mitigation actions. Continuously improve security assessment services and processes. Perform vulnerability research to discover new and previously unknown vulnerabilities. Prepare detailed technical reports on vulnerability scanning results and communicate findings to resolver teams. Respond to technical queries related to reports and findings.

Summary of Essential Job Functions The primary responsibility of the InfoSec Tech Lead is to ensure the organization's global information security, compliance, and risk management. The role involves collaborating with various teams to identify and implement security requirements for product applications and infrastructure. Minimum Requirements (Education & Work Experience) Education: Bachelor s/Master s degree in Computer Engineering or Information Science. Certifications (Preferred): OSCP, OSCE, ECSA|LPT, CPT, CEH. Experience: 5-7 years in Vulnerability Management, covering Application, Infrastructure, Cloud, Mobile Security, Secure Code Review, and IoT. Work Location: Bangalore, India (May require travel). Competency Requirements Hands-on experience in Network, Web-based, and Cloud Application Security Assessments including threat modeling, vulnerability assessments, and penetration testing. Knowledge of current information security trends. Familiarity with security bug classification frameworks (e.g., CVSS, DREAD) and application of classification methods. Expertise in Web Service vulnerability assessments. Understanding of Mobile Application Security (iOS/Android). Experience in code review methods and standards. Ability to develop proof-of-concept (POC) exploits for security vulnerabilities. Proficiency with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, BurpSuite Pro, WebInspect, Core Impact). Experience with network assessment tools and exploitations (e.g., Kali Framework, QualysGuard, Nessus, Nexpose, Nmap, Metasploit, Saint). Experience in static code review tools (e.g., Checkmarx, HP Fortify, IBM AppScan Source). Proficiency in at least two scripting languages (e.g., Python, Perl, PHP, Ruby, etc.). Ability to assess applications using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies. Understanding of SDLC practices and adaptability to Agile methodologies. Experience in high-level programming languages (e.g., Java, C, C++, .NET (C#, VB)), with DAST code review as an added advantage. Knowledge of operating systems (Windows/Linux/UNIX IBM AIX, Sun Solaris, HP UX) and network equipment. Experience providing technical oversight to project teams to ensure quality engagements. Strong experience in mentoring, coaching, and leading teams in challenging environments. Familiarity with security compliance frameworks (PCI, SOC, GDPR). Other Requirements Strong ethics and integrity in business and information security. Proficiency in English (written and verbal communication skills). Ability to prepare professional reports and present findings to technical and executive stakeholders. Ability to interact with customers and understand security requirements. Job Responsibilities Conduct and manage Vulnerability Assessments and Penetration Testing (VAPT) for Infrastructure, Web Applications, and Web Services/APIs. Perform manual and automated security testing to identify vulnerabilities. Conduct periodic configuration audits for network devices, servers, and critical functions. Perform secure code reviews across multiple programming languages and recommend corrective actions. Assess SDLC processes for security compliance. Develop security testing scripts and procedures. Participate in security-related projects as per skillset. Continuously evaluate application architecture to enhance security processes. Analyze suspected vulnerabilities, collaborate with subject matter experts, and recommend remediation measures. Evaluate and recommend security products and solutions. Act as a security advisor for secure coding standards and security information management. Qualification : Bachelors/Masters degree in Computer Engineering or Information Science.

Position Overview: We are seeking a highly skilled and experienced Member of Technical Staff QA Security to join our dynamic team at Aryaka. As a Senior QA Engineer, you will play a crucial role in ensuring the security and integrity of our SASE products by conducting thorough security assessments, designing and executing test plans, and collaborating with development teams to address vulnerabilities. Your expertise will help shape our network security solutions and contribute to the success of organizations worldwide. Key Responsibilities: 1. Conduct Security Assessments: Perform comprehensive security assessments of SASE products to identify vulnerabilities, weaknesses, and misconfigurations. Utilize both manual and automated testing tools to uncover security vulnerabilities and potential exploitation vectors. 2. Design and Execute Test Plans: Develop and implement test plans and methodologies to evaluate the effectiveness of firewall configurations in defending against unauthorized access, malicious activities, and other security threats. Perform penetration testing on firewall devices to simulate real-world attacks and assess resilience against advanced threats. 3. Analyze and Report Findings: Analyze firewall logs, traffic patterns, and rule sets to identify anomalies and security incidents. Generate detailed reports outlining findings, including identified vulnerabilities, potential impacts, and recommended remediation measures. 4. Collaborate with Development Teams: Work closely with firewall development teams to prioritize and address security issues identified during testing phases. Provide technical guidance and recommendations regarding firewall security best practices, configuration hardening, and threat mitigation strategies. 1. Stay Informed on Security Trends: Keep up to date with the latest firewall technologies, security trends, and industry best practices to continuously improve firewall testing methodologies. Participate in the development and implementation of security policies, procedures, and standards related to firewall security testing. Qualifications: Education: Bachelor s degree in Computer Science or a related field. Experience: 3-7 years of experience as a QA Engineer. Technical Skills: Strong understanding of firewall technologies, including stateful inspection, packet filtering, application layer filtering, and intrusion prevention systems (IPS), CASB, and DLP. Knowledge of common security vulnerabilities and attack vectors, including OWASP Top 10, SQL injection, cross-site scripting, and buffer overflows. Familiarity with web application security standards and protocols (e.g., SSL/TLS, OAuth, SAML). Experience with cloud security (AWS, Azure, GCP) and container security is a plus. Hands-on experience with firewall testing tools such as Nmap, Nessus, Metasploit, and Wireshark. Understanding of network protocols, the TCP/IP stack, and common attack vectors used to exploit firewall vulnerabilities. Experience with scripting languages (e.g., Python) for automation and custom tool development is a plus. Soft Skills: Excellent analytical and problem-solving skills with the ability to identify and mitigate security risks effectively. Strong communication skills to convey technical concepts to both technical and non-technical stakeholders. Ability to work independently and as part of a team in a dynamic and fast-paced environment. Certifications: CISSP, CCSP, or CEH certifications are preferred. Employee Value Proposition (EVP): At Aryaka, we offer a dynamic and innovative work environment where you will have the opportunity to make a significant impact in the network security industry. Our commitment to cutting-edge technology and customer satisfaction provides a platform for continuous learning and professional growth. Qualification : Bachelors degree in Computer Science or a related field.

At IBM, work is more than a job it s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world s most challenging problems? If so, lets talk. Your Role and Responsibilities We are looking for a developer highly interested in developing an innovative, future-oriented solution that automates and simplifies the installation, configuration and testing of Linux on Z systems. Your main duties will include design and implementation of new features, optimizing and maintaining existing code and ensuring the software meets high-quality standards through testing and debugging. You will also work closely with the customers to ensure the software meets their needs. Step in and be part of IBM System Development Lab community, outstanding for its innovation and team spirit, offering one of the broadest project portfolios of hardware and software technologies within the IBM Corporation. Engineers in our team work inside a highly agile development environment and are responsible for the full software development life cycle ranging from designing and implementing of the new product features, testing for industry-leading quality assurance over to continuous product delivery as well as supporting our global customers. You should be thrilled by emerging technologies with our software products for future Mainframe and Cloud-based markets. What you will do : The IBM Z Hyper Protect Virtual Servers team is seeking an experienced Backend Developer As a Backend developer, you will be part of a highly focused, self-managed team that designs, develops and tests secure solutions created for Z Systems workloads and applications. Responsible for all aspects of management, improvement, and support of the microservice platform s Linux based infrastructure. Provide feedback to architects regarding any issues that present themselves. Manage projects with various priority levels and timelines from start to finish. Act as escalation point for internal support departments in resolving a wide variety of customer facing issues regarding environment deployment, service issues, and technical questions. Consistently meet deadlines for complex issues and new projects involving multiple teams. Demonstrate best practices in all aspects of administration. Leverage various languages to build features based on an architectural design. Develop and maintain accurate documentation for internal procedures and services. Continuously stay abreast of new developments in supported operating systems to ensure consistent compatibility with established infrastructure. Must collaborate with other departments to resolve complex issues and be detail oriented. Ability to automate solutions to repetitive problems/tasks. Required Technical and Professional Expertise Up to 4 years of working experience with Linux distributions (Ubuntu/RHEL) in a production environment. Strong background in Software development with in-depth knowledge of Python, designing REST API and working knowledge of distributed services. Strong development skills in Openstack and its components. Knowledge on Core Linux Development skills Strong skills in github, ShellScripting(ksh/bash), containers and orchestration, system monitoring, Jenkins, CI/CD pipeline integration and end-to-end tests, playbooks and process automation. Understanding of container technologies like docker/podman, Orchestration tools Kubernetes openshift, Digital Certificate Knowledge. Good understanding of IBM Carbon Design Systems Knowledge of React.js , playwright Working experience of Security Scan Tools-VA Scan/App Scan, OWASP ZAP , Contrast A Self-starter Individual with excellent problem-solving skills, able to work independently and as a part of the team. Excellent presentation and soft skills and strong english communication skills both written and Verbal Preferred Technical and Professional Expertise Knowledge with deployment on OpenShift. Knowledge on Cloud Technology including Network, Storage and Compute. knowledge in zLinux operating systems and virtualization/hypervisor Qualification : Strong background in Software development with in-depth knowledge of Python, designing REST API and working knowledge of distributed services.