Owasp Jobs in Pune

Job Title: Security Engineer Location: Pune We are looking for a skilled Security Engineer to join our Cloud Infrastructure & Security team. In this role, you will be responsible for managing and securing all aspects of e-commerce product security and compliance within the AWS cloud environment. The ideal candidate will have a strong background in application and infrastructure security, vulnerability assessment, penetration testing, and a proven track record of participating in security audits. Key Responsibilities: Lead and participate in security audits across multiple environments, including web security, application security, mobile app security, network security, and IT infrastructure security. Conduct thorough Vulnerability Assessments and Penetration Testing (VAPT) to identify and mitigate potential risks in applications, AWS resources, configurations, and IT infrastructure. Collaborate with cross-functional teams to ensure the security of the e-commerce products, proactively identifying gaps in security and implementing the necessary controls. Prepare detailed VAPT reports using predefined templates and assist in finalizing audit reports for management. Coordinate with relevant teams to ensure timely resolution of identified security issues. Create and maintain security checklists, test cases, and test scenarios to facilitate security audits and penetration tests. Implement industry-standard security controls for AWS resources, including vulnerability management and configuration hardening. Perform penetration tests on computer systems, networks, and applications, identifying weaknesses and recommending solutions. Conduct physical security assessments of systems, servers, and network devices, focusing on firewall maintenance, network security, and other critical infrastructure components. Provide regular updates to management regarding security findings, vulnerabilities, and remediation plans. Review and offer actionable feedback on information security issues, collaborating with engineering teams to ensure timely fixes. Drive improvements in security services, including hardware, software, policies, and procedures. Identify areas for enhancing security education and awareness among internal users. Stay current with the latest malware and security threats, ensuring that the security strategy is responsive to new challenges. Manage and monitor security operations with AWS, XDR/EDR, Microsoft O365 security, and SaaS-based applications. Desired Skills & Experience: 5+ years of experience in AWS application and infrastructure security, Vulnerability Assessment, and Penetration Testing. At least 2 security audits completed, with at least one audit performed in the past 12 months. Solid experience working in heterogeneous environments and specifically with AWS Cloud. Product-based company experience is a plus. Hands-on expertise with VAPT using industry-standard tools such as Qualys, Nessus, WebInspect, Acunetix, Metasploit, Burp Suite Pro, Netsparker, etc. Strong experience with Linux administration and security (hardening servers according to industry best practices). Familiarity with OWASP security requirements and experience implementing them across applications and infrastructure. Proficiency in penetration testing on web and mobile applications, cloud environments, and network infrastructures. AWS Security experience is mandatory. Experience with XDR/EDR, Microsoft O365 security, and SaaS security is highly desirable. Strong analytical skills and the ability to identify vulnerabilities and risks across platforms. Certifications: CCNA, CompTIA+, or similar; AWS Security Specialty or similar certifications are preferred. Excellent communication skills, with the ability to collaborate effectively with both technical and non-technical teams. Strong organizational skills and the ability to prioritize tasks effectively. Ability to work with a product-ownership mindset while maintaining security across all systems and applications. What We Offer: Competitive salary and benefits. A dynamic and collaborative work environment where innovation and security are top priorities. Opportunities for continuous learning and career growth in the field of cloud and cybersecurity. If you have a passion for security, experience with AWS, and want to be part of a growing team protecting critical infrastructure, apply today!

Job Title: Application Security Lead Education Requirements (Must Have): B.Sc (IT/CS), B.Tech in any Engineering discipline, BCA, MCA, M.Sc. in Information Technology or a related field. Security Certifications (CEH, CISSP, CISA, CISM, CRISC) are highly preferred. Experience: 11-15 years of hands-on experience in Application Security, Network Security, and IT Risk & Compliance, with a strong background in security assessments, process audits, and application reviews. Experience in the BFSI (Banking, Financial Services, and Insurance) sector is preferred. Key Responsibilities: Leadership & Team Management: Lead and manage the Application Security (AppSec) team, which includes L1 and L2 resources. Act as the primary point of contact between clients and the team for all project-related activities, ensuring clear communication and effective collaboration. Oversee daily operations, ensuring resource optimization, and proactively address any issues or bottlenecks that arise during engagement. Application & Security Review: Lead the review of the security posture for various applications, including web, mobile, APIs, and other banking applications. Perform in-depth reviews of network architecture, source code, Vulnerability Assessment and Penetration Testing (VAPT) reports, and configuration audits to identify security risks. Review deliverables from L1 and L2 team members, ensuring they meet quality and completeness standards. Compliance & Risk Management: Monitor and report on compliance with relevant security standards and frameworks. Provide regular risk management updates to stakeholders, highlighting key findings and recommended mitigation strategies. Stakeholder Management: Engage with stakeholders across teams and departments to ensure alignment on security goals, strategies, and outcomes. Provide expert advice and recommendations on security best practices and risk management strategies. Required Skills & Expertise: Security Testing & Vulnerability Management: Strong expertise in vulnerability assessment and manual penetration testing using OWASP checklists. Proficiency in conducting penetration testing, ethical hacking, and static/dynamic testing of mobile applications. Expertise in the OWASP Top 10 and utilizing tools like OWASP ZAP for testing and vulnerability mitigation. Application Security Expertise: Deep understanding of application security concepts and best practices, including secure software development lifecycle (SDLC), threat modeling, and risk assessments. Experience in application and network security reviews, identifying vulnerabilities, and providing remediation strategies. Compliance & Risk Management Knowledge: Solid understanding of IT compliance standards and regulations, including PCI-DSS, GDPR, and other industry-specific frameworks. Proven ability to conduct audits, produce compliance reports, and assess risks effectively. Desirable Skills: Previous experience working within the BFSI sector is highly preferred. Excellent communication and stakeholder management skills. Ability to manage multiple projects simultaneously while ensuring high-quality deliverables. What We Offer: An opportunity to lead a team of security experts and work on high-impact projects within a dynamic and fast-paced environment. Continuous learning and development in the ever-evolving field of application security. Qualification : B.Sc (IT/CS), B.Tech in any Engineering discipline, BCA, MCA, M.Sc. in Information Technology or a related field.