11+ SANS Jobs in India
Apply to 11+ SANS Jobs on CutShort.io. Find your next job, effortlessly. Browse SANS Jobs and apply today!
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
About us
Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.
Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.
We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.
Experience Required:
- Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
- 3+ years of experience in VA/PT
Job Responsibilities:
- VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
- Developing & testing rule sets for our pentest suite
- Preparing pentest reports through Astra’s pentest suite
- Interacting with clients over remediation calls
- Explaining steps to fix to clients
- Maintaining our vulnerability management system
Key Skills Required:
- Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
- Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
- Knowledge of LAMP stack & PHP would be great to have
We Offer:
- Embrace the cosy remote work lifestyle.
- Feel the startup adrenaline pumping through your veins.
- Revel in our open, growth-centric ambiance; it's like a digital playground.
- Dive deep into the captivating world of cybersecurity.
- And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.
About Shipsy
At Shipsy, we aim to revolutionize the logistics and supply chain industry through our innovative SaaS platform. We leverage cutting-edge technology to deliver solutions that enhance efficiency, improve sustainability, and create positive impacts across global supply chains.
Position Overview
We are seeking a skilled Security Operations Engineer to join our security operations team. This role is crucial for protecting our company’s assets, data, and IT infrastructure. The ideal candidate will possess a solid foundation in cybersecurity, experience with incident response, full stack development experience and a proven ability to work effectively within a team environment.
Key Responsibilities:
- Work with the product, devops, and development teams to identify the right security architecture for implementing new solutions, products, and features. Help develop, implement, and support product security strategy.
- Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture. Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc. ).
- Support security initiatives and serve as a point of contact to build and securely scale cloud platforms (EX. AWS, GCP & AZURE).
- Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks.
- Present strategies, project plans, and more to cross-functional teams delivering risk management solutions that add value.
- Experience in introducing security testing into software delivery pipelines (CI/CD)
- Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks
- Understanding of cloud-native applications and how to deploy them securely
- Create design specifications and prepare technical documentation and run-books.
- Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program
Requirements:
- 8 years of industry experience with at least 4 years experience in DevSecOps automation and tooling.
- Proven experience with Amazon Web Services (AWS), including IAM, AWS Shield, AWS WAF (Web Application Firewall), and Amazon Inspector to enhance security measures and compliance within the cloud environment.
- Expertise in security tools and technologies, such as vulnerability scanners, penetration testing tools, and security information and event management (SIEM) systems.
- Strong understanding of DevSecOps principles and practices.
- Excellent communication, collaboration, and problem-solving skills.
- Ability to work independently and as part of a team.
- Experience collecting metrics, measuring systems, and interpreting data to make decisions.
Qualifications
- Bachelor's degree in Computer Science, a related technical field, certifications, or equivalent practical experience
Good to have:
- Experience in JavaScript, Node, React , Python & Database administration.
- AWS Management, Security, Scalability, Reliability, Cost Optimization Education and Certifications
- AWS Certified Security – Specialty or equivalent practical experience
Security (AM/Executive)
• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
at Foxit eSign Genie
Application Security Engineer
About us:
Foxit is remaking the way the world interacts with documents through advanced PDF and digital signature technology. We are a leading global software provider of fast, affordable, and secure PDF and digital signature solutions that are used by millions of people worldwide. Winner of numerous awards, Foxit has customers in more than 200 countries and global operations. We have a complete product line and an exciting and aggressive development schedule. Our proven PDF and digital signature technology is disrupting the status quo establishment and has accelerated our company growth. We are proud to list as customers Google, Amazon, and NASDAQ, and with your skills and help, we plan to add many more. Foxit has offices all over the world, including locations in the US, Asia, Europe, and Australia.
For more information, please visit https://www.foxit.com/
You would be working for the product Foxit eSign, India office which is registered with the name of eSign Genie Software Private Limited.
Job Brief
- Review Software applications for potential security vulnerabilities by conducting application security reviews i.e., Requirements review, Design review, Code Review.
- Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, SQL injection, session hijacking, and authorization bypass vulnerabilities.
- In-depth research on Web security, familiar with the origin of various Web security problems and solution, having a tracking of Security threats of network.
- Expertise in testing web application vulnerabilities and Network related vulnerabilities.
- Practical understanding and use of commercial application security tools
- Knowledge of the Vulnerability Fixations.
- Hands on development using Java / J2EE
- Solid understanding and experience with establishing application security policies across an organization.
- Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.
- Strong self-starter who can operate independently.
What we offer you
- The chance to contribute to the creation of a sophisticated and appealing product, built from scratch with a fresh, global team!
- A fast, flexible, and rewarding incubator-like environment but with the solidity and seriousness of large and stable company in the background
- Be part of the exquisite team that will shell out the next big Foxit product all eyes on us!
- A Pluralsight subscription
- Competitive remuneration package
Primary Skills |
Experience on network vulnerability scanning penetration testing |
Experience with Nessus NetCat, NMAP Backtrack, Metasploit,Wireshark , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone) |
Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) |
In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database |
Thorough and practical knowledge of OWASP |
Hands on experience with popular application security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux |
Working knowledge of manual testing of web applications |
Good knowledge of modifying and compiling exploit code |
Good understanding and knowledge of codes languages |
Has practical experience in auditing various OS , DB , Network and Security technologies |
Microsoft office – Word, Excel, PowerPoint |
Global IT risk management company
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
Our client company is into Computer software. (YB1)
- Manage security tools(Snyk, Fossa, Trivy).
- Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation
- Monitor license violations.
- Perform Security Assessments and Threat Modeling
- Security Incident Response. Be part of a security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis.
- Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection).
- Given our fast pace and startup nature, things change over time and your job responsibilities will too.
You'll need:
- Web application security experience.
- Familiarity with a modern SaaS infrastructure and application development.
- Manual and/or automated Penetration Testing (white box, black box & grey box).
- Good understanding of security risk(OWASP Top 10).
- Pen-testing: burp suite/ postman, etc.
- Vulnerability management: Snyk, fossa, NexusIQ, WhiteHat security, aqua security, GitHub security, etc.
- Familiarity with major security protocols.
- Collaboration, transparency, and integrity.
- BS/MS degree; 5+ years of relevant experience.
Nice to have:
- Experience in scripting languages(BASH, Python, JS, etc).
- CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry-recognized certifications.
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts
One of the world top Product/Consulting company
- 5+ Years of leading an engagement.
- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.
- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).
- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.
- Deep hands-on experience leading the design, development and deployment of business software at scale.
- Experience with service-oriented architectures, private and public clouds and web services security.
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.
- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.
- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.
- Good understanding of Enterprise Networks, Security and Identity Access Management.
- Configuration management using CloudFormation and/or Chef/Puppet.
- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.
- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.
- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.
- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.
- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.
- Ability to travel to customer sites as needed.
PREFERRED QUALIFICATIONS:
- AWS Solutions Architect Certified.
- AWS Security Speciality Certified.
- CISSP, CCSP, CISM, and/or other comparable certifications.
Requirements:
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.