null Jobs

[Full-time] Experienced Web-Application Security Experts at Security Brigade InfoSec Pvt. Ltd.

2013-05-09 01:42:23

Location: Mumbai
URL: http://www.securitybrigade.com

Description:

We are looking for:

Candidates with genuine interest in security – preferably having done some projects on their own.
Understanding of OWASP Top 10 and WASC Issues
Development knowledge of any current programming languages
Interested in manual testing and not just running tools

To apply for this role, take our online security auditor quiz at http://www.securitybrigade.com/careers/apply-for-security-consultant-job.php

Apply to this job

[Full-time] Web Application Security Analyst (Immediate) at Entersoft Information System Pvt Ltd

2013-05-02 05:29:49

Location: Banglore
URL: http://entersoft.co.in

Description:

Looking for someone with 3-5 years experience in web app PT, who can join Entersoft immediately with in 10days.

1.Bachelors degree in Computer Science, Information Systems, Engineering or related major
2. Minimum 6 years experience in Application and network security
3. Should have played the role of Security test lead at least with 2 projects
4. Advanced written and verbal communications skills
5. Experience with a variety of information security processes and technologies such as: 5.1. Common operating systems, network protocols, web services and databases 5.2. Risk assessment and management 5.3. Identity management and authentication 5.4. Directory services 5.5. Application security and systems development life cycle 5.6. Data and systems integrity controls 5.7. Encryption technology 5.8. Business requirements development and technical architecture development
6. Change control and release management
7. Network and application security assessment and ethical hacking
8. System planning and integration
9. Ability to adjust to changing priorities while multitasking effectively
10. Experience in planning and implementing security test efforts, which includes manual security testing and developing custom security assessment scripts or programs
11. Experience utilizing vulnerability assessment tools such as Nessus, AppDetective, BurpSuite, WebInspect, AppScan, and Fortify.
12. Practical knowledge and experience with OWASP top ten issues with an understanding of web-based application vulnerabilities
13. Demonstrated leadership and strong interpersonal skills with the ability to work well in a team.
14. Self-motivated with ability to work with minimal supervision.
15. Excellent problem solving skills.
16. Application development experience with programming languages such as Java, C, C++, C#,asp, and .NET is a great plus
17. Strong technical skills related to a broad range of operating systems and databases
18. Ability to review and audit source code analysis report
19. CISSP, GWAPT, CEH, CCNA, CCENT, CCNP, GSEC, MCSA, CISM certifications are preferred

Apply to this job

[Full-time] web penetration tester at sriinfotech

2013-04-18 23:54:59

Location: Hyderabad
URL: http://sriinfotech.org

Description:

We are looking at hiring multiple web Security Consultants to join our team in the Hyderabad office.

Overview of our Requirements
Candidates with the following mind set, please do not apply:

I can hack because I can use Nessus & Nmap.
Running some tools and scanners makes a complete PenTest.
ISO 27001 will help you become fully secure.
I did CEH and CISSP because I hate coding.
No offense to the above – If you are reading this post you are probably on the right track, and may get up there soon. We would like to hear from you as soon as you think you are ready.

Candidates with the following mind set, please do apply:

I wrote this tool that is now open source
Application security and business logic testing is my favorite subject (special mention)
I recently presented my research at a security conference / meet up
The above are signs of the type of people we want to meet.

About the Position
This is a position for a Security Consultant to join our team. It is a do-it-all role and will involve some of the following:

Participating in various audits ranging from Application Security, Mobile Security, Network Security, etc.
Build tools to automate your work and be “process oriented”.

Experience:
Web-security Analyst:Positions:5 : Experience=6months-2years
Sr.websecurity analyst:positions2: experience=3+ years

Apply to this job

[Full-time] Web Application Security Consultants at Security Brigade InfoSec Pvt. Ltd.

2013-04-04 22:24:05

Location: Mumbai
URL: http://www.securitybrigade.com

Description:

Security Brigade is looking for talented Application Security Consultants who will be responsible for security assessments and penetration testing of application and enterprise environments as well as security research and development of security tools, processes and testing methodologies.

Key Tasks and Responsibilities

Perform application penetration testing, vulnerability assessments and source code reviews
Profile an application, identifying threats, and developing test cases to target identified threats
Identify and exploit vulnerabilities in applications and networks
Manage project timelines, deadlines and expectations – including customer interactions
Prepare reports documenting identified issues based on internal templates
Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on findings
Research emerging security topics and new attack vectors
Write tools and scripts to automate technical processes and make audits more efficient

Requirements

In-depth understanding of security issues, exploitation techniques and remediation measures
Ability to follow an in-depth manual testing process and not just run automated tools and copy paste results
Development knowledge of any current programming languages
Strong understanding of software and application security
Strong oral and written communication skills
Involvement in software community via OWASP, WASC, Null, ClubHack and/or open source development is highly desirable
Track record speaking at major security conferences such as OWASP Appsec, SANS Appsec, and Blackhat, Nullcon is highly desirable
Intercepting proxies (i.e. Burp Proxy, Charles Proxy, Webscarab Proxy, Paros Proxy, etc)

Workplace Perks

Technically oriented workplace, work on a variety of interesting and challenging modules and projects, surrounded by hackers, coders and geeks.
Casual clothes
Breakfast service to your desk
Full time cook will whip you up anything you can print a recipe for
Team environment, collaborative learning environment, transparent communications
Generally fun environment with lots of LAN gaming and hackathons in off hours :)
Opportunity to advance career at growing company always looking for emerging leaders

Candidate Profile / Criteria
TLDR – Passion > Education

We don’t require a B Tech or BSc degree, but plenty of the team has them. We always look at capabilities and experience first.

Candidates with published advisories, tools, research papers, generally anything that can demonstrate you know your stuff when it comes to web and mobile applications will be preferred.

About Security Brigade

Security Brigade is a pure-play information security consulting firm specializing in delivering high quality services through expert driven manual testing. Founded on the core belief that “Great audits are done by great auditors – not expensive tools”, Security Brigade’s approach is built around strong processes that enable auditors to conduct in-depth manual security audits.

Security Brigade is based out of Mumbai, India and was founded in December 2006. It conducts thousands of audits a year for organizations such as: MakeMyTrip, Network 18, Tata Group, HDFC, Vodafone, IRDA, Reliance Money, Netmagic Solutions among many others. For more information, visit www.securitybrigade.com

Apply to this job

[Full-time] Application Security Consultants at Security Brigade InfoSec Pvt. Ltd.

2013-03-02 02:18:54

Location: Mumbai
URL: http://www.securitybrigade.com

Description:

Security Brigade is looking to expand its team with individuals that are looking for a hands-on, challenging and fast paced environment.

Our key criteria

Must have an intimate knowledge of Burp Proxy (or an equivalent tool).
Must be familiar with various development languages . Read only knowledge will also do.
Must understand HOW vulnerabilities work and not just be capable of running tools.
Must be passionately curious about how things work.

About the position
This is a position for a Web-Application Security Consultant to join our team. It is a do-it-all role and will involve some of the following:

Conducting security audits of various web and mobile based applications
Working on various internal R&D projects
Working with our development team to help enhance our internal workflow driven security testing platform

To Apply For This Job
Fill our online security auditor quiz here to apply for the role.

About Security Brigade
Security Brigade InfoSec Pvt. Ltd. is a pure-play information security consulting firm specializing in delivering high quality services through expert driven manual testing. Founded on the core belief that “Great audits are done by great auditors – not expensive tools”, Security Brigade’s approach is built around strong processes that enable auditors to conduct in-depth manual security audits. Security Brigade’s proprietary E.D.I.T.E platform provides a workflow based testing engine that encapsulates the complete audit process. It allows expert auditors to follow am in-depth manual testing processes while assisted by a combination of proprietary, open-source and commercial technology.

Note: Applications have been closed.

Apply to this job

[Full-time] Security Consultant at Trend Micro

2013-02-11 02:09:26

Location: Vadodara
URL: http://www.trendmicro.com

Description:

Job Description:
Job responsibilities
Web Application Security expert is responsible for maintaining application security from external attacks, such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc. Check for new application vulnerability attacks and ensure security of application against those attacks.

As our Security Expert, you will focus on direction, design, implementation and securing of Web Services and Web Applications.

This will include design of security features, security reviews, implementation and Security testing/QA; enforcing Security best practices and protections for Web related technologies (XML/SQL injections, XML bomb attack, XSS, CSRF, etc.).

Experience in usage of Web Application Firewalls (WAF)

Knowledge of OWASP and WASC is a must.

Technical skills
Performing: Network and Web-based Application Penetration tests. Logical Security Audits. Hands-on Technical Security Evaluations and Implementations. Web Application Penetration Testing. Vulnerability Detection and Remediation.
Conducting: Database Penetration Tests. Application Assessment reports. PCI Compliance Assessment Reports

Non-technical skills Ability to solve problems creatively High productivity Ability to communicate clearly in writing, by phone, and in person Ability to work at both detailed and abstract levels Willingness and ability to create and adapt to new technologies Ability to launch new projects and follow through to completion.

Work experience requirements:
• 3-5 Years
Education Requirements
• BE/BTech/MCA or equivalent Bachelor’s degree
• Security certificates will be a plus.

Note: Applications have been closed.

Apply to this job

[Full-time] Security Test Engineer at ZenQA Pvt Ltd

2013-02-05 21:21:37

Location: Hyderabad
URL: http://www.zenqa.com

Description:

Job Description: # Looking for security testing professionals experience in Web application security testing. # Exposure to vulnerability assessments on mobile applications. # Knowledge of assessments in cloud based applications.

Roles & Responsibilities:
• Strong Web application security experience with thorough understanding of web and cloud based application vulnerabilities
• Have some hands on experience in analyzing logs to identify attack trends
• Exposure to vulnerability assessments in mobile applications on Android, iPhone etc. and knowledge of mobile app pen testing methodology
• Familiarity with at least one network and web application vulnerability scanners as well as source code analysis tools
• Familiarity with Security Standards and groups ( OWASP, WASC, PCI, FISMA etc.)
• Exposure to browser plug ins to perform security testing
• Exposure to security assessments of Native Mobile applications (Android/iPhone/ Blackberry etc).
• Hands on experience with the Mobile security assessment tools mainly with the platform specific SDK“s like Android SDK – adb, ddms, inbuilt tools with iOS SDK (XCode), iPhone simulator, iPhoneExplorer, otool, etc.
• Knowledge of database, application, and Web server design and implementation
• Knowledge of application Security Architecture
• Knowledge of the software development lifecycle is a plus
• Knowledge on Security in Windows and UNIX/Linux Operating Systems
• Knowledge of network exploitation, ethical hacking, penetration testing and tool development a plus
• Experience in writing scripts using .Net, Java, Perl, Python a plus
• Experience in application level attacks, bypassing firewalls, evading intrusion detection etc.
Education: BE/B.Tech/MCA.
Experience: 4 – 8 years in security testing.
Salary: Best in the industry.
Notice Period: Not an issue.

About ZenQA PVt Ltd: ZenQA is an 8 year old company located in premium I.T location’s of Hyderabad 1.K.Raheja I.T Park ”Mindspace”, 2.Cyber pearl 3.VBIT Park(Capella) in Hi-Tec City we have 250 Plus Resources in the above mentioned locations working on software development & Testing projects for clients from U.S.A, Canada, U.K & Australia, we are in the process of CMMI accreditation & we are in an intention to build the company to 500 employees by 2014.
Awards & Recognition : Winner of Deloitte Technology Fast 50 India 2012 & 2nd Best Indian SME in IT&ITES category in 2010.

Note: Applications have been closed.

Apply to this job

[Full-time] Application Security Technical Evangelist (presales) at HP Fortify

2013-01-23 11:07:11

Location: prefer Delhi, Bangalore, Mumbai
URL: http://www.hpenterprisesecurity.com/products/hp-fortify-software-security-center/

Description:

hello all,

wanted to share this opening with you.

o Your role is to explain, demonstrate, and prove to customers how the HP Fortify (application security) solutions are superior to the competition and the best fit for their needs.
o You want to be rewarded for making an impact to product revenue.
o You are strong in Java and/or .Net programming knowledge and Build tools but are looking to leverage those skills in a new direction.
o You would enjoy the satisfaction of helping customer protect valuable business data and defend national security.
o Your experience in engineering management or enterprise client consulting help you communicate to multiple stakeholders.
o You have demonstrated presentation skills to technical as well as non-technical audiences and/or leadership in a non-work organization.
o You would love to travel frequently to meet customers and partners in India and South East Asia.
o Any experience doing presales work would definitely be a plus.

Please note: If your background is only pen-testing and have had no full-time jobs as an application developer/SDLC, then it will probably not be a good fit in this particular position.

thank you.

Note: Applications have been closed.

Apply to this job

[Full-time] Senior Information Security Engineer / Analyst at OpenText Technologies India Pvt. Ltd.

2013-01-23 03:32:55

Location: Hyderabad
URL: http://www.opentext.com

Description:

Role Description:
The successful candidate will work as part of a small team reviewing world class enterprise information management applications. The position will focus on locating security vulnerabilities and preventing them as early as possible in the development process. In a time of increasing interconnectivity and rising expectations of rapid content delivery, security is a paramount concern. The analyst will be expected to demonstrate their technical knowledge and help Open Text produce software that exceeds the security requirements of customers worldwide.

Responsibilities: – Investigate reported vulnerabilities, providing information about defect type, steps to recreate – Setting up and managing own testing environments – Reliably perform security testing of products – Assisting in the preparation of plans to review software components through application security review. – Produce clear, concise and unambiguous reports – Provide feedback to development teams about the security of applications – Work with automated source code analysis tools – Create solutions (software, procedures) to help locate software defects – Analyze defects for root causes, make recommendations for remedies – Participate in threat modeling exercises, security assessments – Assisting in the preparation of plans to review software components through source code analysis or application security review. – Comment constructively on documents produced by others – Contribute to white papers about product security, testing, and related topics

Qualifications
Technical Proficiency: – Knowledge of the security of web services technologies, web servers, databases and web-based applications – Knowledge of common application security controls – Knowledge of application security issues – Knowledge of common technologies used in web applications (such as JavaScript, HTML, DHTML)

Functional Proficiency/knowledge: – Background/understanding of software development life cycle – Strong analytical / troubleshooting skills – Possess a commitment to quality and a thorough approach to work. – Good writing skills – Good communications and consultancy skills – The ability to work in a team and as an individual – A natural curiosity

Education: Minimum education or equivalent credentials the incumbent must possess in order to qualify for the role. – B.E./B.Tech – Previous experience in software application development

Experience:
6+ relevant experience. Highly developed professional/technical skills are needed to perform the job.

Note: Applications have been closed.

Apply to this job

[Full-time] Application Security Test Engineer at Code Decode Labs

2013-01-15 01:07:37

Location: Pune
URL: http://www.codedecodelabs.com

Description:
Urgently required, Application Security Test Engineer, with 2 to 5 years of relevant experience.

Skill Requirements –

Technical – -> In depth knowledge of Application Security Assessment and Application PT.
-> In depth knowledge of at least one programming language.
-> In depth knowledge of at least one scripting language.
-> Should be adept with tools of trade. Though, dependency on automated scanning tools is strongly discouraged.
-> In depth knowledge of App Sec methodologies and best practices.
-> Knowledge of Web App, Mobile App and Thick Client Apps is desired.
-> Knowledge of Web Servers and Application Development Framework is a plus.

Professional
-> Ability to meet hard deadlines efficiently
-> Relevant certifications.
-> Ability to handle clients independently.
-> Good Communication skills are mandatory.

Note: Applications have been closed.

Apply to this job