8 App Security Jobs

Job Summary IAM Architect Develop the overarching vision principles and architecture for the workload identity and access management system across all environments like Azure GCP hybrid on premises Responsibilities Define the types of workload identities e.g. Managed Identities Service Accounts SPIFFE identities their attributes and their lifecycle management processes. Design the framework and specific policies for controlling workload access to resources based on the principle of least privilege. Define and design secure methods for workloads to authenticate and communicate with each other. Design the integration points and processes for connecting the workload IAM system with Fords current IAM infrastructure e.g. Entra ID Drive the creation of the long-term workload IAM governance framework ensuring alignment with industry best practices and Fords policies. Serve as the subject matter expert on workload identity concepts technologies e.g. Entra Workload Identity SPIFFE-SPIRE and best practices. Assess and recommend appropriate workload identity features and tools available in Azure GCP and other relevant platforms. Design the system to meet relevant security and compliance requirements

Job Summary The App Security Specialist will play a crucial role in ensuring the security and integrity of applications within the Hi-Tech domain. With a focus on Privileged Access Management the candidate will work in a hybrid model during day shifts. This position requires 11 to 14 years of experience emphasizing technical expertise and domain knowledge to safeguard company assets. Responsibilities Implement robust security measures to protect applications from unauthorized access and potential threats Collaborate with cross-functional teams to identify security vulnerabilities and develop effective mitigation strategies Conduct regular security assessments and audits to ensure compliance with industry standards and best practices Develop and maintain security policies and procedures tailored to the Hi-Tech domain Monitor and analyze security incidents providing timely responses and solutions to mitigate risks Utilize Privileged Access Management tools to control and monitor access to sensitive information Provide guidance and training to team members on security protocols and practices Stay updated with the latest security trends and technologies to enhance the companys security posture Ensure seamless integration of security solutions within the existing IT infrastructure Work closely with stakeholders to align security initiatives with business objectives Prepare detailed reports on security performance and present findings to management Support the development of secure application architectures and frameworks Contribute to the continuous improvement of security processes and systems. Qualifications Possess a strong understanding of Privileged Access Management and its application in securing sensitive data Demonstrate expertise in the Hi-Tech domain with a focus on application security Have a proven track record of implementing security solutions in a hybrid work environment Exhibit excellent problem-solving skills and the ability to work collaboratively with diverse teams Show proficiency in conducting security audits and assessments Be adept at developing and enforcing security policies and procedures Display strong communication skills to effectively convey security concepts and strategies Maintain a proactive approach to identifying and addressing security challenges Hold relevant certifications in application security and Privileged Access Management Be committed to continuous learning and staying abreast of industry developments Demonstrate the ability to balance security needs with business objectives Have experience in training and mentoring team members on security best practices Show a dedication to enhancing the companys security posture through innovative solutions. Certifications Required Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC)

We are keenly looking for a resource with 10+ years of experience who had both technical and managerial experience to execute a lead position from offshore. Primary Skill: Azure DevOps, Jfrog Artifactory, SonarQ, DevSecOps(SAST & DAST), Azure native App Security Secondary Skill: Containerization and Orchestration tools. Shift details: Day shift overlapping with EST (2PM-10:30PM) Technical Leadership & team management at Offshore: • Technical Leadership: Provide guidance to ensure best practices and quality standard are maintained in deliverables. Understand Selective standards and help ensure deliverables meets and adhere to the standards. If standards are missing collaborate with the core team to build standards as needed/required • Team Guidance: Lead and support DevOps engineers to achieve project goals. • Team Management: Lead and coordinate offshore DevOps teams. • Sprint Planning: Assist with offshore sprint planning, estimates, and timelines for the work aligned. • Work Execution: Run stand-ups and manage work execution. • Resource Optimization: Optimize team member capacity utilization. • Risk Management: Identify and mitigate risks aligned to the work • Documentation: Maintain detailed documentation of processes and projects Mature Offshore-Driven Operations and Operational capabilities : • SOP Development: Create standard operating procedures for operational tasks. • Communication: Establish clear channels with DevOps service consumers and stakeholders. • Continuous Improvement: Encourage innovation and automation. • SRE for key DevOps tooling: Build Site Reliability Engineering around DevOps platforms and tools. Build health checks for the key platforms. • Keeping platforms/tooling evergreen. Report/track on tech currency • Improve & automate operational onboarding - drive platform Self service capabilities for our end customer Collaboration and Coordination: • Stakeholder Updates: Provide regular updates to stakeholders. • Team Collaboration: Work with development, QA, and operations teams. • Performance Tracking: Develop and monitor key performance indicators (KPIs).

Responsibilities: * Collaborate with cross-functional teams on backend development & API integration * Develop apps using Flutter, frontend UI & data structures Assistive technologies Flexi working Work from home Over time allowance Employee state insurance Annual bonus Performance bonus Retention bonus Mobile bill reimbursements Provident fund

Job Title: Application Security (AppSec) Experience: 10+ Years Location: Hyderabad Department: Information Security / DevSecOps Industry: Software / IT Services / Product Engineering Job Summary: We are seeking a seasoned Application Security Focal with 10+ years of experience to lead our application security initiatives across the SDLC. The AppSec Focal will act as the central point of contact between development, DevOps, and security teams to ensure secure design, development, and deployment of applications. This role demands deep technical expertise in secure coding practices, threat modelling, SAST/DAST tools, and secure CI/CD integration. Key Responsibilities: Security Leadership & Governance: Act as the single point of contact for all application security initiatives within the organization. Define, implement, and enforce secure coding standards and security architecture reviews. Establish and maintain secure SDLC practices in collaboration with engineering teams. Drive risk assessments and provide actionable security recommendations for applications. Collaborate with compliance teams to support audits (ISO 27001, SOC 2, HIPAA, etc.). Technical Responsibilities: Lead threat modelling, secure code reviews, and vulnerability assessments. Manage and optimize the use of AppSec tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), SCA (e.g., Mend, Black Duck), and container scanning tools. Integrate security tools into CI/CD pipelines (e.g., Azure DevOps, GitLab CI/CD, Jenkins). Drive vulnerability triage and remediation with engineering teams. Analyze third-party components and APIs for security risks (open-source security management). Training & Awareness: Conduct secure coding workshops, OWASP Top 10 training, and awareness sessions. Build and maintain a knowledge base of secure development practices, checklists, and guidelines. Support incident response efforts in case of application-related security incidents. Required Skills & Experience: 10+ years of experience in application development and/or security engineering. Deep understanding of OWASP Top 10, CWE, CVE, and common attack vectors (XSS, SQLi, CSRF, etc.). Strong knowledge of application architectures (web, mobile, APIs, microservices). Hands-on experience with security tools (SAST, DAST, SCA, RASP, WAF, etc.). Proficiency in at least one programming language (Java, .NET, Python, Node.js, etc.). Familiarity with DevSecOps pipelines and security automation. Preferred Qualifications: Bachelor's/masters degree in computer science, Cybersecurity, or related field. Relevant certifications: CSSLP , OSWE , GWAPT , CISSP , or CEH Azure/AWS security certifications are a plus. Experience in Agile/DevOps environments and secure CI/CD implementation. Soft Skills: Excellent stakeholder communication, documentation, and leadership abilities. Ability to influence engineering teams and build a security-first mindset. Strong problem-solving and risk assessment skills. Reporting To: Head of Security / CISO / Enterprise Architect Work Mode: Hybrid / On-site / Remote

Location: Pune / Ranchi / Bangalore / NCR Hybrid Experience Level: 5-8 Years Employment Type: Full-time Job Title: Sr. Salesforce Developer About Teqfocus Teqfocus is looking for a driven and experienced Senior Salesforce Developer with deep knowledge of managed package development and AppExchange deployment. The ideal candidate should possess strong hands-on development expertise, particularly across Salesforce Health Cloud, OmniStudio, and integration frameworks. Key Responsibilities Managed Package Development & Deployment Lead the development and deployment of managed packages on AppExchange. Manage AppExchange security reviews, namespace, and versioning. Deliver end-to-end AppExchange deployments, including test coverage and documentation. Salesforce Development Build scalable solutions using Apex, LWC, Visualforce, and Triggers. Work with OmniStudio tools like DataRaptors, Integration Procedures, and FlexCards. Translate business needs into scalable Salesforce solutions (experience with Health Cloud preferred). Integrations Develop integrations with REST/SOAP APIs and middleware tools. Monitor and troubleshoot data flow for secure and scalable integrations. Best Practices and Code Management Follow Salesforce best practices, ensure reusable code, and maintain high standards. Use version control tools like Git and CI/CD pipelines for automated deployment. Required Qualifications 5-8 years of hands-on Salesforce development experience. 3-4 years in integration development and architecture. Minimum two full-cycle AppExchange deployments. Proficiency with OmniStudio tools. Salesforce PD1 and Admin certifications. Health Cloud experience is a plus. Good to Have Experience with Agentforce framework or similar solutions. Salesforce PD2 or certifications in Sales Cloud, Service Cloud, or Health Cloud. Soft Skills Strong analytical and problem-solving capabilities. Effective cross-functional communication and stakeholder collaboration. A proactive attitude and continuous learning mindset.

We are looking for someone with 10+ years of experience with Mobile app and Web development and Security engineering experience Role and Responsibilities: As the Senior Information Security for subsidiary , this role would report into the Group CISO. The primary focus of this role is to secure the mobile application and other software assets of subsidary. Work with existing engineering teams on securing the architecture of new features/capabilities and provide design guidance Working knowledge of mobile app security controls such as RASP (Runtime Application Self Protection). Provide Information security requirements as part of the sprint cycle. Develop technical solutions to help mitigate security vulnerabilities. Analyze vulnerabilities reported to exist on NBSL assets and Android/IOS Platform. Perform security code analysis and design reviews. Provide security and secure coding practices training to development team. Conduct research to identify new attack vectors against Android and IOS application. Security architecture review and design guidance. Qualifications: Bachelor's or master's degree in computer science, Information Security, or a related field. Skills: Strong mobile application security engineering background Must have general programming expertise and software or web development experience Proficient in Engineering custom-built Android and iOS apps Experience in authentication and encryption methods, including OAuth and Public Key Infrastructure (PKI) Ability to perform Threat modelling and risk assessment of mobile and web apps 5+ years of Web and Mobile Application Security testing Experience 2+ years of hand-on experience in DevSecOps workflows and CI/CD pipelines Deep familiarity with the OWASP Top 10 and other security concerns for web/mobile applications Good understanding of SAST, DAST, SCA Scanning practices. Scripting and Programming skills (E.g: Python, Perl, Bash, Ruby, PowerShell, react native, etc.) Hands on experience in security tools like, Burp suite, OWASP ZAP, MobSF, Frida, Checkmarx, SonarQube etc. Certifications (any two): CSSLP, eMAPT, CEH, OSWA, OSCP, CPTS, eWPTX, KCSA, GMOB, GWEB (Good to Have: OSWE, CWEE, CISSP, CKS)

Roles and Responsibilities : Conduct security assessments of web applications to identify vulnerabilities and provide recommendations for remediation. Develop and implement secure coding practices, ensuring compliance with industry standards such as OWASP. Collaborate with development teams to design and develop secure software architectures, leveraging technologies like CISM, OSCP, CISSP. Provide training on application security best practices to clients' IT staff. Job Requirements : 4-10 years of experience in application security testing and consulting. Strong understanding of web application security principles and OWASP guidelines. Proficiency in tools such as Nessus, Acunetix, Tenable for vulnerability scanning and penetration testing.