Job
Description
Job Title: Application Security Lead Location: Remote (India-based) Employment Type: Full-Time About Us We are a rapidly growing cybersecurity firm delivering advanced security solutions to enterprises across the Middle East, Europe, and the United States. Our mission is to empower organizations to build and operate secure applications through strategy-driven, risk-based, and modern security practices. We're looking for a seasoned Application Security Leader to lead our global application security initiatives. Role Overview As an Application Security Lead , you will spearhead both the strategic direction and technical execution of application security programs for our clients. You will act as a trusted advisor, shaping security roadmaps, driving secure SDLC adoption, leading architecture reviews, and enabling secure innovation across development teams. Key Responsibilities Strategic Leadership Develop and own enterprise-wide application security strategies tailored to each client’s risk profile and maturity level. Define multi-phase strategic roadmaps aligned with OWASP SAMM, NIST, and ISO 27001 standards. Establish and evolve secure SDLC practices across diverse client environments. Advocate and align AppSec priorities with broader business, DevOps, and GRC goals. Drive metrics-driven governance and periodic maturity assessments to track progress and demonstrate value. Technical Execution Oversee secure code review processes and champion automated testing pipelines (SAST, DAST, SCA, etc.). Integrate security into CI/CD pipelines using tools like Veracode, Checkmarx, Fortify, SonarQube, and GitHub Advanced Security. Design and implement security control and requirements frameworks for web, mobile, API, and cloud-native applications. Guide remediation strategies, perform root cause analysis, and enable development teams to build secure code. Track and report application security KPIs and KRIs for technical and executive stakeholders. Lead application architecture risk analysis, threat modeling, and design review sessions. Customer Engagement Act as the primary interface for customers across the US and Europe for all AppSec-related engagements. Lead strategic workshops and executive presentations, translating technical risk into business context. Deliver high-quality documentation including AppSec policies, strategy decks, and board-level reporting. Requirements Must-Have 10+ years of progressive experience in Application Security, with at least 3 years in a strategic/architect-level role. Deep understanding of security frameworks: OWASP SAMM, OWASP ASVS, STRIDE, PASTA, and NIST 800-53. Hands-on experience with security tools across the SDLC: SAST, DAST, SCA, IAST, RASP. Strong grasp of secure architecture principles, cloud-native security (Azure/AWS/GCP), and API security. Demonstrated ability to lead AppSec strategy development and maturity assessments. Excellent stakeholder management, communication, and leadership skills. Bachelor’s degree in Computer Science, Information Security, or a related field. Preferred Professional certifications such as CSSLP, OSWE, GWAPT, or CISSP. Prior experience working with or advising enterprise clients in the US, Europe, or Middle East. Familiarity with DevSecOps practices, threat intelligence, and regulatory compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS). Working Hours Remote-first with some overlap required for client meetings in Europe and US time zones. Compensation Base salary of 40- 50k dollars plus bonus compensation above market compensation. Show more Show less
