Application Security Specialist

Job Title: Application Security Specialist

Experience Required: 6–8 Years

Location: Noida

Job Type: Full-Time

Department: Cyber Security

Reporting to: Head/CISO Cyber Security.

Role Overview:

As an Application Security Specialist at one of our client, you will be responsible for embedding security into the development lifecycle of cutting-edge cloud-native and edge computing applications. You will collaborate with cross-functional teams to ensure secure design, development, and deployment of software products, while also contributing to the organization’s GRC initiatives.

Key Responsibilities:

Application Security (80%)

•  Lead the design and implementation of secure software development lifecycle (SSDLC) practices across product teams.

•  Conduct threat modelling and secure code reviews for applications built on Coredge platforms.

•  Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using DevSecOps practices and have a strong understanding of secure GitHub, Docker Hub etc.

•  Collaborate with developers to remediate vulnerabilities and promote secure coding.

•  Perform penetration testing and vulnerability assessments on web, and microservices-based applications.

•  Define and enforce application security policies aligned with Coredge’s product architecture.

•  Monitor emerging threats and recommend proactive security measures.

•  Lead incident response for application-level security breaches.

•  Collaborate with product managers and architects to ensure security requirements are embedded in product design.

•  Conduct regular security training and awareness sessions for developers and QA teams.

•  Evaluate and implement new security tools and technologies to enhance application security posture.

•  Maintain a vulnerability management program for applications, including tracking, reporting, and remediation.

•  Participate in bug bounty programs and coordinate with external researchers to validate and remediate findings.

•  Develop and maintain security dashboards and metrics to report on application security health.

•  Contribute to open-source security initiatives and represent Coredge.io in industry forums.

Governance, Risk, and Compliance (20%)

•  Work with legal and compliance teams to ensure applications meet regulatory requirements (e.g., GDPR, HIPAA, DPDP).

•  Support internal and external audits related to application security and compliance.

•  Develop and maintain documentation for security policies, standards, and procedures.

•  Conduct risk assessments and contribute to enterprise risk management initiatives.

•  Ensure alignment of application security practices with broader GRC frameworks and corporate governance.

•  Collaborate with stakeholders to implement controls that meet compliance and regulatory standards (e.g., PCI-DSS, ISO 27001).

•  Track and report on compliance metrics and risk mitigation efforts.

Preferred Qualifications:

•  Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

•  6–8 years of experience in application security, software development, or penetration testing.

•  Strong understanding of OWASP Top 10, SANS CWE Top 25, and secure coding practices.

•  Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation).

•  Hands-on experience with tools like SonarQube, Trivy, Burp Suite, Checkmarx, Veracode, Kali Linux and GitLab CI/CD.

•  Proficiency in languages such as Java, Python, Go, or JavaScript.

•  Experience with DevSecOps and integrating security into Agile/DevOps workflows.

•  Knowledge of regulatory and compliance standards (e.g., DPDP, PCI-DSS, HIPAA, GDPR).

•  Mandatory Certifications such as CEH, OSCP, or GWAPT are highly desirable (Any one of them).