Application Security Specialist

About the Company:

Headquartered in California, U.S.A., GSPANN provides consulting and IT services to global clients. We help clients transform how they deliver business value by helping them optimize their IT capabilities, practices, and operations with our experience in retail, high-technology, and manufacturing. With five global delivery centers and 2000+ employees, we provide the intimacy of a boutique consultancy with the capabilities of a large IT services firm.

Role Purpose:

Own operational SSDLC for 180 in-house apps + 900 third party/SaaS, drive adoption of Client SSDLC processes/tools, integrate security in Agile/DevOps/CI CD, coordinate remediation, and deliver pre release security reviews and monthly reporting.

Job Position:

Experience Required:

Location:

Primary Tools:

Key Responsibilities

• Drive SSDLC adoption across design→build→test→release→operate

• Conduct security reviews before release and enforce gates

• Integrate SAST/SCA/Secrets (Checkmarx, GitHub AS) and ASPM (Apiiro) into CI/CD (GitHub Actions/PR checks)

• Coordinate DAST enablement with DAST Ops; ensure pipelines block on critical findings

• Triage findings; create Jira remediation workflows; track SLA fixes and escalate delays

• Maintain vulnerability dashboards (Jira/Confluence, Apiiro)

• Provide developer training and Security Champions enablement

• Perform security assessments of third party/SaaS apps

Required Skills & Experience

8 to 10 years in AppSec/SSDLC operations; hands on with Apiiro, GitHub Advanced Security (CodeQL, secrets), Checkmarx, Jira/Confluence; strong CI/CD experience (GitHub Actions), SAST/SCA/DAST pipelines; vendor coordination; ability to coach developers (Java/.NET/JS/Python).

Shift Coverage

Systems Access & Request Process

• Apiiro:

  Project Admin via Jira/ServiceNow → AppSec Manager approval → Platform owner grant → quarterly recert.

• GitHub AS:

  Repo security settings via DevTools; approvals by Repo Owner + AppSec.

• Checkmarx:

  Project Admin; license tracked in Confluence; AppSec Manager approval. Jira/Confluence: Project + dashboard permissions via group; AppSec approval. SD Elements: Analyst/Admin (limited to leads).

Why choose GSPANN

“We GSPANNians” are at the heart of the technology that we pioneer. We do not service our customers, we co-create.

With the passion to explore solutions to the most challenging business problems, we support and mentor the technologist in everyone who is a part of our team. This translates into innovations that are path-breaking and inspirational for the marquee clients, we co-create a digital future with.

GSPANN is a work environment where you are constantly encouraged to sharpen your abilities and shape your growth path, We support you to become the best version of yourself by feeding your curiosity, providing a nurturing environment, and giving ample opportunities to take ownership, experiment, learn and succeed.

We’re a close-knit family of more than 2000 people that supports one another and celebrates successes, big or small. We work together, socialize together, and actively serve the communities we live in.

We invite you to carry forward the baton of innovation in technology with us.

At GSPANN, we do not service. We Co-create.

Discover your inner t

Accelerate your learning

Feel included

Inspire and Be Inspired

Enjoy Life

Give Back -

We invite you to carry forward the baton of innovation in technology with us.

Let’s Co-create.