Application Security Specialist

ZS

is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS.

Our most valuable asset is our people

.At

ZS

we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.

Application Security Specialist

We are seeking an experienced professional to join us as an Application Security Specialist in our Pune, India office. This professional will be responsible for Implementing DevSecOps Practices across cloud environments & mature ZS’s Application Security Program. This role requires strategic and out-of-box thinking, high technical expertise, and effective communication skills to proactively identify and address security risks.

What you'll do:

• Lead the design and implementation of DevSecOps framework, integrating security seamlessly into CI/CD pipelines across multiple environments and platforms.
• Collaborate with developers, SREs, and security teams to embed security controls and testing at build, deployment, and runtime stages.
• Build and manage automation for SAST, DAST, SCA, container security, and IaC scanning tools (e.g., SonarQube, Checkmarx, Snyk, Trivy, Terraform Scan).
• Analyze results from SAST, SCA, and DAST scans to validate findings, eliminate false positives, and work with development teams to prioritize and remediate security issues.
• Leverage expertise in TeamCity and AWS to build secure, scalable CI/CD pipelines and enforce security controls throughout the software delivery lifecycle
• Champion “shift-left” security practices by developing reusable pipelines, templates, and toolchains that promote secure coding and rapid feedback loops.
• Ensure ongoing visibility and reporting of security posture in cloud-native workloads, container platforms, and serverless environments.
• Lead training sessions and build developer-friendly resources to raise DevSecOps awareness across engineering teams.
• Stay current with evolving tools, threats, and best practices in secure software delivery, continuously innovating to improve security effectiveness and developer experience.
• Partner with product owners, developers, architects, and QA engineers to build secure-by-design applications.
• Provide mentorship and security guidance to internal stakeholders to raise overall security maturity.
• Collaborate closely with Application Security teams to align on secure development standards, threat modeling efforts, and triaging complex vulnerabilities identified during code and runtime analysis.
  

What you'll bring:

• Expertise in implementing DevSecOps practices in cloud-native CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins, TeamCity, Azure DevOps, Bit-Bucket).
• Strong hands-on experience with application security tools such as SonarQube, Fortify, Checkmarx, Snyk, Veracode, BlackDuck, Burp Suite, OWASP ZAP.
• Knowledge of containerization and orchestration security (Docker, Kubernetes, Helm) and tools like Trivy, Kube-bench, and Aqua.
• Working knowledge of programming/scripting languages like Python, Java, JavaScript, C#, .Net or go.
• Familiarity with cloud-native security controls (AWS Security Hub, Azure Defender, GCP Security Command Center).
• Strong scripting skills in Python, Bash, or PowerShell for automation and tool integration.
• Ability to develop and enforce security guardrails, policies, and standards in automated and scalable ways.
• In-depth understanding of OWASP, CWE, CVE scoring, and secure SDLC methodologies.
• Ability to clearly document findings and communicate risk effectively to technical and non-technical stakeholders.
• Strong Collaboration, Communication and Interpersonal skills with the ability to collaborate effectively with cross-functional teams, communicate complex technical concepts to non-technical stakeholders, and build consensus around security initiatives.
  

Good to have skills and abilities:

• Knowledge of policy-as-code frameworks (e.g., OPA/Gatekeeper, Sentinel).
• Familiarity with DevSecOps Maturity Models and experience driving measurable security improvements across teams.
• Exposure to compliance automation for frameworks such as SOC 2, HIPAA, GDPR.
• Experience in chaos engineering, resilience testing, or runtime application self-protection (RASP).
• Experience with Infrastructure as Code (IaC) security using Terraform, CloudFormation, and tools like tfsec or Checkov.
• Experience and expertise in application penetration testing, including business logic abuse, authentication/authorization flaws, and client-side vulnerabilities
• Familiarity with common reconnaissance, exploitation, and post exploitation techniques.
• Experience in API security testing, including assessment of REST and GraphQL endpoints for issues such as broken object-level authorization (BOLA), mass assignment, injection flaws, and improper rate limiting.
  

Academic Qualifications:

• Bachelor’s in computer science /management of computer information/information assurance or Cybersecurity
• 6+ years of DevSecOps / Secure DevOps /Security Engineer/ Application & Cloud Security roles
• Must have Certifications: OSWE/CSSLP/ AWS Certified Solutions Architect / AWS Security Specialty
• Preferred Certifications: AWS CLP, GIAC (GCSA), GIAC (GWAPT), OSCP, OSWA, OSEP, eWPTX
  

Perks & Benefits:

ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.

Travel:

Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.

Considering applying?

At ZS, we honor the visible and invisible elements of our identities, personal experiences, and belief systems—the ones that comprise us as individuals, shape who we are, and make us unique. We believe your personal interests, identities, and desire to learn are integral to your success here. We are committed to building a team that reflects a broad variety of backgrounds, perspectives, and experiences. Learn more about our inclusion and belonging efforts and the networks ZS supports to assist our ZSers in cultivating community spaces and obtaining the resources they need to thrive.If you’re eager to grow, contribute, and bring your unique self to our work, we encourage you to apply.ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.

To complete your application:

Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.

NO AGENCY CALLS, PLEASE.

Find Out More At:www.zs.com