We are seeking a talented individual to join our Dev Ops team at Marsh McLennan. This role will be based in Pune. This is a hybrid role that has a requirement of working at least three days a week in the office.
We will count on you to:
- Conduct comprehensive security-focused pull request reviews across multiple applications and technology stacks
Design, develop, and maintain reusable security libraries, frameworks, and boilerplate code for development teams Establish and enforce secure coding standards through technical guidance and code review processes Create and maintain security-focused development tools, linters, and automated checks Architecture & Design - Review and provide technical input on application architectures from a security perspective
Participate in design reviews and technical discussions to ensure security best practices are embedded from the ground up Perform threat modeling and security architecture assessments for new and existing applications - Collaborate with engineering teams to design secure, scalable solutions that meet business requirements
Security Champion Leadership Serve as the senior technical member within the Security Champion community across MMC - Mentor and guide other security champions, providing technical expertise and best practice guidance
Lead technical discussions regarding proposed changes to Application Security Standards and guidelines - Act as resident security expert and technical consultant across multiple application portfolios
Development & Implementation Actively contribute to secure application development through hands-on coding and technical implementation Integrate security controls and features into applications (RBAC, authentication, authorization, encryption, etc.) - Develop and maintain security testing frameworks and automated security validation tools
Contribute to the design and implementation of security infrastructure and deployment pipelines Standards & Process Establish and maintain technical security standards, guidelines, and best practices for development teams - Provide technical guidance on vulnerability assessment, triaging, and remediation approaches
Review and validate security incident remediation, including secrets management and disposal Ensure alignment with industry standards (OWASP Top 10, SANS Top 25, CWE) and internal security policies Collaboration & Communication Work closely with development teams, product owners, and architects to integrate security seamlessly into the development process - Serve as technical liaison between development teams and global information security
Provide technical training and knowledge sharing sessions on secure development practices Communicate complex security concepts clearly to both technical and non-technical stakeholders
What you need to have:
Bachelors degree in Computer Science, Engineering, or equivalent technical experience
Overall experience of 14+years, 7+ years of software development experience with strong engineering fundamentals Expert-level proficiency in multiple programming languages (JavaScript/TypeScript, Python, Java, C#, etc.) Deep understanding of modern application architectures, microservices, and cloud platforms (Azure, AWS) Extensive experience with CI/CD pipelines, DevOps practices, and infrastructure as code Advanced knowledge of secure coding practices, common vulnerabilities, and security testing methodologies Security Specialization Advanced expertise in application security principles, practices, and industry standards Experience with security testing tools (SAST, DAST, IAST, dependency scanning) Deep understanding of authentication, authorization, cryptography, and secure communication protocols Knowledge of threat modeling methodologies and security architecture patterns Experience with security frameworks and compliance requirements (SOC 2, ISO 27001, NYDFS, etc.) Leadership & Communication Proven track record of leading technical initiatives and mentoring development teams Excellent communication skills with ability to influence and educate technical and non-technical audiences Experience working in distributed, cross-functional teams across multiple time zones Strong problem-solving skills with ability to balance security requirements with business needs
What makes you stand out:
Technical Excellence Demonstrated ability to architect and implement enterprise-scale security solutions Experience building and maintaining security-focused development tools and frameworks Deep expertise in multiple technology stacks and ability to quickly adapt to new technologies Track record of successfully implementing security controls in complex, distributed systems Leadership & Impact Experience leading security transformation initiatives within large organizations Proven ability to influence engineering culture and drive adoption of security best practices Experience with site reliability engineering (SRE) practices and security operations Innovation & Continuous Learning Active participation in security communities, conferences, and open-source projects Proactive approach to staying current with emerging security threats and technologies Experience with AI/ML security considerations and secure integration of LLM technologies Demonstrated ability to translate business requirements into technical security solutions
What makes you stand out?
- Experience with microservices architecture and serverless computing
- Certifications in AWS, Azure, GCP, or DevOps tools (e.g., Certified Kubernetes Administrator, AWS Certified DevOps Engineer)
- Knowledge of network security, firewalls, and VPNs
- Ability to automate and optimize operational processes
- Strong interpersonal skills and ability to work across teams and geographies
- Passion for learning new technologies and continuous improvement
.
