DevSecOps/ AppSecOps Staff Engineer

First American (India),

If you're driven by impact, thrive in collaborative environments, and want to shape how world-class products are delivered, this is the place for you.

Job Title: DevSecOps/ AppSecOps Staff Engineer

About the Role

Platform Security Engineer

What You Will Do:

• Application Security Ownership: Take end-to-end responsibility for application security initiatives, including vulnerability remediation, conducting security reviews, and educating internal teams on secure coding practices and standards.
• Technical Issue Resolution: Proactively identify, investigate, and resolve security vulnerabilities across applications, infrastructure, and cloud environments.

• Vulnerability Management: Lead efforts to detect, assess, and remediate infrastructure and software vulnerabilities, ensuring timely patching and mitigation in alignment with security policies.

• Cross-Functional Alignment and Cross-Team Collaboration: Collaborate with engineering, infrastructure, and compliance teams to ensure that platform capabilities and security measures align with broader organizational objectives.
• Continuous Improvement and Strategic Thinking:: Drive initiatives to continuously enhance platform security and efficiency using DevSecOps skills, by optimizing workflows, automating controls, and implementing industry best practices to align efforts with organizational goals.
• Familiarity

  with DAST, SAST, and IAST

  Testing for comprehensive application security assessments.

What You Bring:

• Over 7 years of hands-on experience in Application Development and DevOps

  , including

  at least 3 years of specialized experience in DevSecOps or AppSecOps domain

  .
• Deep understanding of application, infrastructure, and cloud security principles. Proven experience in identifying, remediating, and preventing vulnerabilities across the stack.

• Advanced knowledge of AWS/GCP and Azure

  ,

  Networking,

  IAM

  ,

  encryption

  , and

  compliance controls

  .
• Experience with tools like Veracode, Prisma Cloud\Compute, Qualys to detect and remediate vulnerabilities in code, containers, and infrastructure.
• Ability to guide teams in addressing OWASP Top 10 and SANS Top 25 vulnerabilities, conduct threat modeling, and perform secure code reviews and penetration testing.
• Familiarity

  with DAST, SAST, and IAST

  Testing for comprehensive application security assessments.
• Excellent communication, critical thinking, and problem-solving skills. Comfortable working independently or collaboratively in fast-paced, high-stakes environments.
• Generate detailed vulnerability reports with proof-of-concept (PoC) evidence, risk ratings, and actionable remediation recommendations.

Good To Have:

• Scripting knowledge, mainly with Python.
• Experience in bringing awareness across engineering teams, and embedding security into the SDLC.
• Strong ability to document technical findings, communicate risks and recommendations clearly to developers, and advocate for security best practices.