DevSecOps Engineer (Application & Cloud Security)

Role Overview:

Application and Cloud Security based out at Jaipur

Key Responsibilities:

Application Security & Architecture Review:

• Lead comprehensive security assessments (Blackbox, Greybox, Whitebox) for web and mobile applications.
• Conduct

  in-depth reviews of application architecture

  , especially during major changes or new integrations.
• Evaluate and approve security aspects of new application onboarding within the bank.
• Collaborate with development and infrastructure teams to embed security controls early in the design phase.
• Identify and suggest mitigation of vulnerabilities aligned with OWASP Top 10 and other frameworks.

Change Management & Governance:

• Actively participate in the

  Change Advisory Board (CAB)

  to review and approve changes from a security perspective.
• Provide detailed risk analysis and security recommendations for proposed changes and integrations.
• Ensure that all changes comply with internal security policies and regulatory standards.

Cloud Security (Exposure Level):

• Review cloud configurations and architecture for basic security hygiene and compliance.
• Provide guidance on secure usage of cloud-native services across AWS, Azure, Oracle, or GCP.
• Support teams in leveraging CSPM tools for posture management and visibility.

Security Automation & Tooling:

• Utilize scripting (Python/Bash) to automate security tasks and integrate tools.
• Manage vulnerability scanning and remediation workflows using tools like

  Qualys

  .

Key Requirements:

• 5–8 years of experience in Application and Cloud Security, with team management exposure.
• Strong understanding of secure architecture design and change management processes.
• Experience in reviewing and integrating security controls for new applications.
• Hands-on experience with vulnerability management tools (e.g., Qualys).
• Familiarity with cloud platforms and basic cloud security principles.
• Proficiency in scripting for automation and tool integration.
• Excellent communication and stakeholder management skills.

Preferred Qualifications:

• Certifications such as AWS Certified Security Specialist, EJPT, CISSP, CISM or equivalent.
• Exposure to DevSecOps practices and CI/CD pipeline security.
• Understanding of regulatory standards like ISO 27001, PCI-DSS, and SOC2.