8 Security Tooling Jobs

Must have IAM & Zero-Trust Architecture experience Must have Cloud Platform & Security Tooling Must have Incident Response, Monitoring & Threat Detection Must have Compliance, Governance & Risk Management Must have Guiding security policies, standards, and procedures related to cloud environments

As an Engineering Manager Security Operations, your primary responsibility will be to define and lead the charter for infrastructure security, endpoint security, and security operations. This includes overseeing incident detection and response processes. You will be tasked with building and managing a high-performing team of security engineers who specialize in defensive operations and platform resilience. Additionally, you will be required to develop and uphold incident response plans, detection strategies, and escalation protocols. Collaboration with platform, SRE, and IT teams is essential as you work towards implementing secure configurations and controls across cloud and endpoint environments. Leading incident triage, forensic investigations, root cause analysis, and postmortem processes will also be part of your role. It will be crucial to enhance visibility into the environment through security tooling, logging, and telemetry while driving metrics-based reporting for operational excellence, incident trends, and risk posture. To qualify for this position, you must hold a Bachelor's degree in Computer Science, Engineering, or a related field (Masters preferred) and possess at least 8 years of experience in software engineering, infrastructure, or security-focused roles. Demonstrated leadership in infrastructure security, incident response, or security operations is a must. A strong understanding of cloud security (preferably AWS), endpoint hardening, and threat detection technologies such as SIEM and EDR is required. You should also showcase the ability to perform effectively in ambiguous environments with tight timelines, along with exceptional communication skills to articulate technical risks to non-technical stakeholders. Strong collaboration and stakeholder management skills are essential for this role. It would be beneficial to have exposure to product security and vulnerability management processes, familiarity with regulatory frameworks like SOC 2, ISO 27001, and PCI DSS, experience in fintech or high-growth startup environments, and knowledge of modern DevSecOps tools and practices.,

Imagine what you could accomplish by joining Apple's innovative team. At Apple, new ideas are transformed into exceptional products and experiences at a rapid pace. The diverse individuals at Apple are not just product builders but creators of revolutionary wonders that redefine entire industries. The collaborative environment fosters innovation and drives everything we do, from cutting-edge technology to industry-leading environmental initiatives. Join Apple's B2B team, where critical integrations with supply chain partners are managed, and play a vital role as a motivated and technically adept Security Engineer. As a Senior Security Engineer at Apple, your responsibilities will include conducting code reviews, collaborating with development teams to ensure secure coding practices, and utilizing analysis tools to assess software security. You will lead security assessments and threat modeling exercises to identify and address potential risks. Automation of security testing using various tools and technologies, incident response, and security awareness training are also key aspects of this role. Strong analytical skills and an automation mindset are valued, as they contribute to addressing complex security challenges and driving proactive threat detection. Qualifications: - Bachelor's or Master's degree in Computer Science or related field - Proficiency in programming/scripting languages (Java, JavaScript, Python) - Experience integrating and automating security checks in CI/CD pipelines - Conducting penetration testing on diverse technologies Preferred Qualifications: - Strong knowledge of network security, encryption protocols, access control, and identity management - Hands-on experience with security technologies like SAST, IAST, and DAST - Familiarity with cloud security principles, container security, and incident response - Understanding of SDLC security practices and compliance assessments - Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are desirable Apple is an Equal Opportunity Employer that values inclusion and diversity. We actively promote equal employment opportunities for all applicants, including minorities, women, protected veterans, and individuals with disabilities. Accommodations will be provided upon request for individuals with disabilities to ensure equal participation in the application process. If you are a talented and passionate individual looking to make a difference, we would love to hear from you. Submit your CV to join our amazing team at Apple B2B.,

The Product Security Architect role entails providing application and system-level security expertise and guidance to IA products as a part of the global product security community. This position involves supporting product security activities aligned with the Secure Development Lifecycle process across Aero products. Your responsibilities will include leading efforts with development teams to manage product risk and implement suitable security controls, integrating top-notch security requirements into product and service offerings, offering architecture and best practices guidance for building secure Honeywell products, and supporting various product security process activities such as threat modeling, security requirements, security reviews, vulnerability assessments, and risk management for IA applications. It is crucial to possess a background in product architecture and development along with experience in the Secure software development lifecycle. Additionally, you should have an understanding of security by design principles, architecture-level security concepts, and a current knowledge of security threats and techniques for exploiting vulnerabilities. You will play a pivotal role in mentoring and training the engineering development community, promoting the adoption of the shift-security-to-left practice, and leading new initiatives that enhance SDL processes and procedures. Qualifications: - Bachelors degree or equivalent work experience in Cyber Security or Information Technology - 6+ years of experience in Cyber Security - Strong interpersonal skills for facilitating diverse groups, negotiating priorities, and resolving conflicts - Knowledge of secure software development lifecycle - Basic Applied Cryptography knowledge including encryption algorithms, Public Key Infrastructure (PKI), Secure boot, and Open-source risk management - Proficiency in Microsoft threat modeling tool and reviewing vulnerability assessments - Background in product architecture and development - Software engineering or development experience - Knowledge of penetration testing - Familiarity with security regulations and standards - Understanding of Agile software development practices Preferred Qualifications: - Understanding DevsecOps and familiarity with CI/CD pipelines and security tooling - Information Security accreditation (CISSP/CSSLP or similar certifications) - Experience with security tools like SD Elements, BlackDuck Hub, Microsoft Threat modeling tool, SAST (Coverity, SonarQube), DAST (Burp, ZAP, AppSpider), Fuzzing, and continuous monitoring tools About Us: Honeywell assists organizations in addressing complex challenges in automation, aviation, and energy transition. As a trusted partner, we deliver actionable solutions and innovations through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments, empowered by our Honeywell Forge software, to create a smarter, safer, and more sustainable world.,

The Data & AI Security Operations Specialist plays a crucial role in the Data and AI Delivery Unit at BT. By utilizing innovative AI and Machine Learning techniques, you will contribute to making data-driven decisions and increasing revenue across various environments, including on-prem and Google Cloud Platform. Your primary responsibility will be to ensure the safe handling and protection of data at every stage of the process. This role involves promoting security strategies, Security by Design, security transformation, vulnerability management, and incident management. As a Data and AI Security Specialist, you will be expected to understand the relationship between data and AI with business processes and systems. Implementing a vulnerability management strategy, maintaining security posture, and leading efforts to reduce vulnerabilities are key aspects of the role. Additionally, you will oversee security tool rollouts, drive security transformation initiatives, monitor cyber threats, prioritize penetration testing, and identify automation opportunities within the security space. To succeed in this role, you must possess strong skills in stakeholder management, security experience, customer experience enhancement, problem-solving, and automation. Additionally, you are expected to have expertise in IT security policies, controls, remediations, technical solutions, security tooling, and cloud environments. Holding certifications like CISSP or equivalent, as well as Cloud Security Certification, is preferred. As part of BT's leadership standards, you will be required to lead inclusively and safely, take ownership of outcomes, deliver exceptional customer service, demonstrate commercial acumen, embrace a growth mindset, and build future-ready teams. BT Group, as a leading telecommunications company, is undergoing significant transformation with a focus on digital infrastructure projects and customer-centric innovations. Joining BT at this juncture presents an exciting opportunity to be part of a dynamic and forward-thinking organization. BT Group encourages diversity and welcomes applications from individuals regardless of whether they meet every single requirement listed in the job description. The company is committed to creating an inclusive workplace where everyone can thrive and contribute positively, irrespective of their background or qualifications. If you are enthusiastic about this role and believe you can make a valuable contribution, we encourage you to apply and explore the opportunities available within our team.,

As a member of the Software Security Engineering team at Splunk, a Cisco company, you will play a crucial role in tackling sophisticated security challenges at scale. Working closely with product development teams, you will be responsible for implementing secure software practices across Splunk's entire product portfolio. By analyzing evolving vulnerability patterns and real-world attack tactics, you will contribute to crafting innovative security solutions that safeguard Splunk's industry-leading products. Collaborating with Product Security, Risk, and Compliance teams, you will ensure that Splunk not only meets but exceeds new policy and regulatory requirements. The Global Security Team at Splunk is dedicated to building a safer and more resilient digital world. While our customers appreciate our unified security and observability platform, it is our employees who truly make Splunk a standout career destination. We value authenticity and encourage our employees to bring their whole selves to work, including their work experience, problem-solving skills, and unique passions. In this role, you will have the opportunity to: - Analyze emerging code vulnerability trends and research real-world attack patterns to address evolving security threats proactively. - Design and implement sophisticated security mechanisms to protect Splunk's products from vulnerabilities and attacks. - Work closely with cross-functional teams, including Product Development, Product Security, Risk, and Compliance, to integrate security into every phase of the software development lifecycle. - Contribute to shaping Splunk's security strategy by implementing secure coding standards and vulnerability management practices. - Ensure regulatory compliance by staying aligned with the latest policy and regulatory requirements. To be successful in this role, you should have: - A minimum of 4 years of experience in software security, with a deep understanding of secure coding practices, vulnerability management, and common security flaws. - Proficiency in programming languages such as Python, Java, C++, or Go, with the ability to identify and remediate security issues in code. - Knowledge of risk management principles and popular regulatory requirements such as FEDRAMP, HIPAA, and SOC 2. - Strong analytical and problem-solving skills to address sophisticated security challenges at scale. - A Bachelor's degree in Computer Science, Security, or equivalent work experience. Nice-to-have qualifications include familiarity with threat modeling techniques, experience in implementing security tooling and automation within software build pipelines, and security certifications such as CompTIA Security+ or GIAC Security Essentials. While these qualifications are desirable, we value the whole individual and encourage candidates to apply even if they do not meet all the criteria. Splunk is committed to creating an inclusive and diverse work environment and is an Equal Opportunity Employer. Join us in our mission to build a safer digital world and make a meaningful impact on the future of security at Splunk.,

The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in software applications throughout the Software Development Life Cycle (SDLC). As a key member of the in-house Red Team, your focus will be on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen the overall security posture. Your responsibilities will include planning and executing realistic attack simulations against web, mobile, and desktop applications, developing custom exploits, tools, and techniques to mimic advanced threat actors, and conducting social engineering campaigns to assess employee awareness. You will also be responsible for in-depth penetration testing of applications, networks, and systems, identifying and exploiting complex vulnerabilities, and developing detailed penetration test reports with actionable recommendations. In addition, you will conduct code reviews from an offensive perspective, provide guidance on secure coding practices, and develop secure coding guidelines. Staying up-to-date on the latest security threats, vulnerabilities, and exploit techniques will be crucial, as you will be conducting vulnerability research, developing custom exploits and tools, and integrating security testing into the SDLC. You will also collaborate with development teams, participate in design reviews, and promote a security-conscious culture within the organization. Validating and verifying the effectiveness of vulnerability remediation efforts, retesting remediated vulnerabilities, evaluating and customizing offensive security tools, and automating red teaming and penetration testing processes will also be part of your role. Your technical skills should include expert proficiency in programming languages, a strong understanding of web application vulnerabilities, experience with penetration testing tools and frameworks, cloud security principles, authentication and authorization mechanisms, and network protocols. The ideal candidate will have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, along with at least 8 years of experience in application security, penetration testing, or red teaming. Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Expert (OSCE), and Offensive Security Web Expert (OSWE) are highly preferred.,

Principal Application Security Engineer / Architect Location: Gurgaon, India (Hybrid 2 days/week in office) Department: Information Security / Application Security Reports To: Manager, Application Security Experience: 12+ years in cybersecurity, with a significant focus on application security and security architecture Employment Type: Full-time | Hybrid- 2 days/week Who You Are: You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development. Youre not only a strategist and a technical authority, but also someone who remains hands-on when it matters. You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction. You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise. You also play a pivotal role in Cvents Application Security Research & Engineering (ASRE) programguiding the development of internal tooling, automation, and innovative approaches to secure software at scale. What You'll Do: Design and own secure application architectures across Cvents product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services. Define and evolve application security strategy, driving initiatives that align with Cvents product roadmap and risk posture. Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines. Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC. Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles. Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation. Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints. Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building. Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience. What You Bring: 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices. Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices). Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems. Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments. Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc.); ability to prototype tools or support ASRE initiatives directly. Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis). Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform. Excellent communication skills with a proven ability to influence both technical and executive stakeholders. Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF. Bonus If You Have: Experience building security frameworks or reference architectures adopted across multiple product teams. Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development. Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc.). Certifications such as AWS Certified Solutions ArchitectAssociate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification. Why You'll Love This Role: You'll define and influence the security architecture of platforms used by thousands of customers worldwide. You'll work on high-impact initiatives with the authority to shape how security is donenot just today, but for the long term. You'll help grow and mentor a world-class AppSec team while staying close to the technology you love. You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation.