Senior Application Security Engineer

Company Profile

Our client is a global IT services company that helps businesses with digital transformation with offices in India and the United States. It helps businesses with digital transformation, provide IT collaborations and uses technology, innovation, and enterprise to have a positive impact on the world of business.

With expertise is in the fields of Data, IoT, AI, Cloud Infrastructure and SAP, it helps accelerate digital transformation through key practice areas - IT staffing on demand, innovation and growth by focusing on cost and problem solving.

Job Profile:

Location:

Employment Type:

Preferred experience:

The Role

The AppSec DevSecOps Engineer is responsible for integrating security across the CI/CD pipeline, strengthening application security through automated and manual testing, and enabling secure development practices across engineering teams. The role focuses on DAST, threat modeling, vulnerability triage, security automation, and driving DevSecOps adoption to ensure continuous, scalable, and proactive security coverage.

Responsibilities

- Lead threat modeling exercises and manually validate findings from DAST tools such as Fortify WebInspect.

- Integrate and optimize AppSec tools (DAST/SAST/SCA/Secrets Scanning) within CI/CD pipelines.

• Perform manual security testing to uncover business logic gaps and abuse cases.
• Conduct second-level triage for critical/high-risk vulnerabilities and ensure effective prioritization.
• Evaluate DAST tool coverage, feature utilization, and recommend improvements for automation.
• Collaborate with development, DevOps, and cloud teams to embed security gates into CI/CD workflows.
• Conduct stakeholder discussions on AppSec findings, false positives, and security exceptions.
• Guide application teams on secure coding, remediation planning, and secure architecture patterns.
• Ensure timely DAST testing, reporting, SLA adherence, and maintain key AppSec metrics.
• Mentor analysts and contribute to developing security automation, scripts, and self-service security capabilities.

Must - Have Qualifications:

• Strong hands-on experience with AppSec tools: DAST (Fortify WebInspect), SAST, SCA, secrets scanning.
• Experience integrating security tools into CI/CD pipelines (Jenkins, GitLab CI, Azure DevOps, GitHub Actions).
• Deep knowledge of OWASP Top 10, API Security Top 10, and common application attack vectors.
• Strong manual testing skills for business logic and abuse-case detection.
• Experience triaging vulnerabilities and validating true/false positives.
• Solid understanding of secure SDLC, DevSecOps practices, and cloud-native security basics.
• Excellent communication for stakeholder discussions and developer enablement.

Preferred Qualifications:

• Experience with IaC security (Terraform, CloudFormation) and container security (Docker, Kubernetes).
• Knowledge of threat modeling tools (e.g., ThreatModeler, MS Threat Modeling).
• Scripting skills (Python, Bash, PowerShell) for automation.
• Exposure to IAST and RASP solutions.
• Security certifications like OSCP, OSWE, GWAPT, CEH, or DevSecOps-specific credentials.

Application Method

Apply on LinkedIn or email your resume to: careers@speedmart.co.in