Technical Lead - Application Security

Technical Lead – Application Security

Location: Mumbai, India (Onsite)

Experience Required: 20+ years (Application security + AI/ML security)

Compensation: As per industry benchmarks

Employment Type: Full-Time | Permanent

Role Overview

We are hiring a Techno Managerial Lead – Application Security to join our CISO team in

Mumbai. This is a critical, hands-on leadership role that blends strategic oversight with deep

technical expertise in application security. The ideal candidate will spearhead security testing

of applications, evangelize secure software development practices, lead secure code reviews,

and collaborate across teams to embed security into the software development lifecycle (SDLC).

Key Responsibilities

• Strategic Leadership:

✓ Define and evolve the bank’s application security strategy and roadmap including

AI/ML and LLM security testing.

✓ Align security initiatives with business goals and regulatory requirements.

• Technical Execution:

✓ Lead secure SDLC integration across development teams(including DevSecOps) of

security testing tools.

✓ Oversee application security tools & processes for SAST, SCA DAST, Code Review

across diverse technologies such as Web, Mobile, API etc.

✓ Participate and provide expert opinion in secure architecture design reviews for

critical applications.

✓ Ensure periodic refresh of test cases catalogue against bank specific use-cases,

emerging threats & global frameworks.

✓ Define, publish, and govern policies, secure coding standards, and open-source usage

guidelines.

✓ Leverage AI security tools for scanning, fuzzing, and penetration testing of AI models.

✓ Apply best practices from OWASP Top 10 for ML/LLMs, MITRE ATLAS, NIST AI RMF,

and ISO/IEC 42001 to test AI/ML assets.

✓ Stay informed about emerging threats and security trends in AI/ML technologies, and

provide recommendations for enhancing security posture.

✓ Ensure AI model security testing framework aligns with internal policy, national

regulatory requirements, and global best practices.

Classification - Internal

Classification - Internal

✓ Plan and execute security tests for AI/LLM systems, including jailbreaking, RAG

hardening,

• Program Management:

✓ Build and lead a high-performing AppSec team for pre-golive security testing as well as

post-go live testing of scoped applications through structured calendar program.

✓ Develop and track KPIs and metrics to measure program effectiveness.

✓ Manage vendor relationships and maintain centralized governance across application

security, source code review, open source, and AI Security programs.

✓ Drive compliance with internal and regulatory requirements through periodic security

testing and reporting.

• Stakeholder Engagement:

✓ Collaborate with engineering, risk, development, DevOps, risk, and compliance teams.

✓ Provide executive-level reporting and risk insights.

✓ Build and expand a security-first development culture through continuous secure

coding training, workshops, and security champion’s programme to promote security

awareness and advocacy within development teams

Required Skills & Experience

• 20 years of experience in cybersecurity, with at least 15 years in application security

program management, development & testing (SAST/DAST/SCA) and minimum 5 years in

leadership roles.

• Proven track record of managing large-scale AppSec programs in BFSI or regulated

environments.

• Experience in dealing with regulatory bodies and response.

• Hands-on experience with secure coding, manual application penetration testing, and

DevSecOps practices.

• Experience working with cloud-native applications and microservices architectures.

• Deep understanding of OWASP Top 10 for Web, Mobile and API and their corresponding

OWASP Testing guides, CWE and OWASP developer guide and other secure coding

standards.

• Proficiency in security tools: Fortify, Checkmarx, Veracode, MobSF, Frida, Xposed

Framework, Cydia, JDgui, Burp Suite, etc.

• Strong programming background (Java, .NET, Python, etc.) would be an added advantage.

• Familiarity with CI/CD pipelines and integrating security into DevOps.

• Hands-on experience with AI/ML security or secure MLOps/LLMOps

• Proficient in Python, TensorFlow/PyTorch, HuggingFace, LangChain, and common data

science libraries

• Strong understanding of AI-specific threat models (MITRE ATLAS) and security

benchmarks (OWASP Top 10 for ML/LLMs)

• Excellent communication, leadership, and stakeholder management skills.

• Ability to translate technical risks into business impact clearly to non-technical

stakeholders

Classification - Internal

Classification - Internal

Qualifications and Certifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

• Certifications: CISA, CISM, CISSP, CSSLP, OSCP, OSWA, OSWE, SANS WAPT SEC542, Cloud

Security, ML Security, or relevant AI/ML certificates

• Why Join Us?

✓ Work on mission-critical security initiatives in a high-impact role.

✓ Be part of a forward-thinking cybersecurity team in a leading financial institution.

✓ Opportunity to shape the future of secure banking applications.