13 Threat Modeling Jobs

Description We are seeking a skilled Penetration Tester to join our cybersecurity team in India. The ideal candidate will have extensive experience in identifying and addressing security vulnerabilities in various systems and applications, ensuring our organization's data remains secure. Responsibilities Conduct penetration testing on web applications, mobile applications, and network infrastructures. Identify and exploit vulnerabilities in systems and applications. Prepare detailed reports on security assessments, vulnerabilities found, and recommendations for remediation. Collaborate with development and IT teams to discuss security findings and suggest best practices. Stay up-to-date with the latest security trends, threats, and technology developments. Develop and maintain testing methodologies and procedures. Skills and Qualifications 6-11 years of experience in penetration testing or a related field. Strong understanding of web application security vulnerabilities (OWASP Top 10). Proficiency with penetration testing tools such as Burp Suite, Metasploit, Nmap, and Wireshark. Experience in performing security assessments, vulnerability assessments, and threat modeling. Knowledge of network protocols, firewalls, and intrusion detection systems. Familiarity with scripting languages (Python, Bash, etc.) for automation of tasks. Certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent are preferred. Excellent analytical and problem-solving skills. Strong communication skills to present findings and recommendations effectively.

Description We are seeking a skilled Penetration Tester to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities in our systems and applications, helping to ensure the security of our infrastructure. This role requires a deep understanding of cybersecurity principles and hands-on experience in penetration testing. Responsibilities Conduct penetration testing on various applications, networks, and systems to identify vulnerabilities. Prepare detailed reports on security findings, vulnerabilities, and recommendations for remediation. Collaborate with development and IT teams to ensure secure coding practices are followed. Stay updated on the latest security trends, threats, and technology solutions. Participate in security assessments and audits as required. Develop and maintain testing methodologies and frameworks. Skills and Qualifications 3-8 years of experience in penetration testing or related field. Strong understanding of networking protocols and security standards. Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Wireshark. Experience with programming/scripting languages such as Python, Bash, or PowerShell. Knowledge of web application security issues and countermeasures (e.g., OWASP Top Ten). Certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent are a plus. Excellent analytical and problem-solving skills with attention to detail. Strong communication skills, both verbal and written, to convey findings to technical and non-technical stakeholders.

Roles And Responsibilities: - Experiences with Cloud security defensive techniques and threat modelling. Experiences with designing, implementing secure cloud architectures, incident response and investigation of security breaches. Develop detection rules to support our SOCalerting and response capabilities. Maintain threat intelligence databases in cloud platforms. Provide expert analytic investigative support to analysts for complex security incidents. Implement and execute administrative, management, and lifecycle procedures for the SIEM. Lead network security design for cloud solutions, including automation to support cloud expansion and network segmentation strategy. Review security controls measures, identify gaps in the security architecture, and implement improvements or enhancements as needed. Implement email security standards such as DKIM, SPF and DMARC. Demonstrated experience with deploying and operating network security tools, including but not limited to IDS, firewalls, proxies and security gateways. Evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Researches and investigates the potential impact of new threats and exploits and recommends solutions to management. Provides guidance on risks, vulnerabilities, or potential vulnerabilities within the architecture. Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues. Certification:Cloud security certification, CEH, CISSP

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; Perform manual and automated security assessment of the applications; Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Introduction In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelors Degree Preferred education Masters Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Senior Cybersecurity Specialist Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity into industrial and IoT environments We would like to have you on our team to keep smart cities cybersecure! The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. It's where we combine the physical world - escalators and elevators - with smart and connected digital systems. We are changing and improving the way billions of people move within cities every day. Within the KONE Technology & Innovation unit, we have a dedicated Cecurity team for assuring the security of KONE's products and solutions as well as applications used by KONE's business lines. Buzzwords: Application security, Cloud security, SDL, DevSecOps We are now looking for a person to support and drive the Security Development Lifecycle (SDL) activities in KONE solution development projects. Our solutions range from connected elevator systems to cloud services and to mobile applications for technicians and for end users. As a Senior Cybersecurity Specialist, you will be responsible for supporting KONE development teams globally to identify and implement security requirements and to review and test the solutions as they have been implemented. You enjoy working in co-operation with development teams to offer solutions for security problems and practical guidelines on how to implement security in the projects. You get to conduct threat analysis and identify the appropriate security requirements. You don't shy away from getting hands on with application owners and developers to guide them or help them implement the necessary security controls. Through validation and testing you ensure that controls are implemented, and the requirements fulfilled. You support our becoming and existing Security Champions to succeed in their roles by guiding, identifying their skill gaps, and providing training. You might be an experienced security-minded software developer, or perhaps you are a cybersecurity professional who has specialized in application security. You can communicate with various audiences, and you can deal both with the big picture as well as with details when so required. The position is located in Pune, India. Responsibilities Act as a cybersecurity advisor and provide security expertise and guidance to development and operations teams. Conduct risk-based security impact assessments to classify applications and assign appropriate security requirements. Translate requirements into actionable tasks and guide stakeholders in understanding and implementing them. Detect security issues during validation and operation using automation and scenario-based testing. Help teams to understand and mitigate risks and vulnerabilities. Review and enhance security documentation and assessments from Security Champions, offering constructive feedback. Monitor R&D and IT stakeholder needs and deliver targeted security training or clinics. Collaborate within the Cybersecurity team to improve KONE's security management system, SDL standards, processes, and tools. Requirements 5+ years of experience in cybersecurity. CISSP, CSSLP or other relevant certifications are considered a plus. Educational qualifications (B. Sc. or M Sc. in computer science, business administration, information technology management, information systems security or related) Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM) Familiarity with security standards and best practices (for example: ISO 27001, IEC 62443, OWASP) Experience in threat modeling and security risk assessment Experience with DevSecOps practices and tools (SCA, SAST, DAST) Experience with cloud platforms (AWS or Microsoft Azure) Why to join KONE's cybersecurity team We at KONE's cybersecurity team are at an interesting point currently. Our focus has been on modernizing enterprise cybersecurity to limit risks with day-to-day operations but at the same time, we are building our industrial and product cybersecurity. KONE is on a digitalization journey and our elevators are transforming from a steel box on the end of a rope into central platforms of smart buildings. We are bringing totally new kinds of innovative solutions to the market to enable even smarter people flow. As our offering becomes more digital, excellent cybersecurity plays a crucial role in building customer trust. KONE Technology and Innovation We are changing and improving the way billions of people move within buildings every day. Hardware is where we've always shined, but today, digital expertise - IoT, analytics, AI, automation, simulation, to name a few - is equally important for our continued success. What's KONE Technology & Innovation like as a workplace We like to think of ourselves as a diverse tribe, pulling together to understand and meet the ever-changing needs of our customers, from concept through to design, down to every single finished product. This all happens in an atmosphere of trust and respect, typified by our Nordic values, a healthy work-life balance, and a flat hierarchy. Read more on

Description We are seeking a Senior/Staff Automotive Cybersecurity Engineer to join our team in India. This role is crucial in ensuring the security of our automotive systems against evolving cybersecurity threats. The ideal candidate will have a strong background in automotive cybersecurity, with hands-on experience in implementing security measures and conducting vulnerability assessments. Responsibilities Design and implement cybersecurity solutions for automotive systems. Conduct risk assessments and vulnerability analyses on automotive software and hardware components. Develop and maintain cybersecurity policies and procedures to safeguard automotive systems. Collaborate with cross-functional teams to integrate security measures into the product development lifecycle. Stay updated on the latest cybersecurity threats and trends affecting the automotive industry and implement appropriate countermeasures. Provide training and guidance to junior engineers on cybersecurity best practices and standards. Skills and Qualifications Bachelor's or Master's degree in Computer Science, Cybersecurity, Electrical Engineering or related field. 3-8 years of experience in automotive cybersecurity or related field. Strong understanding of automotive communication protocols (e.g., CAN, LIN, Ethernet). Experience with security frameworks and standards such as ISO/SAE 21434, UNECE WP.29, and others. Proficiency in programming languages such as C, C++, or Python for developing security tools and scripts. Hands-on experience with cybersecurity tools for penetration testing, threat modeling, and security assessments. Familiarity with secure software development practices and methodologies. Excellent analytical and problem-solving skills, with a keen eye for detail. Strong communication skills to convey complex cybersecurity concepts to non-technical stakeholders.

EagleView, the leader in aerial imagery, is hiring a Senior Application Security Engineer to help validate that our services, applications, and websites are designed and implemented to the highest security standards. Overview You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. A Senior Security Engineer at EagleView is expected to be strong in multiple domains and provide significant contributions to the Product Security team and to multiple groups throughout EagleView. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the Product Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought-out resource (both within Product Security and by groups throughout EagleView), while having an understanding of the application of Information Security in a broad range of technical areas. A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Responsibilities Application security reviews (threat modeling, ASVS) Vulnerability Assessment and Penetration Testing (VAPT) Management and reporting of vulnerabilities to Engineering Security training and outreach to internal development teams Documentation and process improvement Security metrics delivery Mentor and coach junior security engineers Qualifications BA or MS in Computer Science or related field, or equivalent work experience Minimum of 5 years of experience working in Application Security domain by conducting threat model reviews, design reviews, code reviews, secure coding, identity management and authentication, software development, cryptography, system administration and network security Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography Preferred Experience: A deep understanding of web application design and services, such as but not limited to RESTful APIs, User facing applications, and foundational design principles Complete understanding of common vulnerability standards such as OWASP Top 10 and CWE 25 Experience with multiple programming languages (such as, Java, C++, Go, C, Python, etc.) Experience implementing security solutions at the business division level Able to work in a diverse team Excellent written and verbal communication skills Demonstrable teamwork skills and resourcefulness Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid analysis paralysis) Strong sense of ownership, urgency, and drive

We are seeking a highly experienced Security Engineer to join our team in India. The ideal candidate will have extensive experience in information security and a deep understanding of security best practices, tools, and technologies. You will play a critical role in protecting our organization's information assets and ensuring compliance with security standards. Responsibilities Design and implement security architectures for various systems and applications. Conduct vulnerability assessments and penetration testing to identify security weaknesses. Monitor security incidents and respond to alerts in a timely manner. Develop and enforce security policies, standards, and guidelines. Collaborate with IT and development teams to secure software and hardware infrastructures. Stay updated on the latest security trends, threats, and technology solutions. Provide training and awareness sessions to staff on security best practices. Skills and Qualifications 10-15 years of experience in information security or related field. Strong knowledge of network security protocols and technologies (e.g., firewalls, IDS/IPS). Experience with security tools such as SIEM, DLP, and anti-virus software. Familiarity with compliance regulations (e.g., GDPR, ISO 27001, PCI DSS). Proficiency in scripting languages (e.g., Python, Bash) for automation. Strong analytical and problem-solving skills. Excellent communication and collaboration skills. Relevant certifications (e.g., CISSP, CISM, CEH) are preferred.

The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world's biggest challenges. We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer's business critical applications. What is Security Products Group at OCI OCI Security Products Group is building comprehensive product portfolios to protect customers cloud environments with innovative approaches and hyperscale efficiency. Our core security pillars are: customer isolation, data encryption, security controls, visibility. Our vision is to build the most secure cloud environment for our customers to build their applications confidently on top of OCI. We are making strategic decision to heavily invest on detecting system vulnerabilities and threat activities, correlate and analyze problems, then remediate, notify and block attacks from malicious actors against customer cloud environment. We offer a rich set of services to help our customer to secure their data, flexible access to their environment, detect the vulnerabilities and treats in their environment, source code, applications and containers, take remediations to protect customers based on the industry best practice such as CVE and CIS. Our solutions will ensure customers confidently build their business in Oracle Cloud. Career Level - IC5 Who are we looking for We are looking for engineers with distributed systems experience. You should have experience with the design of major features and launching them into production. You've operated high-scale services and understand how to make them more resilient. You work on most projects and tasks independently. You have experience working with services that require data to travel long distances, but have to abide by compliance and regulations. The ideal candidate will own the software design and development for major components of Oracle's Cloud Infrastructure. You should be both a rock-solid coder and a distributed systems generalist, able to dive deep into any part of the stack and low-level systems, as well as design broad distributed system interactions. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. What are the biggest challenges for the team The biggest challenges for the team are reliability, performance and keep up in cybersecurity space. The dynamic and fast growth of the business is driving us to improve the ability of our systems to scale out and handle traffic patterns with full coverage that are several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. We need engineers who can build services that can reliably protect our customer cloud environment. We need engineers who can figure out how we can keep up our solution in a fast pace to securely protect our customers. We need engineers who can build services that enable us to offer even more options to customers and contribute to the overall growth of Oracle Cloud. Required Qualifications 10+ years distributed service engineering experience in a software development environment Experience driving feature design reviews, documentation, UX reviews, and working with Product Managers through the entire launch process Strong development experience in Java, C++, C#, or similar OO languages Strong knowledge of data structures, algorithms, operating systems, and distributed systems fundamentals Working familiarity with networking protocols (TCP/IP, HTTP) and standard network architectures Good understanding of databases, NoSQL systems, storage and distributed persistence technologies Experience building multi-tenant, virtualized infrastructure a strong plus Preferred Qualifications Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle) Building continuous integration/deployment pipelines with robust testing and deployment schedules Expertise in applying threat modeling or other risk identification techniques to develop security solutions Experience and understanding of Cryptography, DDoS, CVE, CIS, SAST, DAST, or similar security and compliance knowledge Career Level - IC5

You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development You're not only a strategist and a technical authority, but also someone who remains hands-on when it matters You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise You also play a pivotal role in Cvent's Application Security Research & Engineering (ASRE) program guiding the development of internal tooling, automation, and innovative approaches to secure software at scale In This Role, You Will: Design and own secure application architectures across Cvent's product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services Define and evolve application security strategy, driving initiatives that align with Cvent's product roadmap and risk posture Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience Heres What You Need: 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices) Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc); ability to prototype tools or support ASRE initiatives directly Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis) Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform Excellent communication skills with a proven ability to influence both technical and executive stakeholders Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF Bonus If You Have: Experience building security frameworks or reference architectures adopted across multiple product teams Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc) Certifications such as AWS Certified Solutions Architect Associate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification Why you'll Love This Role: You'll define and influence the security architecture of platforms used by thousands of customers worldwide You'll work on high-impact initiatives with the authority to shape how security is done not just today, but for the long term You'll help grow and mentor a world-class AppSec team while staying close to the technology you love You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation

Responsibilities Prepare, publish, and institutionalize security best practices and guidelines across products. Ensure adoption and compliance. Review product security requirements and security design documentation . Participate in reviews throughout the product development cycle. Provide solutions for vulnerabilities and ensure reusable solutions are available across products. Work with Product Security Champions to mitigate or document vulnerabilities and obtain exceptional approvals if necessary. Conduct threat modeling design reviews and signoffs. Help mitigate WAF blockers during UAT/Production phases and work with Product Security Champions for product fixes. Maintain product-wise scanning status reports and conduct periodic audits on security processes followed by product development teams. Evaluate tools, technologies, and processes needed for secure product development as part of DevSecOps. Continuously improve product security and processes. Review third-party products and work with the Externally Obtainable Product (EOP) review team for approvals. Provide training and coaching on best practices, WAF analysis, and threat modeling to Product Security Champions Knowledge, Skills and Abilities 10-18 years of hands-on experience as a Software Architect with .Net , RDBMS and full stack application design and development. Good knowledge of OWASP and other industry standards. Extensive experience working as Product Security Architect with software engineering experience Good knowledge of cloud security architecture, design , Cloud-Native Security, Cloud Security Posture Management , Data Security in the Cloud (Advanced Concepts),Zero Trust Architecture in the Cloud,Multi-Cloud and Hybrid Cloud Security,Security for AI/ML in the Cloud Good knowledge of OS, network security, firewalls, routers, IDS/IPS, data encryption, and related tools/technologies. Build application security architecture for products/services developed using containers. Knowledge of containers, network isolation, secure engineering practices, and identity and access management is preferred. Experience using tools such as Veracode, Acunetix, Sonarqube and others. Provide solutions for managing these DAST, SAST and Pen Test vulnerabilities. Experience with Azure Cloud and Azure DevOps, CI/CD integrations Understanding and Implementing the Security Shift Left Concept Job Requirements Bachelor s Degree in computer science, Information Science, Software Engineering, or related discipline, or equivalent work experience. Minimum of 10+ years of software development experience and 5+ years of experience as Software Architect with deep knowledge on Product Security Preferred to have Industry industry-recognized Security certification such as CCSP, CASP etc. Preferred to have any industry certification on Security Preferred to have healthcare industry experience

Principal Application Security Engineer / Architect Location: Gurgaon, India (Hybrid 2 days/week in office) Department: Information Security / Application Security Reports To: Manager, Application Security Experience: 12+ years in cybersecurity, with a significant focus on application security and security architecture Employment Type: Full-time | Hybrid- 2 days/week Who You Are: You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development. Youre not only a strategist and a technical authority, but also someone who remains hands-on when it matters. You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction. You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise. You also play a pivotal role in Cvents Application Security Research & Engineering (ASRE) programguiding the development of internal tooling, automation, and innovative approaches to secure software at scale. What You'll Do: Design and own secure application architectures across Cvents product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services. Define and evolve application security strategy, driving initiatives that align with Cvents product roadmap and risk posture. Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines. Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC. Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles. Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation. Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints. Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building. Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience. What You Bring: 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices. Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices). Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems. Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments. Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc.); ability to prototype tools or support ASRE initiatives directly. Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis). Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform. Excellent communication skills with a proven ability to influence both technical and executive stakeholders. Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF. Bonus If You Have: Experience building security frameworks or reference architectures adopted across multiple product teams. Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development. Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc.). Certifications such as AWS Certified Solutions ArchitectAssociate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification. Why You'll Love This Role: You'll define and influence the security architecture of platforms used by thousands of customers worldwide. You'll work on high-impact initiatives with the authority to shape how security is donenot just today, but for the long term. You'll help grow and mentor a world-class AppSec team while staying close to the technology you love. You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation.