Application Security Specialist

Job Description

Job Title: Application Security (AppSec) Experience: 10+ Years Location: Hyderabad Department: Information Security / DevSecOps Industry: Software / IT Services / Product Engineering Job Summary: We are seeking a seasoned Application Security Focal with 10+ years of experience to lead our application security initiatives across the SDLC. The AppSec Focal will act as the central point of contact between development, DevOps, and security teams to ensure secure design, development, and deployment of applications. This role demands deep technical expertise in secure coding practices, threat modelling, SAST/DAST tools, and secure CI/CD integration. Key Responsibilities: Security Leadership & Governance: Act as the single point of contact for all application security initiatives within the organization. Define, implement, and enforce secure coding standards and security architecture reviews. Establish and maintain secure SDLC practices in collaboration with engineering teams. Drive risk assessments and provide actionable security recommendations for applications. Collaborate with compliance teams to support audits (ISO 27001, SOC 2, HIPAA, etc.). Technical Responsibilities: Lead threat modelling, secure code reviews, and vulnerability assessments. Manage and optimize the use of AppSec tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), SCA (e.g., Mend, Black Duck), and container scanning tools. Integrate security tools into CI/CD pipelines (e.g., Azure DevOps, GitLab CI/CD, Jenkins). Drive vulnerability triage and remediation with engineering teams. Analyze third-party components and APIs for security risks (open-source security management). Training & Awareness: Conduct secure coding workshops, OWASP Top 10 training, and awareness sessions. Build and maintain a knowledge base of secure development practices, checklists, and guidelines. Support incident response efforts in case of application-related security incidents. Required Skills & Experience: 10+ years of experience in application development and/or security engineering. Deep understanding of OWASP Top 10, CWE, CVE, and common attack vectors (XSS, SQLi, CSRF, etc.). Strong knowledge of application architectures (web, mobile, APIs, microservices). Hands-on experience with security tools (SAST, DAST, SCA, RASP, WAF, etc.). Proficiency in at least one programming language (Java, .NET, Python, Node.js, etc.). Familiarity with DevSecOps pipelines and security automation. Preferred Qualifications: Bachelor's/masters degree in computer science, Cybersecurity, or related field. Relevant certifications: CSSLP , OSWE , GWAPT , CISSP , or CEH Azure/AWS security certifications are a plus. Experience in Agile/DevOps environments and secure CI/CD implementation. Soft Skills: Excellent stakeholder communication, documentation, and leadership abilities. Ability to influence engineering teams and build a security-first mindset. Strong problem-solving and risk assessment skills. Reporting To: Head of Security / CISO / Enterprise Architect Work Mode: Hybrid / On-site / Remote