What Youll Do :

- Design, implement, and maintain DevSecOps solutions across the CI/CD lifecycle, including secure design standards, threat modeling frameworks, SAST/DAST/IAST integration, secret scanning, and automated security release gates.

- Mentoring of more junior team members and upleveling the overall technical skill of the application security and wider security department.

- Identify strategic gaps in product security capabilities, analyzing current state and recommending improvements to DevSecOps roadmaps and organizational security strategy.

- Collaborate with cross-functional teams (Product Development, Architecture Review Board, Infrastructure Engineering) to integrate security best practices into application development, cloud deployments, and system architecture, ensuring secure-by-design principles across environments.

- Develop and maintain security automation tools for continuous security testing, vulnerability remediation workflows, security release management, and AI-enabled security processes.

- Monitor and remediate application security vulnerabilities, misconfigurations, and policy violations from SAST/DAST tools, penetration testing results, and runtime security platforms.

- Stay current with emerging DevSecOps technologies, application security standards (OWASP, secure coding frameworks), and security testing methodologies, influencing organizational security architecture with industry best practices.

- Support the detection, investigation, and resolution of security incidents related to application vulnerabilities, code security issues, and software supply chain risks.

- Configure and optimize application security platforms, IDE security plugins, software composition analysis (SCA) tools, penetration testing vendors (HackerOne), and code-to-runtime visibility solutions.

- Support compliance efforts (SOX, PCI-DSS, ISO 27001, SOC 2) by implementing security controls in CI/CD pipelines, SBOM generation, artifact signing, and audit capabilities for regulatory requirements.

- Establish, Document, and Educate product development teams on secure coding standards, threat modeling processes, security testing procedures; with the goal of establishing secure application security baselines across the organization.

What We Are Looking For :

- 7+ years of experience in Application Security, DevSecOps Engineering, or Security Engineering roles with hands-on experience implementing security in CI/CD pipelines.

- Expert knowledge of application security testing tools and methodologies including SAST, DAST, IAST, SCA, secret scanning, and penetration testing across enterprise environments.

- Deep understanding of secure software development lifecycle (SSDLC) fundamentals including threat modeling, secure design principles, secure coding practices, vulnerability management, and security release processes.

- Strong experience with Azure cloud security, including cloud-native application security, Infrastructure as Code (IaC) security, and container/Kubernetes security.

- Proficient with security automation scripting (e.g. , PowerShell, Python, Bash) and CI/CD integration (Jenkins, GitLab CI, GitHub Actions) for automated security testing and remediation workflows.

- Experience implementing DevSecOps solutions in fast-paced or highly regulated environments (finance, healthcare, SaaS, etc.) with demonstrated ability to manage complex security requirements and regulatory compliance at enterprise scale.

Preferred Qualifications :

Hands-on experience with any of the following :

- Orca Security platform (AppSec, code-to-runtime visibility, IDE integrations).

- HackerOne or similar penetration testing/bug bounty platforms.

- Software Composition Analysis tools (BlackDuck, JFrog, etc.

- Threat modeling frameworks and tools.

- AI-enabled security workflows and automation.

- SBOM generation and artifact signing solutions.

Experience leading organization-wide initiatives and driving security outcomes that empower business goals while reducing manual security overhead.