Description :

- Lead application security assessments including SAST, DAST, IAST, SCA, and manual code reviews.

- Identify, validate, and prioritize application security vulnerabilities and guide remediation with development teams.

- Review application architecture and data flows from a security perspective.

Vulnerability Management :

- Own the end-to-end vulnerability management lifecycle across applications, infrastructure, cloud, and endpoints. status.

DevSecOps :

- Integrate security controls into CI/CD pipelines (e.g., code scanning, dependency scanning, secrets management).

- Enable shift-left security by embedding security checkpoints in development and deployment processes.

- Work closely with DevOps teams to automate security testing and compliance checks.

Compliance & Governance Monitoring :

- Monitor and ensure compliance with internal security policies, standards, and regulatory requirements.

- Support audits, assessments, and regulatory reviews by providing evidence and technical clarifications.

Required Experience :

- 8 to 12+ years of experience in IT / Information Security, with strong hands-on exposure.

- Deep understanding of Application Security, Vulnerability Management, DevSecOps, and Red Teaming.

- Strong knowledge of web, API, cloud, and infrastructure security.

- Experience working with security tools (SAST/DAST/SCA, vulnerability scanners, CI/CD tools).

- Solid understanding of security frameworks and standards (OWASP, NIST, ISO 27001, PCI DSS preferred).

- Ability to translate technical security issues into business and risk impact.

- Strong stakeholder management and communication skills.