Security Consultant - Application Security & IT Audit

Senior Security Consultant Application Security & Audit

Location : Pan India / Remote

Experience : 10+ Years

Role Overview :

We are seeking a highly experienced and technically proficient Senior Security Consultant to specialize in Application Security and Audit. With over 10 years of experience, the ideal candidate will be a subject matter expert, responsible for designing, implementing, and auditing robust security controls across our applications and cloud infrastructure. This role requires a strong blend of hands-on technical skills, strategic thinking about cloud architecture, and a deep commitment to maintaining regulatory compliance.

Key Responsibilities :

Application Security & Audit :

- Lead and execute comprehensive application security audits, identifying vulnerabilities and providing actionable remediation guidance based on industry best practices.

- Advise development teams on secure coding practices and methodologies, including performing code reviews and training developers.

- Expertly utilize frameworks such as the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS) to guide testing and development efforts.

- Design and implement security solutions related to identity, access, and data protection.

- Oversee the management of digital certificates, Public Key Infrastructure (PKI), and Single Sign-On (SSO) configurations to ensure secure authentication and encryption.

Cloud & Infrastructure Security :

- Apply solid knowledge of cloud security architecture across major platforms, including Azure, AWS, and GCP, advising on secure configurations, networking, and services.

- Configure and monitor security tools such as SIEM (e.g., Splunk, Microsoft Sentinel) for effective threat detection, incident response, and security analytics.

- Utilize and manage vulnerability scanners and EDR/XDR platforms to maintain continuous visibility and protection across endpoints and cloud workloads.

- Implement and audit network security concepts including firewalls, proxies, Intrusion Detection/Prevention Systems (IDS/IPS), and VPNs.

Compliance & Automation :

- Maintain a working understanding of regulatory compliance frameworks (e.g., GDPR, HIPAA, SOC 2) and industry certifications, ensuring all applications and systems adhere to required standards.

- Drive efficiency by utilizing scripting languages (e.g., Python, PowerShell) to automate security tasks, reporting, and compliance checks.

- Develop and document security policies, standards, and procedures for secure software development and operational security.

Required Skills & Expertise :

Experience: 10+ years in Information Security, with a strong focus on Application Security, Cloud Security, and GRC/Audit functions.

Cloud Security: Deep knowledge of cloud security controls and services in at least one major provider (Azure, AWS, or GCP).

Security Tools: Hands-on experience with security tools including SIEM (Splunk, Sentinel), vulnerability scanners, and EDR/XDR solutions.

Network Security: Proficient in network security concepts (Firewalls, Proxies, IDS/IPS, VPNs).

AppSec & Audit: Expertise in secure coding, code review methodologies, and the OWASP Top 10.

Cryptography & Identity: Proven experience managing digital certificates, PKI, and SSO configurations.

Automation: Strong ability to automate security tasks using scripting (e.g., Python, PowerShell).

Compliance: Familiarity with major regulatory compliance frameworks and industry certifications.

Soft Skills: Excellent verbal and written communication, leadership, and consulting skills.