Application Security Specialist

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS.

Our most valuable asset is our people .

At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.

Application Security Specialist

We are seeking an experienced professional to join us as an Application Security Specialist in our Pune, India office. This professional will be responsible for Implementing DevSecOps Practices across cloud environments & mature ZS’s Application Security Program. This role requires strategic and out-of-box thinking, high technical expertise, and effective communication skills to proactively identify and address security risks.

What you'll do :

• Lead the design and implementation of DevSecOps framework, integrating security seamlessly into CI / CD pipelines across multiple environments and platforms.
• Collaborate with developers, SREs, and security teams to embed security controls and testing at build, deployment, and runtime stages.
• Build and manage automation for SAST, DAST, SCA, container security, and IaC scanning tools (e.g., SonarQube, Checkmarx, Snyk, Trivy, Terraform Scan).
• Analyze results from SAST, SCA, and DAST scans to validate findings, eliminate false positives, and work with development teams to prioritize and remediate security issues.
• Leverage expertise in TeamCity and AWS to build secure, scalable CI / CD pipelines and enforce security controls throughout the software delivery lifecycle
• Champion “shift-left” security practices by developing reusable pipelines, templates, and toolchains that promote secure coding and rapid feedback loops.
• Ensure ongoing visibility and reporting of security posture in cloud-native workloads, container platforms, and serverless environments.
• Lead training sessions and build developer-friendly resources to raise DevSecOps awareness across engineering teams.
• Stay current with evolving tools, threats, and best practices in secure software delivery, continuously innovating to improve security effectiveness and developer experience.
• Partner with product owners, developers, architects, and QA engineers to build secure-by-design applications.
• Provide mentorship and security guidance to internal stakeholders to raise overall security maturity.
• Collaborate closely with Application Security teams to align on secure development standards, threat modeling efforts, and triaging complex vulnerabilities identified during code and runtime analysis.

What you'll bring :

Good to have skills and abilities :

Academic Qualifications :

Perks & Benefits :

ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients / ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.

Travel :

Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.