Talent.com
Senior Application Security (DevSecOps) Engineer

Senior Application Security (DevSecOps) Engineer

ConfidentialBengaluru / Bangalore
30+ days ago
Job description

Pearson is seeking a highly motivated and experienced Senior Application Security (DevSecOps) Engineer with a strong background in DevOps, Application Security, and Cloud Security. In this role, you will be crucial in leading and supporting the integration of security controls into CI / CD pipelines and cloud environments. You will work closely with developers, SREs, and cloud platform teams, driving security automation and best practices in an enterprise-grade setting.

Responsibilities

  • Act as the Application Security SME for our ongoing GitHub migration program.
  • Integrate SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC (Infrastructure as Code) scanning, and DAST (Dynamic Application Security Testing) tools into CI / CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
  • Drive security initiatives within GitHub Enterprise Security (code scanning, secret scanning, dependency management).
  • Collaborate with development, SRE, and cloud teams to embed security into the SDLC (Software Development Life Cycle) and DevOps workflows.
  • Manage and optimize CSPM (Cloud Security Posture Management) tools (e.g., Rapid7 ICS, Prisma Cloud, Wiz, Lacework) to enforce security policies across cloud assets.
  • Create and maintain reusable security automation patterns and scripts (e.g., GitHub Actions, Terraform modules).
  • Support application security reviews and recommend mitigations for security findings.
  • Build dashboards and metrics to track pipeline coverage, tool effectiveness, and SLA adherence.
  • Provide guidance and hands-on support during secure development, threat modeling, and remediation planning .
  • Advocate for security best practices in engineering forums and architecture discussions.

Skills & Experience

Required :

  • experience in a DevSecOps, Application Security, or DevOps Security role.
  • Strong working knowledge of :
  • Extensive experience in GitHub Enterprise and related security capabilities, especially security tool integrations and automations.
  • CI / CD pipeline integration of security tooling.
  • Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions .
  • Working experience in Application security tools (SAST, DAST, SCA, IaC) .
  • Sound working experience in scripting and programming languages .
  • Experience collaborating with software engineers, cloud teams, and SREs in a security capacity.
  • Good understanding of OWASP Top 10, secure coding practices, and the DevOps lifecycle .
  • Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible) .

    • Nice to Have :

  • Experience with threat modeling or security architecture reviews .
  • Knowledge of container security and Kubernetes security controls (e.g., Kube-bench, Trivy).
  • Exposure to risk and vulnerability management workflows (e.g., Jira, ServiceNow, Qualys).

    • Skills Required

    DevSecOps, Application Security, Github, cloud platform , Programming Languages

    Create a job alert for this search

    Senior Application Engineer • Bengaluru / Bangalore