Security Engineer – AIMLDevSecOps Application Security

Alignity Solutions

Job Location:

Hyderabad - India

Salary: Not Disclosed
Experience Required: 8years
Posted on: 3 days ago
Vacancies: 1 Vacancy
Register to Apply

Job Summary

Do you love a career where you Experience Grow & Contribute at the same time while earning at least 10% above the market If so we are excited to have bumped onto you.

Learn how we are redefining the meaning of work and be a part of the team raved by Clients Job-seekers and Employees.

If you are a Security Engineer AI/ML/DevSecOps / Application Security with 8 Yrs looking for excitement challenge and stability in your work then you would be glad to come across this page.

We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long-term project. Here are a few details.

Check if you are up for maximizing your earning/growth potential leveraging our Disruptive Talent Solution.

Position Summary
We are seeking a Security Engineer AI/ML/DevSecOps / Application Security with strong hands-on delivery experience in
SAST SCA and DAST to embed security across the software development lifecycle. This role focuses on implementing and
operating application security tooling in CI/CD pipelines executing application security assessments (including API security)
triaging and prioritizing findings enabling remediation and driving secure-by-design engineering practices across cloud-native
and enterprise applications. SAST SCA and DAST remain foundational AppSec capabilities and the role is positioned
accordingly with an emphasis on measurable delivery outcomes (tool onboarding pipeline coverage risk reduction and
remediation closure).
As a Security Engineer you will:
Integrate configure and optimize SAST SCA and DAST tools within CI/CD pipelines to automate security testing
across build test and release stages (including quality gates and exception workflows).
Perform static dynamic and open-source dependency assessments to identify vulnerabilities including OWASP Top
10 risks insecure libraries exposed secrets misconfigurations and software supply-chain weaknesses.
Execute API security testing (REST/GraphQL) including authentication/authorization validation
(OAuth2/OIDC/JWT) input validation rate limiting/abuse cases and broken object/function level authorization
(BOLA/BFLA) and translate results into developer-ready fixes.
Analyze scan results remove false positives prioritize findings based on exploitability and business impact and
provide clear actionable remediation guidance (secure coding patterns compensating controls and verification steps).
Work hands-on with developers DevOps engineers architects and client stakeholders to embed secure coding secure
design and shift-left security practices including playbooks office hours and remediation sprints.
Support threat modeling and security design reviews; convert threats into actionable security requirements test cases
and engineering backlog items aligned to delivery timelines.
Track vulnerabilities through closure validate remediation (re-scan proof of fix and regression checks) and ensure
issues are managed in line with client policy risk tolerance and SLA expectations.
Implement additional DevSecOps controls such as IaC scanning secrets detection container image scanning and
Kubernetes security checks (where applicable) including policy-as-code to prevent insecure deployments.
Strengthen software supply-chain security by supporting SBOM generation/consumption dependency hygiene and
build/release integrity controls (e.g. artifact signing/verification and provenance where applicable).
Automate repeatable security tasks using scripting (e.g. Python/Bash) and integrations (APIs/webhooks) to improve
scan reliability reporting and developer workflow adoption.
Design and build AI agents / agentic workflows for AppSec automation (e.g. triage false-positive suppression secure
code review assistance threat-model generation remediation assistance) ensuring appropriate guardrails logging and
human-in-the-loop validation.
Perform current-state assessments of client DevSecOps and emerging AISecOps practices against industry standards;
provide prioritized recommendations and an implementation roadmap.
Perform security testing across modern application surfacescode APIs cloud containers/Kubernetesand where
applicable AI/ML pipelines (e.g. RAG data flows model integration points and tool/function calling) using a
combination of automated and manual techniques.
Produce security assessment reports dashboards trend analysis and root-cause insights for technical and non-technical
stakeholders.
Contribute to secure SDLC standards aligned to recognized verification frameworks such as OWASP ASVS
Stay current on emerging threats AppSec tooling trends software supply-chain risks and new attack surfaces
introduced by AI-enabled applications and agentic workflows.




Requirements


Qualifications
Own end-to-end delivery for a workstream (or multiple applications): tool onboarding plan scan strategy
(SAST/SCA/DAST/API) coverage tracking and closure metrics.
Design and implement CI/CD security patterns at scale (reusable templates quality gates exception workflows)
including policy-as-code and integrations with vulnerability management/ticketing/reporting.
Design and build AI agents / agentic workflows for AppSec automation use cases (e.g. automated vulnerability
triage false-positive suppression secure code review assistance threat-model generation and remediation assistance)
with human validation and safe-guardrails.
Lead security architecture reviews threat modeling and risk-based prioritization with clients for modern applications
microservices APIs and AI/ML systems (including LLM-based and agentic architectures); translate outcomes into

Required Skills:

Position Summary We are seeking a Security Engineer AI/ML/DevSecOps / Application Security with strong hands-on delivery experience in SAST SCA and DAST to embed security across the software development lifecycle. This role focuses on implementing and operating application security tooling in CI/CD pipelines executing application security assessments (including API security) triaging and prioritizing findings enabling remediation and driving secure-by-design engineering practices across cloud-native and enterprise applications. SAST SCA and DAST remain foundational AppSec capabilities and the role is positioned accordingly with an emphasis on measurable delivery outcomes (tool onboarding pipeline coverage risk reduction and remediation closure). As a Security Engineer you will: Integrate configure and optimize SAST SCA and DAST tools within CI/CD pipelines to automate security testing across build test and release stages (including quality gates and exception workflows). Perform static dynamic and open-source dependency assessments to identify vulnerabilities including OWASP Top 10 risks insecure libraries exposed secrets misconfigurations and software supply-chain weaknesses. Execute API security testing (REST/GraphQL) including authentication/authorization validation (OAuth2/OIDC/JWT) input validation rate limiting/abuse cases and broken object/function level authorization (BOLA/BFLA) and translate results into developer-ready fixes. Analyze scan results remove false positives prioritize findings based on exploitability and business impact and provide clear actionable remediation guidance (secure coding patterns compensating controls and verification steps). Work hands-on with developers DevOps engineers architects and client stakeholders to embed secure coding secure design and shift-left security practices including playbooks office hours and remediation sprints. Support threat modeling and security design reviews; convert threats into actionable security requirements test cases and engineering backlog items aligned to delivery timelines. Track vulnerabilities through closure validate remediation (re-scan proof of fix and regression checks) and ensure issues are managed in line with client policy risk tolerance and SLA expectations. Implement additional DevSecOps controls such as IaC scanning secrets detection container image scanning and Kubernetes security checks (where applicable) including policy-as-code to prevent insecure deployments. Strengthen software supply-chain security by supporting SBOM generation/consumption dependency hygiene and build/release integrity controls (e.g. artifact signing/verification and provenance where applicable). Automate repeatable security tasks using scripting (e.g. Python/Bash) and integrations (APIs/webhooks) to improve scan reliability reporting and developer workflow adoption. Design and build AI agents / agentic workflows for AppSec automation (e.g. triage false-positive suppression secure code review assistance threat-model generation remediation assistance) ensuring appropriate guardrails logging and human-in-the-loop validation. Perform current-state assessments of client DevSecOps and emerging AISecOps practices against industry standards; provide prioritized recommendations and an implementation roadmap. Perform security testing across modern application surfacescode APIs cloud containers/Kubernetesand where applicable AI/ML pipelines (e.g. RAG data flows model integration points and tool/function calling) using a combination of automated and manual techniques. Produce security assessment reports dashboards trend analysis and root-cause insights for technical and non-technical stakeholders. Contribute to secure SDLC standards aligned to recognized verification frameworks such as OWASP ASVS Stay current on emerging threats AppSec tooling trends software supply-chain risks and new attack surfaces introduced by AI-enabled applications and agentic workflows. Qualifications Own end-to-end delivery for a workstream (or multiple applications): tool onboarding plan scan strategy (SAST/SCA/DAST/API) coverage tracking and closure metrics. Design and implement CI/CD security patterns at scale (reusable templates quality gates exception workflows) including policy-as-code and integrations with vulnerability management/ticketing/reporting. Design and build AI agents / agentic workflows for AppSec automation use cases (e.g. automated vulnerability triage false-positive suppression secure code review assistance threat-model generation and remediation assistance) with human validation and safe-guardrails. Lead security architecture reviews threat modeling and risk-based prioritization with clients for modern applications microservices APIs and AI/ML systems (including LLM-based and agentic architec

Do you love a career where you Experience Grow & Contribute at the same time while earning at least 10% above the market If so we are excited to have bumped onto you.Learn how we are redefining the meaning of work and be a part of the team raved by Clients Job-seekers and Employees.Jobseek...
Apply Now

About Company

Alignity Solutions
Company Logo
View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Application Security Architecture and Design

Trigent Software Private Limited

Bengaluru
Trigent Software Private Limited

Cyber Senior Security Engineer

Randstad India

Hyderabad
Randstad India

Network Security Administration-

Talentola

Bengaluru
Talentola

ServiceNow Security Incident Response (SIR) Administrator

Talentola

Hyderabad
Talentola

Senior Cloud Engineer Cloud Engineer

Randstad India

Hyderabad
Randstad India

AI Engineer

Talentola

Bengaluru
Talentola

ATE Test Engineer

Talentola

Bengaluru
Talentola

AWS DevOps Engineer

Trigent Software Private Limited

Delhi
Trigent Software Private Limited
  1. Home
  2. India
  3. Jobs In India
  4. Jobs In Hyderabad
  5. Security Engineer – AIMLDevSecOps Application Security