Employer Active
Job Alert
You will be updated with latest job alerts via emailJob Alert
You will be updated with latest job alerts via emailJob Location
Pune India Full-time in person from Strategy Office a minimum of 4 days per week
European Hours
Job Description
Join Strategys IT Security group as a Senior Application Security Engineer and play a crucial role in safeguarding Strategys software applications while using modern security and AI tooling. In this position you will be responsible for establishing innovative security practices throughout the software development lifecycle ensuring that our software products are resilient against novel threats and vulnerabilities.
Security Architecture: Design and implement application security architecture and processes ensuring they align with industry best practices and regulatory requirements.
Secure SDLC: Manage a risk-balanced SDLC by integrating threat modeling secure code reviews and security testing.
Vulnerability Management: Identify triage and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools.
Security Assessments & Penetration Testing: Perform advanced penetration testing and red teaming across web mobile and cloud applications. Leverage exploit development techniques to identify high-risk vulnerabilities and collaborate with engineering teams for effective remediation.
Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.
Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture on complex or cross-functional components
DevSecOps Enablement: Lead and enhance DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines.
Incident Response & Remediation: Lead security incident response related to applications and work with engineering teams to remediate threats.
Security Awareness & Training: Develop and lead customized security training programs for engineering teams focusing on OWASP Top 10 threat modeling AI security risks and secure coding principles.
Qualifications :
Bachelors degree in Computer Science Engineering or related field
Minimum 5 years of software development or software security experience in an agile environment with strong expertise in software secure coding practices threat modeling and vulnerability assessment.
Hands-on experience with SAST DAST IAST and SCA tools (e.g. GitHub Advanced Security Checkmarx Fortify Veracode SonarQube Burp Suite ZAP).
Deep knowledge of API security (e.g. OWASP API Top 10 GraphQL security).
Experience in securing containerized applications (Docker Kubernetes).
Knowledge of supply chain security risks (e.g. SBOM software dependency management).
Familiarity with AI/ML security risks and adversarial machine learning techniques.
Experience with Infrastructure as Code (IaC) security (Terraform CloudFormation).
Fluent in one or more programming languages such as Python Java JavaScript
Strong knowledge of secure coding principles and application security frameworks.
Familiarity with security tools (e.g. static and dynamic analysis tools vulnerability scanners).
Understanding of security standards and regulations (e.g. OWASP NIST).
Hands-on experience securing AI/ML applications understanding adversarial attacks model poisoning and data privacy risks. Strong eagerness to learn and contribute to AI security advancements.
Experience with cloud security best practices in AWS Azure or GCP.
Experience with AI security best practices and implementations.
Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues.
Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders.
Strong ability to balance security risk with business impact and communicate trade-offs effectively.
Experience mentoring junior engineers and leading security champions within development teams.
Ability to articulate complex technical concepts with clarity supported by effective written and verbal communication skills.
Additional Information :
The recruitment process includes online assessments as a first step (English logic design technical) - we send them via e-mail please check also your SPAM folder
Remote Work :
No
Employment Type :
Full-time
Full-time