Software Security Lead

Company Description

Aqilea is an IT and engineering consulting partner that helps companies get more out of their technology and operations. With teams in Stockholm and Bangalore we work closely with our clients to build solutions that fit their needs - from software development AI and infrastructure engineering to industrial automation and embedded systems.

We combine strong technical expertise with a practical business-focused approach to help organizations modernize improve security and scale with confidence. Above all we focus on long-term partnerships built on trust quality and real results.

With us you have great opportunities to take real steps in your career and the opportunity to take great responsibility.

About the Role

Company: Aqilea India

Role: Software Security Lead

Experience: 814 Years

Location: Bangalore (Hybrid) Onsite

Job Summary

We are looking for a Lead Software Security professional to lead and strengthen Software Security across a retail organization. This role focuses on building secure software development practices enabling development teams with the right tools and guidance and ensuring security is built into applications from design to deployment.

You will work as part of a central Software Security team defining standards security patterns and automated guardrails that help teams deliver software safely and quickly.

Key Responsibilities

Software Security & Architecture

• Define and improve secure software development practices (SSDLC) across teams.
• Provide secure architecture guidance for web mobile APIs microservices and cloud applications.
• Perform threat modeling and help teams identify and reduce security risks early.

DevSecOps & Tooling

• Manage and improve security tools such as:
• SAST DAST SCA (dependency scanning)
• Secrets scanning container and IaC security
• Integrate security controls into CI/CD pipelines using GitHub and automation tools.
• Create reusable and secure CI/CD templates (paved roads) for development teams.

Secure Coding & Standards

• Ensure applications follow industry standards like OWASP NIST SSDF and ISO 27034.
• Maintain secure design patterns and coding guidelines.
• Help teams fix security issues and reduce false positives efficiently.

AI & Modern Development Security

• Define safe ways to use AI coding tools (e.g. GitHub Copilot LLMs) in development.
• Ensure AI-generated code is secure compliant and reviewed properly.
• Guide secure design of AI-enabled features (input validation prompt security logging monitoring).

Metrics & Continuous Improvement

• Track security metrics such as scan coverage time to fix issues and adoption of secure pipelines.
• Continuously improve developer experience while reducing security risks.

Leadership & Collaboration (for Lead role)

• Own the software security roadmap and capability maturity.
• Work closely with engineering platform and leadership teams.
• Mentor engineers and promote a strong security culture.

Required Skills & Experience

• 814 years of experience in application security / software security.
• Strong understanding of secure software development and threat modeling.
• Hands-on experience with SAST DAST SCA and CI/CD security.
• Experience with GitHub security features (GHAS Dependabot code scanning).
• Knowledge of OWASP Top 10 SAMM ASVS and NIST SSDF.

Good to Have

• Assistants/platforms: GitHub Copilot OpenAI Codex Anthropic Claude / Claude Code Google Gemini or similar.
• SAST/DAST/SCA platforms such as SonarQube Mend Black Duck Dependabot.
• IaC/container security: Trivy Checkov tfsec kube-bench OPA/Gatekeeper/Conftest.
• Knowledge of container and IaC security tools (Trivy Checkov tfsec etc.).
• Programming or scripting experience (Java Python JavaScript Go etc.).
• Cloud and platform exposure (Azure/GCP) GitHub Actions/Azure DevOps and policy-as-code (e.g. Rego/OPA)
  

Who Should Apply

• Professionals who enjoy enabling developers rather than blocking them.
• Security engineers who want to build scalable automated security solutions.
• Leaders who can balance security risk with developer productivity.

Start: Immediate to 15 Days

Location: Bangalore (Hybrid)