DevSecOps Engineer

Pune - India

Monthly Salary: Not Disclosed

Posted on: 13 hours ago

Vacancies: 1 Vacancy

Job Summary

Embed application security controls into CI/CD pipelines to provide accurate actionable and timely feedback to engineers.
Support the investigation remediation and validation of application security findings including the management of exceptions and false positives.
Conduct targeted code reviews in partnership with engineers and platform teams to identify security issues early and improve coding practices
Implement and maintain security controls integrations and automations required to ensure security and privacy by default across applications and their APIs.
Perform threat modeling exercises to identify abuse cases threat actors and appropriate preventative and detective controls
Participate actively in the engineer community led by METRO Corporate Information Security to define best practices align way-of-working prioritize and execute on the needed activities across application and API platforms.

Qualifications :

Security experience in one or more of the following:

Application security experience identifying investigating and remediating vulnerabilities across all stages of the SDLC.
Hands on experience writing and reviewing code and contributing to developer workflows such as design reviews planning and implementation.
Proven experience designing implementing and improving security tooling and CI/CD integrations with focus on reducing noise and prioritizing risk.
Strong focus on developer experience with the ability to communicate security issues clearly.
Familiarity with application architectures including monolithic and microservice based designs.
Solid understanding of frameworks such as OWASP Top 10 SAMM ASVS and FIRST principles
Comfort working across one or more programming languages such as Java C Python JavaScript or similar.

And:

Experience with LLMs AI and agentic coding platforms such as Github Co-pilot Gemini or Claude Code.
Proven experience as a security subject-matter expert mentoring and raising awareness to security mandates.

Remote Work :

Employment Type :

Full-time

Embed application security controls into CI/CD pipelines to provide accurate actionable and timely feedback to engineers.Support the investigation remediation and validation of application security findings including the management of exceptions and false positives.Conduct targeted code reviews in p...

Embed application security controls into CI/CD pipelines to provide accurate actionable and timely feedback to engineers.
Support the investigation remediation and validation of application security findings including the management of exceptions and false positives.
Conduct targeted code reviews in partnership with engineers and platform teams to identify security issues early and improve coding practices
Implement and maintain security controls integrations and automations required to ensure security and privacy by default across applications and their APIs.
Perform threat modeling exercises to identify abuse cases threat actors and appropriate preventative and detective controls
Participate actively in the engineer community led by METRO Corporate Information Security to define best practices align way-of-working prioritize and execute on the needed activities across application and API platforms.

Qualifications :

Security experience in one or more of the following:

Application security experience identifying investigating and remediating vulnerabilities across all stages of the SDLC.
Hands on experience writing and reviewing code and contributing to developer workflows such as design reviews planning and implementation.
Proven experience designing implementing and improving security tooling and CI/CD integrations with focus on reducing noise and prioritizing risk.
Strong focus on developer experience with the ability to communicate security issues clearly.
Familiarity with application architectures including monolithic and microservice based designs.
Solid understanding of frameworks such as OWASP Top 10 SAMM ASVS and FIRST principles
Comfort working across one or more programming languages such as Java C Python JavaScript or similar.

And:

Experience with LLMs AI and agentic coding platforms such as Github Co-pilot Gemini or Claude Code.
Proven experience as a security subject-matter expert mentoring and raising awareness to security mandates.

Remote Work :

Employment Type :

Full-time

Key Skills

ASP.NET
Health Education
Fashion Designing
Fiber
Investigation

Apply Now

About Company

METROMAKRO

METRO is a leading international wholesale company with food and non-food assortments that specialises in serving the needs of hotels, restaurants and caterers (HoReCa) as well as independent traders. Around the world, METRO has 15 million customers who can choose whether to shop in o ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click