Software Security Engineer II

Pune - India

Monthly Salary: Not Disclosed

Posted on: 16 hours ago

Vacancies: 1 Vacancy

Job Summary

Software Security Engineer II

About the Role

We are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services.
You will act as a trusted advisor and technical authority embedding security by design driving DevSecOps maturity and ensuring our software development practices consistently meet the highest standards of security compliance and operational excellence.

Your Mission

As a Software Security Engineer you will:

• Define and continuously evolve the company-wide SSDLC security framework policies and governance.

• Influence architecture and design decisions across product teams to ensure security is a core design principle.

• Lead initiatives for security tooling automation and vulnerability management.

• Enable and mentor engineering teams to adopt secure coding perform code reviews apply threat modeling and embrace risk-driven design.

• Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements.

Key Responsibilities

Secure SDLC Governance & Strategy

• Establish and enforce a global SSDLC framework and secure development policies.

• Conduct risk assessments threat modeling and architecture security reviews.

• Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.

• Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools (SAST DAST SCA etc.)

• Guide the remediation of security incidents and root cause analysis

• Provide support for application-level security issues and audit follow-ups

• Run and/or supervise Pentests

DevSecOps & Security Automation

• Define the roadmap and architecture for AppSec tooling (Checkmarx SAST DAST SCA container scanning secrets detection…).

• Oversee the integration of security controls and gates into CI/CD pipelines.

• Standardize security guardrails for APIs Kubernetes containers Microservices and cloud-native environments (AWS..)

• Establish metrics and dashboards to measure DevSecOps maturity.

Vulnerability & Compliance Management

• Oversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.

• Lead and support external audits and certification cycles (PCI Secure Software Standard PCI Secure SLC).

• Provide security KPIs and risk reports to senior stakeholders and governance committees.

Training Advocacy & Culture

• Promote secure coding best practices and continuous learning

• Design and deliver training programs on secure architecture code review threat Modeling and DevSecOps.

• Mentor security champions and influence technical leaders across the organization.

Required Profile

Education

• Master’s degree in Computer Science Software Engineering or Cybersecurity.

Experience

• 3 to 5 years of experience in Application Security DevSecOps or SDLC Security.

• Proven track record leading application security initiatives in complex or regulated environments.

• Experience securing hybrid architectures (legacy microservices on Amazon Web Services).

• Strong stakeholder management and cross-team leadership skills.

Technical Skills

• In-depth knowledge of secure coding and understanding of architecture practices based on the NIST Secure Software Development Framework (SSDF) OWASP Top 10 OWASP ASVS STRIDE…

• Hands-on expertise with AppSec tools (SAST SCA DAST container scanning) and their integration in CI/CD.

• Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM KMS VPCs security groups observability stacks etc.).

• Familiarity with Kubernetes security concepts (RBAC network policies secrets management).

Development experience in Java Spring and Angular is a plus.

REQUIRED SKILLS

Skill Levels

1 – Beginner 2 – Intermediate 3 – Proficient 4 – Expert

Knowledge & Expertise

	Knowledge Area	Level
DevSecOps	4
Software Development Framework (SSDF) Any one (OWASP Top 10 OWASP ASVS STRIDE)	4
NIST Secure	3
AppSec tools (SAST SCA DAST container scanning)	4
CI/CD	3
Amazon Web Services	2
Kubernetes security	2

TECHNICAL SKILLS

	Technical Area	Level

PROFILE REQUIREMENTS

• Education: Master’s degree (Engineering Computer Science Information Systems or equivalent)

Required Skills:

Amazon Web Services Clo Angular Rails Coo Team Leadership Cro Risk Assessment Leadership Skill Stakeholder Management Spring Vpc Education Erp Ned Java Sdlc Compliance Management Assessments Application Security Compliance Aris Web Service Leadership Iam Evolve Excel Aws Cybersecurity Technical Skill Technical Skills Software Development

Software Security Engineer II About the RoleWe are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern micros...