Senior Security Engineer

We are seeking a highly experienced Secure SDLC (SSDLC) professional with 10+ years of experience to lead and embed security across the entire software development lifecycle. The role involves defining security standards, integrating security controls into CI/CD pipelines, performing advanced threat modeling, and mentoring engineering teams to build secure, resilient applications at scale

Key Responsibilities

SSDLC & Security Governance

- Define, implement, and continuously improve Secure SDLC frameworks aligned with industry standards (OWASP, NIST, ISO 27001, CIS). - Establish security policies, coding standards, and security checkpoints across all SDLC phases. - Act as the security SME for development, DevOps, and architecture teams.

Application Security

- Perform advanced threat modeling (STRIDE, PASTA) and security architecture reviews. - Conduct and oversee secure code reviews (manual and automated). - Lead application security testing activities including SAST, DAST, IAST, SCA, and penetration testing. - Identify, assess, and prioritize vulnerabilities and drive remediation with engineering teams.

DevSecOps & Automation

- Integrate security tools into CI/CD pipelines (GitHub, GitLab, Jenkins, Azure DevOps, etc.). - Automate security testing, policy enforcement, and compliance reporting. - Define security gates and risk-based release criteria.

Risk Management & Compliance

- Perform security risk assessments and support audits and compliance initiatives. - Map SSDLC practices to regulatory and compliance requirements. - Track security metrics, KPIs, and KRIs to demonstrate program effectiveness.

Leadership & Mentoring

- Mentor developers and security engineers on secure coding and SSDLC best practices. - Conduct secure coding training and awareness sessions. - Influence stakeholders and leadership on security strategy and risk posture.

Required Skills & Qualifications

Technical Skills

- Strong hands-on experience with Secure SDLC and application security. - Deep knowledge of OWASP Top 10, ASVS, MASVS, and API Security. - Expertise in threat modeling and secure architecture design. - Experience with SAST/DAST/IAST/SCA tools (e.g., Fortify, Checkmarx, Veracode, SonarQube, Burp, Snyk). - Strong understanding of CI/CD and DevSecOps practices. - Proficiency in at least one programming language (Java, .NET, Python, JavaScript, etc.). - Experience securing cloud-native applications (AWS, Azure, GCP).

Soft Skills

- Strong leadership and stakeholder management skills. - Excellent communication and documentation abilities. - Ability to balance security risk with business priorities.

Preferred Qualifications

- Security certifications such as CISSP, CSSLP, CISM, OSCP, CEH. - Experience in large-scale enterprise or regulated environments. - Experience defining enterprise-wide security standards and roadmaps.