Senior Consultant (Application Security testing - SAST and SCA)

Job description:

Job Description

Profile: Senior Consultant (Application Security testing – SAST and SCA) 

 

Location: No location constraints (but preference to Pune/Mumbai) 

Band: C2 

 

Experience: 8 to 12 years 

About the role:

Wipro is looking to onboard a Senior Consulting for Application Security and Testing for Entity CISO office.

R͏oles & Responsibilities

• Lead and perform Static Application Security Testing (SAST) across applications (Java, .NET, Node, Angular etc.)
• Lead and drive Software Composition Analysis (SCA) to identify vulnerable open-source components and license risks across applications
• Define, configure, and optimize SAST/SCA scan strategies; ensure high accuracy, reduce false positives, and improve coverage
• Review and validate code-level vulnerabilities and provide effective remediation guidance to developers
• Drive integration of SAST/SCA into CI/CD pipelines (DevSecOps) in collaboration with DevOps engineering teams
• Track vulnerabilities across applications, ensure closure, and govern remediation timelines
• Introduce new enhancements in the testing track improving accuracy, quality. Liaising with vendors for enabling/upgrade of new features in the security scanning tools.
• Deliver and lead secure coding awareness/training sessions for development teams
• Provide expert guidance on secure coding practices and recommend alternative secure approaches across different technologies
• Mentor team members, review deliverables, and ensure quality and consistency of assessments
• Define and improve AppSec processes, standards, and best practices 

Q͏ualifications

• Bachelor’s degree in a technical field
• 8–12 years of experience in application security with strong focus on SAST and SCA
• Strong hands-on experience in SAST tools (e.g., Fortify, Checkmarx, Veracode) and SCA tools (e.g., Sonatype, Black Duck, Snyk)
• Strong understanding of secure coding practices, OWASP Top 10, and code-level vulnerabilities
• Ability to review and analyse code across multiple languages (Java, .NET, JavaScript, etc.)
• Strong experience in scan configuration, tuning, and false positive reduction at scale
• Experience in CI/CD pipelines and DevSecOps practices
• Ability to define scan policies, standards, and governance models
• Excellent communication skills with ability to deliver developer trainings and interact with stakeholders
• Proven ability to mentor team members and review their work 
• Preferred: Prior software development experience in any programming language 
• Good to have Certifications: CEH, GPEN, CISSP, or similar 

͏ ͏

Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. 

Applications from people with disabilities are explicitly welcome.