Back to search
UST Linkedin · Posted 2d ago

Lead II-Software Security Tester (Penetration, Application Security, Vulnerability, OWASP)- TVM/BLR

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role Description

Job Title: Senior Security Engineer / DevSecOps Lead

Experience

10+ years in Penetration Testing, Web Application Security, API Security, and Vulnerability Assessment (mandatory) along with experience in DevSecOps / DevOps / Security Engineering in a lead capacity

Mandatory Skills

  • Penetration Testing (Web & API)
  • Web Application Security
  • API Security Testing
  • Vulnerability Assessment & Management

Key Responsibilities

  • Perform end-to-end security testing including web apps, APIs, and infrastructure
  • Identify, triage, and remediate vulnerabilities across applications and environments
  • Lead security assessments and provide actionable risk insights
  • Integrate security practices into CI/CD pipelines and SDLC
  • Define secure coding standards and enforce security best practices
  • Collaborate with development, DevOps, and platform teams to improve security posture

Preferred Technical Expertise

  • CI/CD pipeline security (GitLab CI/CD preferred)
  • SAST (Semgrep), DAST (Burp Suite, OWASP ZAP)
  • SCA & SBOM (Dependency-Track, CycloneDX/CDXGen)
  • Secrets scanning (Detect-Secrets) & Secrets management (HashiCorp Vault)
  • Container & image scanning (Trivy); Docker & Kubernetes security
  • Vulnerability management platforms (DefectDojo) and Infra scanning (Qualys)
  • Observability & security monitoring (Datadog)
  • Sensitive data detection & log redaction (Datadog SDS)
  • Code quality tools (SonarQube)
  • IaC security (Terraform)
  • Client-side security (SourceDefense)
  • Automated dependency management (Dependabot / Renovate)

Core Knowledge Areas

  • OWASP Top 10, CVSS, CWE, ASVS
  • Secure SDLC practices
  • Security governance, policy creation & compliance

Key Competencies

  • Strong leadership and stakeholder communication
  • Ability to define security policies and release criteria
  • Experience mentoring junior engineers
  • Min 10-13yrs years’ experience in Dev SecOps or DevOps along with Application Security, or Security Engineering, with lead-level experience
  • Expert-level CI/CD pipeline engineering — building, configuring, and optimising end-to-end ssecurity-integrated pipelines (any major CI/CD platform; GitLab CI/CD preferred)
  • SAST — hands-on experience implementing and tuning static analysis tools (Semgrep preferred)
  • DAST — proficiency with dynamic application security testing tools (Burp Suite and OWASP ZAP preferred)
  • SCA & SBOM — experience with software composition analysis and SBOM generation/tracking (Dependency-Track, CycloneDX/CDXGen preferred)
  • Secrets scanning — experience with secrets detection tools integrated into CI pipelines (Detect-Secrets preferred)
  • Container & image scanning — experience with container security scanning tools (Trivy preferred)
  • Vulnerability management platforms — operating centralised vulnerability aggregation and tracking platforms, managing triage, deduplication, false positive handling, and severity-based SLAs (DefectDojo preferred)
  • Secrets management — experience with vault-based secrets management, rotation policies, and least-privilege enforcement (HashiCorp Vault preferred)
  • Observability & security monitoring — experience with observability platforms for security log monitoring, ing, and dashboarding (Datadog preferred)
  • Sensitive data detection — hands-on experience with PII detection and redaction in application logs across production and non-production environments (Datadog Sensitive Data Scanner / SDS preferred)
  • Client-side security — experience with client-side web script monitoring and protection tools (SourceDefense preferred)
  • Automated dependency management — experience with automated dependency update tools, including MR review and pipeline failure triage (Dependabot or Renovate preferred)
  • Infrastructure scanning — experience with infrastructure vulnerability scanning tools (Qualys preferred)
  • Code quality — experience with code quality and static analysis platforms (SonarQube preferred)
  • Infrastructure as Code — experience managing security configurations through IaC tools (Terraform preferred)
  • Container & cloud security — strong knowledge of Docker, Kubernetes, and securing containerised workloads
  • Security standards expertise — deep understanding of OWASP Top 10, CVSS scoring, CWE classification, ASVS, and secure SDLC practices
  • Governance & process design — proven ability to define security policies, release criteria, RBAC models, and audit-ready documentation
  • Leadership & communication — ability to influence engineering teams, present security risk assessments to stakeholders, and mentor junior security engineers

Skills

security testing,devsecops,devops,cicd pipeline,

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent