Back to search
Jacobs Linkedin · Posted today

Software Security Analyst

Mumbai

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

At Jacobs, we're challenging today to reinvent tomorrow by solving the world's most critical problems for thriving cities, resilient environments, mission-critical outcomes, operational advancement, scientific discovery and cutting-edge manufacturing, turning abstract ideas into realities that transform the world for good.

Your impact

We are looking for a mid-level Software Security Analyst to join our security engineering team. In this role, you will be the primary point of contact for application security scanning — running static and dynamic analysis against codebases across the organization and working hands-on with developers to understand, prioritize, and remediate the vulnerabilities you find. This is a technical, collaborative role for someone who is equally comfortable reading code and explaining security risks in plain language.

  • Conduct static application security testing (SAST), dynamic testing (DAST), and software composition analysis (SCA) across development teams using Qualys and related tooling
  • Triage, analyze, and validate scan findings, filtering false positives and prioritizing issues by exploitability and business impact
  • Partner directly with software engineers to walk through vulnerabilities, explain root causes, and guide remediation — not just hand off a report
  • Develop and maintain remediation documentation, secure coding guidance, and knowledge base articles for common vulnerability classes
  • Track open findings through to closure in ServiceNow, following up with development teams to ensure timely resolution
  • Integrate security scanning into CI/CD pipelines and work with DevOps teams to shift security testing left
  • Assist in defining security acceptance criteria and contributing to secure design reviews for new features and systems
  • Support periodic penetration testing engagements and red team exercises as needed
  • Contribute to security metrics and reporting for leadership on vulnerability trends and remediation velocity

Here's what you'll need

  • 3–5 years of experience in application security, security engineering, or a closely related role
  • Hands-on experience with commercial Web Application Scanning (WAS) and Vulnerability Management tools.
  • Solid understanding of common vulnerability types including those in the OWASP Top 10, CWE/SANS Top 25, and CVE ecosystem
  • Ability to read and understand code in the team's core languages — Python, JavaScript, C#, .NET, HTML, and PowerShell — to validate findings and assess exploitability
  • Experience with SAST tools and/or DAST tools (e.g., Burp Suite, OWASP ZAP)
  • Strong written and verbal communication skills — you can explain a SQL injection vulnerability to a developer who has never heard the term
  • Familiarity with CI/CD pipelines and DevSecOps practices
  • Experience with ServiceNow for vulnerability tracking and workflow management
  • Familiarity with GitHub and GitHub Advanced Security (GHAS) — including code scanning, secret scanning, and Dependabot alerts

Nice to have

  • Relevant certifications CEH, GWEB, GWAPT, CompTIA Security+, or similar
  • Experience with cloud environments (AWS, Azure, or GCP) and container security scanning
  • Knowledge of compliance frameworks such as ISO 27001
  • Scripting or automation experience (Python, Bash, or similar) for extending tooling or automating workflows
  • Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA)

Who You Are

You are a practitioner first. You find it genuinely satisfying to dig into a vulnerability, understand exactly how it works, and help a developer see it the same way. You do not leave developers with a list of findings and walk away — you stay in the conversation until the problem is solved. You are comfortable operating in ambiguity, managing multiple parallel remediation efforts, and balancing urgency with thoroughness.

At Jacobs we value people. Having the right balance of belonging, career and lifestyle enables us to consistently deliver and exceed clients’ expectations.

Working alongside industry leaders, you will have the opportunity to develop your career working on key projects in an environment which encourages collaboration, knowledge sharing and innovation. To support your professional growth, Jacobs flexible working arrangements, extended leave options and a host of social, health and wellbeing events and initiatives will underpin our commitment to you.

At Jacobs it’s all about what you do, not where you are, which counts!

We value collaboration and believe that in-person interactions are crucial for both our culture and client delivery. We empower employees with our hybrid working policy, allowing them to split their work week between Jacobs offices/projects and remote locations enabling them to deliver their best work.

Your application experience is important to us, and we’re keen to adapt to make every interaction even better. If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team via Careers Support.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent