Back to search
UST Linkedin · Posted 3d ago

Lead I-Software Security Tester (Penetration, Application Security, Vulnerability, OWASP)- TVM/BLR

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role Description

Job Description for a Senior DevSecOps or DevOps Engineer / Security Tester

Must-Have Skills

  • Min 5 -8yrs years experience in DevSecOps or DevOps along with Application Security, or Security Engineering
  • Expert-level CI/CD pipeline engineering — building, configuring, and optimising end-to-end security-integrated pipelines (any major CI/CD platform; GitLab CI/CD preferred)
  • SAST — hands-on experience implementing and tuning static analysis tools (Semgrep preferred)
  • DAST — proficiency with dynamic application security testing tools (Burp Suite and OWASP ZAP preferred)
  • SCA & SBOM — experience with software composition analysis and SBOM generation/tracking (Dependency-Track, CycloneDX/CDXGen preferred)
  • Secrets scanning — experience with secrets detection tools integrated into CI pipelines (Detect-Secrets preferred)
  • Container & image scanning — experience with container security scanning tools (Trivy preferred)
  • Vulnerability management platforms — operating centralised vulnerability aggregation and tracking platforms, managing triage, deduplication, false positive handling, and severity-based SLAs (DefectDojo preferred)
  • Secrets management — experience with vault-based secrets management, rotation policies, and least-privilege enforcement (HashiCorp Vault preferred)
  • Observability & security monitoring — experience with observability platforms for security log monitoring, ing, and dashboarding (Datadog preferred)
  • Sensitive data detection — hands-on experience with PII detection and redaction in application logs across production and non-production environments (Datadog Sensitive Data Scanner / SDS preferred)
  • Client-side security — experience with client-side web script monitoring and protection tools (SourceDefense preferred)
  • Automated dependency management — experience with automated dependency update tools, including MR review and pipeline failure triage (Dependabot or Renovate preferred)
  • Infrastructure scanning — experience with infrastructure vulnerability scanning tools (Qualys preferred)
  • Code quality — experience with code quality and static analysis platforms (SonarQube preferred)
  • Infrastructure as Code — experience managing security configurations through IaC tools (Terraform preferred)
  • Container & cloud security — strong knowledge of Docker, Kubernetes, and securing containerised workloads
  • Security standards expertise — deep understanding of OWASP Top 10, CVSS scoring, CWE classification, ASVS, and secure SDLC practices
  • Governance & process design — proven ability to define security policies, release criteria, RBAC models, and audit-ready documentation
  • Leadership & communication — ability to influence engineering teams, present security risk assessments to stakeholders, and mentor junior security engineers

Key Responsibilities

  • Security Pipeline Architecture — Design and maintain automated security scanning stages (SAST, DAST, SCA, secrets detection, container scanning) within CI/CD pipelines, defining quality gates and failure criteria
  • Vulnerability Lifecycle Management — Own end-to-end vulnerability management — detection, triage, severity classification, remediation tracking, SLA enforcement, and closure
  • Release Security Governance — Conduct release security reviews, validate security posture before production deployments, define release blocking criteria, and participate in Go/No-Go decisions
  • Secrets & Access Management — Oversee secrets management, credential rotation compliance, API key audits, and RBAC governance across security tooling and infrastructure
  • Security Monitoring & Incident Response — Configure sensitive data detection and PII scanning in application logs, monitor security events, and lead triage of security incidents including zero-day response
  • Service Onboarding & Standards — Onboard new services into security coverage, define security requirements based on industry standards (OWASP, ASVS), and maintain security runbooks and documentation
  • Stakeholder Leadership — Collaborate with development leads, architects, QA, DevOps, and information security teams; escalate risks with evidence-based recommendations; drive security program maturity

Good to Have

  • Experience securing e-commerce platforms (payments, PII handling, order management)
  • Familiarity with Fluent Commerce or similar OMS platforms
  • Experience with CommerceTools or similar e-commerce platform API client security — credential auditing, scope reviews, and least-privilege enforcement
  • Familiarity with ReportPortal or similar test reporting platforms
  • Experience generating and consuming scan reports in SARIF, JSON, or XML formats
  • Penetration testing experience or coordination with external pen-test vendors

Skills

Penetration Testing (Web & API)

Web Application Security

API Security Testing

Vulnerability Assessment & Management

security testing,devsecops,devops,cicd pipeline,

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent