Application Security Lead

Job Title: Application Security Lead

Division: Weir Minerals
Location: Bangalore
Work Mode: Hybrid

Purpose of Role:

The Application Security Lead is responsible for driving the enterprise application security operations aligning with the strategy—with a specific focus on SAP authorization governance, secure software development, and risk management across cloud and on‑prem environments. The role ensures strong security controls, regulatory compliance, and effective risk mitigation across all major business applications and change‑delivery initiatives.

A component of the Security Operations function. This position partners with global security, engineering, audit, and business teams to provide expert security guidance, govern critical access, support DevSecOps practices, and maintain robust application security posture. Bring together the visibility of the application security components that are active today, mitigate any gaps to maintain coverage.

Why choose Weir: Be part of a global organization dedicated to building a better future: At Weir, the growing world depends on us. It depends on us constantly reinventing, quickly adapting and continually finding better, faster, more sustainable ways to access the resources it needs to thrive. And it depends on each of us doing the best work of our lives. It’s a big challenge – but it is exciting.

An opportunity to grow your own way: Everything moves fast in the dynamic world of Weir. This creates opportunities for us to take on new challenges, explore new areas, learn, progress and excel. Best of all, there is no set path that our people must take. Instead, everyone is given the support and freedom to tailor-make their own career and do the best work of their lives.

Feel empowered to be yourself and belong: Weir is a welcoming, inclusive place, where each individual’s contribution is recognized and all employees are encouraged to innovate, collaborate and be themselves. We continually focus on people and their wellbeing. We believe in fairness and choose to be honest, transparent and authentic in everything we do.

Key Responsibilities:

Strategic Leadership

• Define and execute the enterprise application security and SAP security strategy.

• Understand and ensure a way of showing compliance with security governance frameworks, policies, and standards aligned to industry best practices.

• Act as the security escalation point for application risk, vulnerabilities, and authorization issues.

• Manage third‑party security service partners and consulting resources.

• Bring together all the various components of application security being conducted today.

SAP Security, Authorization & GRC Governance

• Lead end‑to‑end SAP Security, Authorization, and GRC Access Control operations (ARA, EAM).

• Oversee design, review, and deployment of SAP roles, profiles, and authorization objects.

• Govern Segregation of Duties (SoD), sensitive access, privileged user access, and emergency access (Firefighter).

• Conduct periodic access reviews, user recertifications, and SoD rule maintenance.

• Perform risk assessment and impact analysis for new roles, transports, and SAP design changes.

• Coordinate SAP security patches and remediation with technical teams.

Application Security, DevSecOps & CI/CD

• Integrate application security best practices into CI/CD pipelines.

• Support DevSecOps and Security Champions programs across engineering teams.

• Threat modelling, secure design reviews, and assessment of application changes for vulnerabilities.

• Track and report that applications have been patched to their latest approved versions.

• Ensure secure coding standards, dependency/secret scanning, and container image security.

• Work with Cloud and Infrastructure teams to secure Azure and/or AWS environments.

• Support development of detect-and-respond use cases (logging, monitoring, incident response).

• Build and create and the process of supporting the application developers with aligning with the security policy requirements. 

• Understand the Web Application Firewalls and plan and manage the reconfiguration.

Risks, Compliance & Audit Management

• Own the SAP GRC Access Control platform including ARA and EAM modules.

• Manage the global SoD ruleset, conflict resolution process, and mitigation controls.

• Perform risk assessment and impact analysis for new roles, transport deployments, and design changes.

• Lead internal and external audit support, controls testing, and evidence preparation.

• Coordinate with the technical team on SAP security patches deployments to maintain the security, stability and compliance of the SAP environment.

Stakeholder & Audit Management

• Engage with Architecture, Security Ops functions, Culture, Governance, and Delivery teams to ensure consistent security guidance.

• Provide expertise in secure design, cloud architecture, and regulatory compliance.

• Contribute to reducing future incidents through lessons learned and continuous improvement.

• Champion security culture and high professional standards.

Safety First: Demonstrate 100% commitment to our zero harm behaviours in support of our drive towards developing a world class safety culture.

Job Knowledge/Education and Qualifications:

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field.

• 8+ years in Application Security, SAP Security/Authorization, SOC/Cybersecurity functions. Stong Understanding of:

  • Application Security SDLC and DevSecOps principles

  • SAP security architecture, GRC Access Control, SoD, authorization concepts

  • CI/CD pipeline security (GitLab, Azure DevOps, Jenkins, etc.)

  • Cloud security for Azure, GCP and/or AWS.

  • Web Application Firewalls.

  • Expertise in SAST, DAST, SCA, and penetration testing tools
    (e.g., Veracode, Checkmarx, Burp Suite, SonarQube, Fortify)

  • Strong understanding of OWASP Top 10, CWE, and common application vulnerabilities

  • Experience performing threat modelling, risk assessments, and vulnerability analysis.

  • Skilled in security assessment methodologies (ISO, NIST, FAIR, OCTAVE, etc.).

  • Strong analytical, documentation, and communication skills with multi‑stakeholder environments.

  • Ability to manage complex security issues independently in fast‑paced environments.

  • Demonstrated experience supporting internal and external audits.

Founded in 1871, Weir is a world leading engineering business with a purpose to make mining operations smarter, more efficient and sustainable. Thanks to Weir’s technology, our customers can produce essential metals and minerals using less energy, water and waste at lower cost. With the increasing need for metals and minerals for climate change solutions, Weir colleagues are playing their part in powering a low carbon future. We are a global family of 11,000 uniquely talented people in over 60 countries, inspiring each other to do the best work of our lives.
For additional information about what it is like to work at Weir, please visit our Career Page and LinkedIn Life Page.

Weir is committed to an inclusive and diverse workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, veteran status, disability, age, or any other legally protected status.

#minerals

#LI-BG1