Application Security Specialist

Application Security Specialist

Tool : Application Security Mandatory

Experience : 7-9 Years Exp in Application Security

Mandatory Job Title: Application Security Specialist

Work : Work from office 5 days a week

Location : Hyderabad

Job Type : Full-time

Role: Team Member

Start date : Immediate

Role:

Team Member Security Operations Support Application Security Testing, both manually and with security assessment products Record security deviancies and work with developers in providing guidance and recommendations standards to address them Perform Traditional Vulnerability Management and Hardening reviews for systems Respond to Security Events

Required Skills:

• Competencies Deep technical knowledge of the OWASP Top 10, Cloud Security Posture Management CSPM, CVSS scoring, and software supply chain security.
• Lead DevSecOps Advocacy and Training: Provide clear guidance to Engineering and Product teams to foster a culture of shared security responsibility
• Embed Security into CICD Pipelines: Partner with DevOps teams to integrate "shift-left" controls, quality gates, and automated security testing SAST
• ,SCA IaC into actions, Build DevSecOps
• Dashboards and Reporting: Develop executive-level KPIs/KRIs covering vulnerability aging, MTTR Mean Time to Remediate, pipeline passfail rates, and measurable risk reduction across the enterprise
• Own software supply chain security SCA: Utilize JFrog Xray for policy enforcement, including vulnerable dependency detection, license governance, and automated blocking of malicious components within the artifact repository.
• Drive Static Analysis SAST and Code Quality: Use SonarQube to partner with development teams, reducing criticalhigh findings and implementing sustainable coding standards that are integrated directly into the developer\'s IDE and pull request workflow.
• Conduct Dynamic Testing DAST: Coordinate testing using Burp Suite to validate exploitability and reproduce issues, while working to automate baseline DAST scans within the CICD pipeline.
• Lead the end-to-end vulnerability lifecycle: discovery, triage, risk assessment, prioritization, remediation tracking, validation, and closure across Azure cloud environments.
• Operate and optimize Microsoft Defender for Cloud Azure
• Defender and Defender for Endpoint: Improve cloud security posture, reduce misconfigurations, and drive remediation across compute, networking, storage, identity, and container workloads AKSOCR.
• Qualifications Skills: Bachelors degree in information technology, Cybersecurity, Computer Science, or related field or equivalent practical experience