Senior Security Engineer

We are seeking a highly experienced Secure SDLC (SSDLC) professional with 10+ years of experience to lead and embed security across the entire software development lifecycle. The role involves defining security standards, integrating security controls into CI/CD pipelines, performing advanced threat modeling, and mentoring engineering teams to build secure, resilient applications at scale

Key Responsibilities

SSDLC & Security Governance

• Define, implement, and continuously improve Secure SDLC frameworks aligned with industry standards (OWASP, NIST, ISO 27001, CIS).
• Establish security policies, coding standards, and security checkpoints across all SDLC phases.
• Act as the security SME for development, DevOps, and architecture teams.

Application Security

• Perform advanced threat modeling (STRIDE, PASTA) and security architecture reviews.
• Conduct and oversee secure code reviews (manual and automated).
• Lead application security testing activities including SAST, DAST, IAST, SCA, and penetration testing.
• Identify, assess, and prioritize vulnerabilities and drive remediation with engineering teams.

DevSecOps & Automation

• Integrate security tools into CI/CD pipelines (GitHub, GitLab, Jenkins, Azure DevOps, etc.).
• Automate security testing, policy enforcement, and compliance reporting.
• Define security gates and risk-based release criteria.

Risk Management & Compliance

• Perform security risk assessments and support audits and compliance initiatives.
• Map SSDLC practices to regulatory and compliance requirements.
• Track security metrics, KPIs, and KRIs to demonstrate program effectiveness.

Leadership & Mentoring

• Mentor developers and security engineers on secure coding and SSDLC best practices.
• Conduct secure coding training and awareness sessions.
• Influence stakeholders and leadership on security strategy and risk posture.

Required Skills & Qualifications

Technical Skills

• Strong hands-on experience with Secure SDLC and application security.
• Deep knowledge of OWASP Top 10, ASVS, MASVS, and API Security.
• Expertise in threat modeling and secure architecture design.
• Experience with SAST/DAST/IAST/SCA tools (e.g., Fortify, Checkmarx, Veracode, SonarQube, Burp, Snyk).
• Strong understanding of CI/CD and DevSecOps practices.
• Proficiency in at least one programming language (Java, .NET, Python, JavaScript, etc.).
• Experience securing cloud-native applications (AWS, Azure, GCP).

Soft Skills

• Strong leadership and stakeholder management skills.
• Excellent communication and documentation abilities.
• Ability to balance security risk with business priorities.

Preferred Qualifications

• Security certifications such as CISSP, CSSLP, CISM, OSCP, CEH.
• Experience in large-scale enterprise or regulated environments.
• Experience defining enterprise-wide security standards and roadmaps.