DevSecOps (Security test lead) Engineer

We are seeking a skilled DevSecOps Engineer with strong expertise in Application Security, SAST, and SCA tools. The ideal candidate will collaborate closely with development and DevOps teams to integrate security seamlessly into the CI/CD pipeline, identify and eliminate false positives, and drive vulnerability remediation across multiple business applications. Hands-on experience in Snyk or equivalent platforms will be a significant advantage.

Key Responsibilities:

• Implement and maintain SAST and SCA tools within the CI/CD pipeline for continuous code scanning.
• Analyze scan results, validate and triage false positives, and ensure accuracy of reported vulnerabilities.
• Collaborate with development teams to guide and support remediation of security vulnerabilities.
• Work with DevOps teams to automate security checks and streamline secure build and deployment processes.
• Perform tool integrations (Snyk, SonarQube, Checkmarx, or similar) to improve visibility of the organization’s security posture.
• Provide technical guidance and training to developers on secure coding practices.
• Participate in threat modeling, secure design discussions, and application architecture reviews.
• Prepare and maintain documentation for processes, standards, and tool usage.

Required Skills & Experience:

• 5–8 years of experience in Application Security or DevSecOps domain.
• Strong understanding of SAST and SCA tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, or similar).
• Proven ability to identify, analyze, and manage false positives effectively.
• Good understanding of Secure SDLC and CI/CD environments.
• Solid knowledge of web and API security concepts, OWASP Top 10, and secure coding standards.
• Hands-on experience with DevOps tools such as Jenkins, GitLab, or Azure DevOps.
• Excellent communication and collaboration skills to influence security adoption across teams.

Preferred / Nice to Have:

• Experience using Snyk for open-source dependency management.
• Exposure to container security, IaC scanning, or cloud-native security controls.
• Security certifications such as CEH, OSCP, or CSSLP.

Job Type: Full-time

Pay: ₹300,000.00 - ₹500,000.00 per year

Application Question(s):

• Can you join immediately?
• What is your current CTC?

Experience:

• DevSecOps: 5 years (Required)
• Application Security: 5 years (Required)

Work Location: In person