Job Description
Job Title: Application Security Operation
Role Summary
Experience in enterprise Application Security testing services, including SAST, SCA, Secrets Detection, and DAST. Drive secure SDLC adoption through CI/CD integration, vulnerability validation, risk-based remediation tracking, SBOM management, and security metrics reporting.
Key Responsibilities
- Perform continuous and incremental application security testing using SAST, SCA, Secrets Detection, and DAST tools.
- Validate findings, eliminate false positives, and support vulnerability remediation activities.
- Integrate security scanning into CI/CD pipelines and enforce secure development gates.
- Manage SBOM generation, open-source dependency risks, CVE tracking, and vulnerability exposure reporting.
- Track remediation SLAs, TTD/TTR metrics, and application security KPIs.
- Partner with development, DevSecOps, and platform engineering teams to drive remediation and continuous security improvements.
- Support security assessments, tool optimization, reporting, and developer enablement initiatives.
Experience
-
6 years of experience in Application Security, Secure SDLC, or DevSecOps.
- Hands-on experience operating enterprise AppSec scanning platforms and vulnerability management processes.
- Experience integrating security testing into CI/CD pipelines and cloud-native environments.
- Strong understanding of OWASP Top 10, secure coding practices, and software supply chain security.
Technical Skills & Tool Experience
- SAST: Checkmarx/ Veracode/ Fortify/ SonarQube/ GitHub Advanced Security.
- SCA & SBOM: Fortify/ Checkmarx / Snyk / Black Duck.
- DAST & API Security: Fortify/ Checkmarx/ Burp Suite/ Invicti/ Acunetix.
- Secrets Detection: GitGuardian/ GitHub Secret Scanning.
- DevSecOps: Azure DevOps/ GitHub Actions/ Jenkins/ GitLab CI/CD.
- Container & Cloud Security: Prisma Cloud/ Wiz/ Aqua/ Microsoft Defender for Cloud.
- Reporting & ITSM: ServiceNow/ Power BI/ Grafana.
Preferred Certifications
- CEH/Security+/Certified DevSecOps Professional/AWS/Azure Security Specialty
͏
Areas of responsibility
Monitoring and Incident Detection-Analyse attack trends and correlate logs across systems to identify advance threats. Enhance monitoring processes and implement improvements for faster detection, to ensure compliance with security frameworks and regulatory standards.
Incident Handling and Analysis-Perform root cause analysis, create incident response plans and implement disaster recovery measures to minimize business disruption
Threat Assessment and Analytics-Undertake forensic analysis using advanced analytics tools and implement mitigation measures to align with compliance requirements.
Stakeholder Coordination and Audit Assistance-"Liaise with cross functional teams, external vendors and auditors to ensure compliance with security frameworks.
Maintain audit documentation and ensure its accuracy while implementing processes that support audit readiness and continuous compliance."
Training and Awareness-Assist in creating and delivering cybersecurity awareness sessions, including guidance on phishing and malicious emails.
͏
͏
͏
Experience: 5-8 Years .
Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.