Staff Enginner

Company SummaryFirst American (India) is a GCC (Global Capability Center) of the First American Financial Corporation (NYSE: FAF) family of companies. FAI is a proud member of the FORTUNE 500 companies and has been amongst the Fortune 100 Best Companies to Work For list for eight consecutive years. First American Financial Corporation provides comprehensive title insurance, closing/settlement, property data and technology solutions. First American (India) creates quality solutions for its customers by combining software, back office, and knowledge processing operations to fulfill First American's business requirements. Our priorities are our employees, customers, and shareholders - in that order. First American (India) has been ranked amongst India's Best Companies To Work For 2023: Listed amongst the Top 100 by Great Place To Work India, FAI is also certified Best Workplaces for Women and Workplace with Inclusive Practices. Software Services helps build First American's product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms. Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications. The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML.Job Summary

Job Title: DevSecOps/ AppSecOps Staff Engineer

About the Role

We are looking for an experienced Platform Security Engineer with strong expertise in DevSecOps and Application Security (AppSec) to join our Security team. In this role, you will be instrumental in designing, building, and maintaining secure platforms and tooling that empower our development teams to deliver software efficiently, while embedding security throughout the development lifecycle. You'll collaborate closely with engineering teams to integrate security best practices, automate controls, and ensure our platforms are resilient, compliant, and scalable.

What You Will Do:

• Application Security Ownership: Take end-to-end responsibility for application security initiatives, including vulnerability remediation, conducting security reviews, and educating internal teams on secure coding practices and standards.
• Leadership and Cross-Team Collaboration: Provide technical leadership and mentorship to engineers while working closely with cross-functional teams to embed security seamlessly into development workflows.
• Continuous Improvement: Drive initiatives to continuously enhance platform security and efficiency by optimizing workflows, automating controls, and implementing industry best practices.
• Strategic Thinking: Contribute to the long-term vision for platform security and DevSecOps, aligning efforts with organizational goals and staying current with emerging technologies and trends.
• Technical Issue Resolution: Proactively identify, investigate, and resolve security vulnerabilities across applications, infrastructure, and cloud environments.
• Vulnerability Management: Lead efforts to detect, assess, and remediate infrastructure and software vulnerabilities, ensuring timely patching and mitigation in alignment with security policies.
• Cross-Functional Alignment: Collaborate with engineering, infrastructure, and compliance teams to ensure that platform capabilities and security measures align with broader organizational objectives.

What You Bring:

• Over 10 years of hands-on experience in DevSecOps and AppSecOps, with at least 5 years in application development using .NET and Java technology stacks.
• Deep understanding of application, infrastructure, and cloud security principles. Proven experience in identifying, remediating, and preventing vulnerabilities across the stack.
• Demonstrated ability to lead technical initiatives, develop secure architecture patterns, and mentor engineering teams on secure development practices.
• Advanced knowledge of AWS and Azure, including secure cloud networking (e.g., security groups, NACLs), IAM, encryption, and compliance controls.
• Proficiency in scripting (Python, Bash) and infrastructure-as-code tools such as Terraform, Terragrunt, or CloudFormation to automate secure infrastructure provisioning.
• Experience with tools like Veracode, Snyk, Prisma Cloud, and Checkmarx to detect and remediate vulnerabilities in code, containers, and infrastructure.
• Ability to guide teams in addressing OWASP Top 10 and SANS Top 25 vulnerabilities, conduct threat modeling, and perform secure code reviews and penetration testing.
• Experience in conducting security training, raising awareness across engineering teams, and embedding security into the SDLC.
• Familiarity with DAST, SAST, and IAST tools such as Burp Suite, Veracode, and Checkmarx for comprehensive application security assessments.
• Strong ability to document technical findings, communicate risks and recommendations clearly to developers, and advocate for security best practices.
• Excellent communication, critical thinking, and problem-solving skills. Comfortable working independently or collaboratively in fast-paced, high-stakes environments.

FAI is committed to create an environment that respects, supports and inspires all individuals. We do not discriminate on the basis of color, religion, sex, gender identity, sexual orientation and age. At FAI, we celebrate diversity and believe that an inclusive workforce benefits employees, the organization and our community. We are an Equal Opportunity Employer. For more information about our company and dedication to putting People First, check out

---