Application Security Specialist

Application Security Specialist (6–8 Years Experience)

Job Title: Application Security Specialist

Experience Required: 6–8 Years

Location: Noida

Job Type: Full-Time

Department: Cyber Security

Reporting to: Head/CISO Cyber Security.

Role Overview:

As an Application Security Specialist at , you will be responsible for embedding security into the development lifecycle of cutting-edge cloud-native and edge computing applications. You will collaborate with cross-functional teams to ensure secure design, development, and deployment of software products, while also contributing to the organization's GRC initiatives.

Key Responsibilities:

Application Security (80%)

• Lead the design and implementation of secure software development lifecycle (SSDLC) practices across product teams.
• Conduct threat modelling and secure code reviews for applications built on Coredge platforms.
• Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using DevSecOps practices and have a strong understanding of secure GitHub, Docker Hub etc.
• Collaborate with developers to remediate vulnerabilities and promote secure coding.
• Perform penetration testing and vulnerability assessments on web, and microservices-based applications.
• Define and enforce application security policies aligned with Coredge's product architecture.
• Monitor emerging threats and recommend proactive security measures.
• Lead incident response for application-level security breaches.
• Collaborate with product managers and architects to ensure security requirements are embedded in product design.
• Conduct regular security training and awareness sessions for developers and QA teams.
• Evaluate and implement new security tools and technologies to enhance application security posture.
• Maintain a vulnerability management program for applications, including tracking, reporting, and remediation.
• Participate in bug bounty programs and coordinate with external researchers to validate and remediate findings.
• Develop and maintain security dashboards and metrics to report on application security health.
• Contribute to open-source security initiatives and represent in industry forums.

Governance, Risk, and Compliance (20%)

• Work with legal and compliance teams to ensure applications meet regulatory requirements (e.g., GDPR, HIPAA, DPDP).
• Support internal and external audits related to application security and compliance.
• Develop and maintain documentation for security policies, standards, and procedures.
• Conduct risk assessments and contribute to enterprise risk management initiatives.
• Ensure alignment of application security practices with broader GRC frameworks and corporate governance.
• Collaborate with stakeholders to implement controls that meet compliance and regulatory standards (e.g., PCI-DSS, ISO
• Track and report on compliance metrics and risk mitigation efforts.

Preferred Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• 6–8 years of experience in application security, software development, or penetration testing.
• Strong understanding of OWASP Top 10, SANS CWE Top 25, and secure coding practices.
• Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation).
• Hands-on experience with tools like SonarQube, Trivy, Burp Suite, Checkmarx, Veracode, Kali Linux and GitLab CI/CD.
• Proficiency in languages such as Java, Python, Go, or JavaScript.
• Experience with DevSecOps and integrating security into Agile/DevOps workflows.
• Knowledge of regulatory and compliance standards (e.g., DPDP, PCI-DSS, HIPAA, GDPR).
• Mandatory Certifications such as CEH, OSCP, or GWAPT are highly desirable (Any one of them).