DevSecOps (Security test lead) Engineer

Urgent opening forDevSecOps (Security test lead) Engineer

Job Description: DevSecOps (Security test lead) Engineer

Experience Level: 58 Years

Budget-6-8LPA

Location: Bangalore, Rohan Tech Park /Mumbai, Mahape

Notice:Immediate to 15 days

Tech stack and Mandatory Skills

Skill Area

Mandatory Skills

Exp

Application Security

Strong expertise in SAST (Static Application Security Testing) & SCA (Software Composition Analysis) tools

Tool Proficiency

Handson with Snyk, SonarQube, Checkmarx, Fortify (or equivalent)

False Positive Management

Proven ability to identify, triage, and eliminate false positives

Secure SDLC / CI/CD

Deep understanding of Secure Software Development Lifecycle and CI/CD environments

Web & API Security

Solid knowledge of OWASP Top 10, secure coding standards, and API security concepts

DevOps Tools

Jenkins, GitLab, Azure DevOps

Collaboration & Training

Excellent communication and ability to influence teams

Experience

58 years in Application Security or DevSecOps domain

Role Summary

We are seeking a skilled DevSecOps Engineer with strong expertise in Application Security,

SAST, and SCA tools. The ideal candidate will collaborate closely with development and

DevOps teams to integrate security seamlessly into the CI/CD pipeline, identify and

eliminate false positives, and drive vulnerability remediation across multiple business

applications. Hands-on experience in Snyk or equivalent platforms will be a significant

advantage.

Key Responsibilities

Implement and maintain SAST and SCA tools within the CI/CD pipeline for continuous code

scanning.

Analyze scan results, validate and triage false positives, and ensure accuracy of reported

vulnerabilities.

Collaborate with development teams to guide and support remediation of security

vulnerabilities.

Work with DevOps teams to automate security checks and streamline secure build and

deployment processes.

Perform tool integrations (Snyk, SonarQube, Checkmarx, or similar) to improve visibility of

the organization's security posture.

Provide technical guidance and training to developers on secure coding practices.

Participate in threat modeling, secure design discussions, and application architecture

reviews.

Prepare and maintain documentation for processes, standards, and tool usage.

Required Skills & Experience

58 years of experience in Application Security or DevSecOps domain.

Strong understanding of SAST and SCA tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, or

similar).

Proven ability to identify, analyze, and manage false positives effectively.

Good understanding of Secure SDLC and CI/CD environments.

Solid knowledge of web and API security concepts, OWASP Top 10, and secure coding

standards.

Hands-on experience with DevOps tools such as Jenkins, GitLab, or Azure DevOps.

Excellent communication and collaboration skills to influence security adoption across

teams.

Preferred / Nice to Have

Experience using Snyk for open-source dependency management.

Exposure to container security, IaC scanning, or cloud-native security controls.

Security certifications such as CEH, OSCP, or CSSLP