Lead Application Security Engineer
Job Overview
We are seeking a highly experienced Lead Application Security Engineer to serve as a senior individual contributor and technical authority within the Application Security function. This role is designed for a hands-on expert who drives security outcomes through deep technical expertise, influence, and close collaboration with engineering teams.
The successful candidate will play a critical role in embedding security into the software development lifecycle (SDLC), identifying and mitigating complex application risks, and shaping secure engineering practices across the organization. You will work closely with developers, architects, DevOps, and cloud teams to ensure that security is built in by design and scaled effectively.
Key Responsibilities
Expert Application Security Delivery
- Provide security guidance for AI technologies, including GenAI and agentic systems, ensuring responsible and secure adoption.
- Perform advanced secure code reviews, dependency scanning (SCA), and dynamic application security testing (DAST/IAST) across a wide range of applications and technology stacks.
- Conduct in-depth risk assessments and provide clear, actionable remediation guidance aligned with business priorities.
- Act as an application security subject matter expert, guiding teams on secure design, architecture, and implementation patterns.
- Embed application security controls into SDLC and CI/CD pipelines, ensuring security is integrated without slowing delivery.
- Design, review, and advise on secure authentication and authorization mechanisms, APIs, and identity integrations.
- Identify systemic security weaknesses and drive long-term improvements to reduce recurring vulnerabilities.
- Partner closely with software engineers, architects, platform, and DevOps teams to solve security problems collaboratively.
- Influence secure engineering practices through technical credibility, design reviews, and hands-on support, not policy enforcement.
- Act as a trusted advisor to engineering leadership on application security risks, trade-offs, and improvements.
- Contribute to internal security guidance, patterns, and documentation to improve security maturity at scale.
- Stay current with emerging threats, attack techniques, and application security trends, translating insights into practical improvements.
- Support secure adoption of cloud-native and containerized platforms (AWS, Azure, Kubernetes).
Qualifications & Skills
- Good exposure to and understanding of AI technologies, including GenAI and agentic systems.
- 8+ years of combined experience in software development, cybersecurity, and application security.
- Proven track record as a senior / expert-level individual contributor in application security.
- Strong hands-on experience with application security tools, including SAST, DAST/IAST, and SCA.
- Deep understanding of secure software development practices and integrating security into SDLC and CI/CD pipelines.
- Proficiency in one or more programming languages such as Python, Java, and JavaScript.
- Strong knowledge of application security standards and frameworks (OWASP, NIST, CIS).
- Advanced understanding of cryptography, authentication, authorization, and identity concepts.
- Practical experience with threat modelling and use of commercial threat modelling tools.
- Experience securing cloud and containerized environments (AWS, Azure, Kubernetes).
- Excellent communication skills with the ability to influence cross-functional teams through technical expertise.
- This role is based out of Bangalore/Chennai, with at least 3 days per week in the office.
Preferred Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field.
- One or more of the following certifications:
- OSCP / OSWE
- GWAPT / eWPT
- CISSP, CSSLP, or CEH (with an application security focus)
Why Join Us
- Operate as a true expert individual contributor with real technical impact.
- Work on complex, high-scale applications and modern platforms, including cloud and AI-driven systems.
- Influence security outcomes across engineering teams without people-management overhead.
- Competitive compensation, benefits, and long-term career growth on a technical expert track.
Who we are:
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing [Confidential Information].
Job: Security
Job Family: TECHNOLOGY
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 23014
