Principal Consultant, Consultant – Application Security (AppSec) Engineer

Inviting applications for the role of Principal Consultant, Consultant - Application Security (AppSec) Engineer etc.

In this role, you will collaborate closely with cross-functional teams, including developers, business analysts, and stakeholders, to deliver high-quality software solutions that enhance operational efficiency and support strategic business objectives.
The Application Security Engineer partners with engineering and product teams to embed security into the software development lifecycle (SDLC). This role focuses on enabling secure application design, development, and deployment through risk-based guidance, security testing, and scalable controls.

Responsibilities

• Collaborate with business stakeholders to understand and document functional and technical requirements related to P&C insurance operations.

• Provide post-deployment support and troubleshooting assistance to address any issues or anomalies encountered during system implementation.

• Define system architecture, data schemas, and integration patterns to ensure seamless communication between various components and external systems.

• Evaluate third-party software solutions and APIs for potential integration with existing systems, assessing compatibility and suitability for the organization%27s needs.

• Create comprehensive documentation, including system architecture diagrams, technical specifications, and user manuals, to facilitate system maintenance and knowledge transfer.

• Review code to ensure adherence to architectural standards, coding conventions, troubleshoot and security protocols.

• Participate in testing activities, including unit testing, integration testing, and user acceptance testing, to validate system functionality and performance.

• Collaborate with development teams to provide technical guidance and support throughout the software development lifecycle.

• Collaborate with business stakeholders to understand and document functional and technical requirements related to P&C insurance operations.

• Threat Modeling & Design:Analyze application architecture to find potential attack paths and design robust security controls.

• Secure SDLC Integration: Embed security into CI/CD pipelines with automated tools (SAST, DAST) and processes.

• Code Review & Vulnerability Management: Perform manual/automated code reviews, track vulnerabilities, and guide remediation.

• : Develop policies, provide training, and foster a strong security culture.

• : Conduct tests to identify exploitable weaknesses.

• Incident Response: Assist in investigating and resolving application-level security breaches.

Security Tools: Build and maintain security tools and dashboards.

• Integrate application security practices across the SDLC, including design, development, CI/CD, and production.

• Conduct application security design reviews and threat modeling.

• Support application security testing, including SAST (Veracode, Checkmarx, Synk, etc.) DAST (Invicti, AppScan, Fotify, etc.), SCA, API, and container security.

• Integrate and tune security tools within CI/CD pipelines.

• Triage and assess application security findings to determine risk and remediation priority.

• Partner with engineering and business stakeholders on risk acceptance decisions.

• Provide remediation guidance and secure coding recommendations.

• Develop reusable security standards, guidance, and developer enablement materials.

• Monitor emerging application security threats and best practices.

Qualifications we seek in you!

Minimum Qualifications

• BE/ B Tech/ MCA

Preferred Qualifications/ Skills

• Cybersecurity principles, secure coding, and encryption.

• Programming languages (Python, Java, etc.).

• SAST/DAST tools, CI/CD, and cloud security.

• Strong communication for developer collaboration.

• Proactive defense: Preventing vulnerabilities rather than just reacting.

• Collaboration: Working closely with development teams to shift left security

• Experience with version control tools like Git.

• Strong debugging and problem-solving skills.

• Excellent communication and collaboration abilities.

• Experience in application security, product security, or secure software development.

• Strong understanding of secure SDLC principles and application architectures.

• Knowledge of common application security risks, including OWASP Top 10.

• Experience working with development teams to remediate security issues.

• Familiarity with web application, API, and authentication/authorization security concepts.

• Strong communication and collaboration skills.

• Experience with SAST, DAST, SCA, and CI/CD security integration.

• Experience securing cloud-native and containerized applications (AWS, Azure, GCP).

• Familiarity with Kubernetes and microservices architectures.

• Experience in large enterprise environments.

• Security or cloud certifications (preferred, not required).

Success Indicators

• Security integrated into development workflows with minimal friction.

• Reduced repeat vulnerabilities and improved remediation timelines.

• Risk-based security decisions clearly documented and understood.

• Strong partnerships with engineering and product teams.