Security Operation Analyst (L2)

STL Digital is a global IT Services and Consulting company that enables enterprises to experience the future of digital transformation. We provide end to end services across product engineering, software, cloud, data and analytics, enterprise application services, and cyber-security.

Purpose- We Engineer Experiences that create value. We blend the agility of a startup with the stability of an established enterprise. We're passionate about innovation. Our culture is built on 4 core values:

1.Respect for Individuals:We value every team member's unique perspective and contributions.

2.Hunger to Learn:We encourage continuous growth and development.

3.Promises Delivered:We are committed to delivering on our commitments.

4.Keep it Simple:We strive for clarity and efficiency in everything we do.

We're looking for talented individuals to join us on this exciting journey, working with our 25+ Global Customers. Let's build the future of tech together.

About the Role:

We're looking for a security consultant to join our internal teams in one of our India offices. This is a hands-on, tech-oriented position where you'll apply and grow your knowledge of standard security practices. We need someone who is eager to work collaboratively with software product delivery teams, as well as network and infrastructure support teams.
This role is critical in helping our teams reduce risks related to code development, system architecture, and infrastructure. You will be a key part of embedding security into our delivery culture. It will be a significant advantage if you have experience working within delivery teams that use agile methodologies.

As a Security Consultant, you will:

Collaborate & Consult:Act as a primary security advisor for delivery teams, working side-by-side to embed security controls throughout the entire Software Development Life Cycle (SDLC).

Threat Modeling & Design:Champion Security by Design by facilitating threat modeling sessions and architectural reviews to identify logic flaws and design risks before code is even written.

Cloud Security Assurance:Validate the security posture of cloud infrastructure and services, ensuring configurations align with industry best practices (e.g., IAM, networking, and container security).

Enable & Automate:Assist engineering teams in integrating automated security testing (SAST/DAST) into their CI/CD pipelines to enable faster, safer releases adhering toDevSecOpsprinciples.

Review & Recommend:Conduct in-depthapplication security testingto proactively identify vulnerabilities and recommend precise mitigation strategies to developers.

Test & Analyze:Execute manualvulnerability assessmentsand utilize industry-standard tools (e.g., Checkmarx, Burp, Snyk, Wiz) to continuously analyze our applications and dependencies.

What You'll Bring (Required Skills):

Experience:2+ years in a security specialist role, vulnerability assessment and penetration testing (optionally).

AppSec Knowledge:Deep understanding ofOWASPstandards. Exposure to embedding threat modeling in the development lifecycle.

DevSecOps:Experience integratingthreat modelingand security checks into the SDLC and reviewing system architecture with delivery teams from security perspective.

Tooling:Proficiency with SAST, DAST, dependency checking, and container tools (e.g., Checkmarx, Burp, Snyk, Wiz), as well as manual vulnerability assessment and mitigation.

Infrastructure:Strong knowledge of Cloud security best practices (preferablyGoogle Cloud Platform), plus basic knowledge of networking, firewalls, virtualization, and OS security.

Operations:Experience handlingvulnerability management, patch management, and secret management tools.

Soft Skills:A basic understanding of risk management and excellent English communication skills to collaborate with global cross-functional teams.