Senior AppSec Engineer – Cloud, API & Software Supply Chain

Who We Are

Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips - the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world - like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.

What We Offer

Location:

Bangalore,IND

You'll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible-while learning every day in a supportive leading global company. Visit our Careers website to learn more.

At Applied Materials, we care about the health and wellbeing of our employees. We're committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our .

Role Summary

We are looking for a highly motivated Senior Application Security Engineer to join our Application Security team. This role will focus on securing modern cloud-native applications, with emphasis on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS) security.

The ideal candidate will work closely with engineering, platform, and product teams to embed security into the SDLC and enable secure-by-design development practices on a scale.

Key Responsibilities

Application & API Security

• Establish and mature an API security program, including tools, processes, governance, standards, and best practices
• Define secure API design guidelines aligned with OWASP API Top 10 and industry standards
• Evaluate and integrate API security tools into the SDLC and CI/CD pipelines
• Partner with engineering teams to embed secure-by-design API patterns
• Guide implementation of API authentication and authorization controls (OAuth2, OIDC, JWT, mTLS)

Infrastructure as Code (IaC) Security

• Review and assess IaC templates (Terraform, ARM, CloudFormation, etc.) for security misconfigurations
• Define and maintain secure IaC guardrails and policies
• Integrate IaC security scanning into CI/CD pipelines
• Partner with cloud and platform teams to remediate infrastructure risks early in the lifecycle

Container & Kubernetes Security

• Assess container images for vulnerabilities, misconfigurations, and insecure base images
• Review Kubernetes manifests, Helm charts, and deployment configurations
• Advice on runtime security controls, least privilege, and workload isolation
• Support adoption of container security best practices across development teams

Open-Source Software (OSS) Security

• Manage open-source risk including vulnerabilities, licensing, and supply-chain threats
• Support and tune SCA (Software Composition Analysis) tools
• Drive remediation of vulnerable dependencies and guide teams on secure OSS usage
• Contribute to OSS security governance, policies, and exception handling

Secure SDLC & Enablement

• Embed security checks into CI/CD pipelines (SAST, DAST, SCA, IaC, container scans)
• Provide actionable remediation guidance to developers
• Create security documentation, standards, and secure coding guidelines
• Deliver security awareness sessions and hands-on enablement for engineering teams

Collaboration & Reporting

• Partner with AppSec peers, PSIRT, Cloud Security, and Engineering stakeholders
• Track findings, risk acceptance, and remediation progress
• Contribute to metrics and reporting for application security posture

Required Qualifications

• 4-7 years of experience in application security, product security, or secure software engineering
• Strong understanding of web application and API security fundamentals
• Hands-on experience with cloud-native environments (AWS, Azure, or GCP)
• Practical exposure to:
  • API security testing and design reviews
  • IaC tools (Terraform, ARM, CloudFormation, etc.)
  • Containers and Kubernetes
  • Open-source dependency management
• Familiarity with OWASP Top 10, OWASP API Top 10, CWE, CVSS
• Experience integrating security tools into CI/CD pipelines
• Ability to clearly communicate security risks and solutions to engineering teams

Preferred / Nice-to-Have Skills

• Experience with AppSec tooling such as SAST, DAST, SCA, IaC scanning, container security tools
• Knowledge of Zero Trust and cloud security architectures
• Experience with DevSecOps practices
• Exposure to AI/ML security, including risks related to:
  • AI-enabled applications and APIs
  • Model and dependency supply chain risks
  • Prompt injection, data leakage, and misuse scenarios
• Relevant certifications (e.g., CSSLP, GWAPT, CCSP, Kubernetes security certifications)
• Prior experience working with globally distributed engineering teams

Behavioral & Leadership Expectations

• Demonstrates independent execution within defined security domains
• Proactively identifies security gaps and drives improvements
• Strong collaboration and influencing skills without direct authority
• Balances security risk with business and engineering priorities
• Shows ownership, accountability, and a continuous learning mindset

What Success Looks Like in This Role

• Improved security posture of APIs, cloud infrastructure, containers, and OSS usage
• Faster and more effective vulnerability remediation by engineering teams
• Security embedded early and consistently across the SDLC
• Clear, scalable security standards adopted across product teams

Additional Information

Time Type:

Full time

Employee Type:

Assignee / Regular

Travel:

Yes, 10% of the Time

Relocation Eligible:

Yes

Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.