Job Title

Role Overview: We are looking for a seasoned and strategic DevSecOps Engineer to lead initiatives in Application and Cloud Security based out at Jaipur . This role demands a strong understanding of secure architecture design, change management, and integration of security controls across banking applications and cloud platforms. The ideal candidate will have hands-on experience with tools like Prisma, Burpsuite, Qualys, a solid grasp of cloud and application security principles, and the ability to drive secure development practices across teams. Key Responsibilities: Application Security & Architecture Review: Lead comprehensive security assessments (Blackbox, Greybox, Whitebox) for web and mobile applications. Conduct in-depth reviews of application architecture , especially during major changes or new integrations. Evaluate and approve security aspects of new application onboarding within the bank. Collaborate with development and infrastructure teams to embed security controls early in the design phase. Identify and suggest mitigation of vulnerabilities aligned with OWASP Top 10 and other frameworks. Change Management & Governance: Actively participate in the Change Advisory Board (CAB) to review and approve changes from a security perspective. Provide detailed risk analysis and security recommendations for proposed changes and integrations. Ensure that all changes comply with internal security policies and regulatory standards. Cloud Security (Exposure Level): Review cloud configurations and architecture for basic security hygiene and compliance. Provide guidance on secure usage of cloud-native services across AWS, Azure, Oracle, or GCP. Support teams in leveraging CSPM tools for posture management and visibility. Security Automation & Tooling: Utilize scripting (Python/Bash) to automate security tasks and integrate tools. Manage vulnerability scanning and remediation workflows using tools like Qualys . Key Requirements: 5–8 years of experience in Application and Cloud Security, with team management exposure. Strong understanding of secure architecture design and change management processes. Experience in reviewing and integrating security controls for new applications. Hands-on experience with vulnerability management tools (e.g., Qualys). Familiarity with cloud platforms and basic cloud security principles. Proficiency in scripting for automation and tool integration. Excellent communication and stakeholder management skills. Preferred Qualifications: Certifications such as AWS Certified Security Specialist, EJPT, CISSP, CISM or equivalent. Exposure to DevSecOps practices and CI/CD pipeline security. Understanding of regulatory standards like ISO 27001, PCI-DSS, and SOC2.