Technical Lead - Application Security

Technical Lead – Application Security Location: Mumbai, India (Onsite) Experience Required: 20+ years (Application security + AI/ML security) Compensation: As per industry benchmarks Employment Type: Full-Time | Permanent Role Overview We are hiring a Techno Managerial Lead – Application Security to join our CISO team in Mumbai. This is a critical, hands-on leadership role that blends strategic oversight with deep technical expertise in application security. The ideal candidate will spearhead security testing of applications, evangelize secure software development practices, lead secure code reviews, and collaborate across teams to embed security into the software development lifecycle (SDLC). Key Responsibilities • Strategic Leadership: ✓ Define and evolve the bank’s application security strategy and roadmap including AI/ML and LLM security testing. ✓ Align security initiatives with business goals and regulatory requirements. • Technical Execution: ✓ Lead secure SDLC integration across development teams(including DevSecOps) of security testing tools. ✓ Oversee application security tools & processes for SAST, SCA DAST, Code Review across diverse technologies such as Web, Mobile, API etc. ✓ Participate and provide expert opinion in secure architecture design reviews for critical applications. ✓ Ensure periodic refresh of test cases catalogue against bank specific use-cases, emerging threats & global frameworks. ✓ Define, publish, and govern policies, secure coding standards, and open-source usage guidelines. ✓ Leverage AI security tools for scanning, fuzzing, and penetration testing of AI models. ✓ Apply best practices from OWASP Top 10 for ML/LLMs, MITRE ATLAS, NIST AI RMF, and ISO/IEC 42001 to test AI/ML assets. ✓ Stay informed about emerging threats and security trends in AI/ML technologies, and provide recommendations for enhancing security posture. ✓ Ensure AI model security testing framework aligns with internal policy, national regulatory requirements, and global best practices. Classification - Internal Classification - Internal ✓ Plan and execute security tests for AI/LLM systems, including jailbreaking, RAG hardening, • Program Management: ✓ Build and lead a high-performing AppSec team for pre-golive security testing as well as post-go live testing of scoped applications through structured calendar program. ✓ Develop and track KPIs and metrics to measure program effectiveness. ✓ Manage vendor relationships and maintain centralized governance across application security, source code review, open source, and AI Security programs. ✓ Drive compliance with internal and regulatory requirements through periodic security testing and reporting. • Stakeholder Engagement: ✓ Collaborate with engineering, risk, development, DevOps, risk, and compliance teams. ✓ Provide executive-level reporting and risk insights. ✓ Build and expand a security-first development culture through continuous secure coding training, workshops, and security champion’s programme to promote security awareness and advocacy within development teams Required Skills & Experience • 20 years of experience in cybersecurity, with at least 15 years in application security program management, development & testing (SAST/DAST/SCA) and minimum 5 years in leadership roles. • Proven track record of managing large-scale AppSec programs in BFSI or regulated environments. • Experience in dealing with regulatory bodies and response. • Hands-on experience with secure coding, manual application penetration testing, and DevSecOps practices. • Experience working with cloud-native applications and microservices architectures. • Deep understanding of OWASP Top 10 for Web, Mobile and API and their corresponding OWASP Testing guides, CWE and OWASP developer guide and other secure coding standards. • Proficiency in security tools: Fortify, Checkmarx, Veracode, MobSF, Frida, Xposed Framework, Cydia, JDgui, Burp Suite, etc. • Strong programming background (Java, .NET, Python, etc.) would be an added advantage. • Familiarity with CI/CD pipelines and integrating security into DevOps. • Hands-on experience with AI/ML security or secure MLOps/LLMOps • Proficient in Python, TensorFlow/PyTorch, HuggingFace, LangChain, and common data science libraries • Strong understanding of AI-specific threat models (MITRE ATLAS) and security benchmarks (OWASP Top 10 for ML/LLMs) • Excellent communication, leadership, and stakeholder management skills. • Ability to translate technical risks into business impact clearly to non-technical stakeholders Classification - Internal Classification - Internal Qualifications and Certifications • Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. • Certifications: CISA, CISM, CISSP, CSSLP, OSCP, OSWA, OSWE, SANS WAPT SEC542, Cloud Security, ML Security, or relevant AI/ML certificates • Why Join Us? ✓ Work on mission-critical security initiatives in a high-impact role. ✓ Be part of a forward-thinking cybersecurity team in a leading financial institution. ✓ Opportunity to shape the future of secure banking applications.

Apply Now