CareerStation
SO

Information Security Lead

Sourced Group
Pune2-8 LPA Posted 20 Jun 2025
FULL TIME
Application Security
DevSecOps

Job Description

  • Manage a team of DevSecOps security analysts and implementation engineers
  • Implement DevSecOps tools in all product dev environments
  • Follow up with staff members to ensure completion of security-related tasks
  • Manage and maintain Security health check of the integrated automation.
  • Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.
  • Analyze the implementation needs and provide effort estimation to the users
  • Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation.
  • Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
  • Liaise with development and infra teams to get the defect resolutions
  • Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge.
  • Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned
  • Maintaining hardware and software deployment and POC planning
  • 3+ years of experience in leading a team (team of security analysts is preferrable)
  • 5+ years of relevant experience in information Security DevSecOps
  • Total experience - 6-8 years
  • Extensive expertise in Application security and security architecture area.
  • Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz)
  • Expertise in Security code reviews and onboarding process for managing false positives
  • 5+ years experience in FOSS security issues and security hardening (CIS benchmarks)
  • 3+ years experience in setting up continuous integration and continuous delivery systems
  • 2-3 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions
  • Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
  • Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
  • Great Communication skills - (Ability to communicate with a Developer, a Manager or Director level).
  • Project Management Skills
  • 2-3 years basic understanding of Cloud Platforms
  • BS in Computer Science, or equivalent
  • Working in Agile/Scrum team

Nice to have:

  • Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
  • Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh)
  • Knowledge in distributed systems, software and network security preferred.
  • Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
  • Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
  • 2+years of experience on docker /k8S

Required Skills

Application SecurityDevSecOps
Join WhatsApp Channel