What Application Security Jobs are in Bangalore?
Showing 14 Application Security jobs in Bangalore
Job Description
Description
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- First party application security research
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Identifying and mitigating security issues at scale
- Development of security automation tools
- Adversarial security analysis using innovative tools to augment manual effort
- Security guidance and working with internal software development teams on securing their applications
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- Bachelor's degree in Computer Science, Information Security, 1+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation.
- Experience programming or scripting in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language
Preferred Qualifications
- Experience in any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, and security research.
- You have experience with AWS services or network architecture and enterprise IT systems
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience building scalable solutions for application security challenges
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- First party application security research
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Identifying and mitigating security issues at scale
- Development of security automation tools
- Adversarial security analysis using innovative tools to augment manual effort
- Security guidance and working with internal software development teams on securing their applications
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- Bachelor's degree in Computer Science, Information Security, 1+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation.
- Experience programming or scripting in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language
Preferred Qualifications
- Experience in any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, and security research.
- You have experience with AWS services or network architecture and enterprise IT systems
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience building scalable solutions for application security challenges
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Is this job a match or a miss?
Apply Now
0
Job Description
Job Title: Lead Application Security Engineer
Job Description:
We are seeking a highly experienced Lead Application Security Engineer to serve as a senior individual contributor and technical authority within the Application Security function. This role is designed for a hands-on expert who drives security outcomes through deep technical expertise, influence, and close collaboration with engineering teams.
The successful candidate will play a critical role in embedding security into the software development lifecycle (SDLC), identifying and mitigating complex application risks, and shaping secure engineering practices across the organization. You will work closely with developers, architects, DevOps, and cloud teams to ensure that security is built in by design and scaled effectively.
Key Responsibilities
Expert Application Security Delivery
+ Provide security guidance for AI technologies, including GenAI and agentic systems, ensuring responsible and secure adoption.
+ Perform advanced secure code reviews, dependency scanning (SCA), and dynamic application security testing (DAST/IAST) across a wide range of applications and technology stacks.
+ Conduct in-depth risk assessments and provide clear, actionable remediation guidance aligned with business priorities.
+ Act as an application security subject matter expert, guiding teams on secure design, architecture, and implementation patterns.
+ Embed application security controls into SDLC and CI/CD pipelines, ensuring security is integrated without slowing delivery.
+ Design, review, and advise on secure authentication and authorization mechanisms, APIs, and identity integrations.
+ Identify systemic security weaknesses and drive long-term improvements to reduce recurring vulnerabilities.
+ Partner closely with software engineers, architects, platform, and DevOps teams to solve security problems collaboratively.
+ Influence secure engineering practices through technical credibility, design reviews, and hands-on support, not policy enforcement.
+ Act as a trusted advisor to engineering leadership on application security risks, trade-offs, and improvements.
+ Contribute to internal security guidance, patterns, and documentation to improve security maturity at scale.
+ Stay current with emerging threats, attack techniques, and application security trends, translating insights into practical improvements.
+ Support secure adoption of cloud-native and containerized platforms (AWS, Azure, Kubernetes).
Qualifications & Skills
+ Good exposure to and understanding of AI technologies, including GenAI and agentic systems.
+ 8+ years of combined experience in software development, cybersecurity, and application security.
+ Proven track record as a senior / expert-level individual contributor in application security.
+ Strong hands-on experience with application security tools, including SAST, DAST/IAST, and SCA.
+ Deep understanding of secure software development practices and integrating security into SDLC and CI/CD pipelines.
+ Proficiency in one or more programming languages such as Python, Java, and JavaScript.
+ Strong knowledge of application security standards and frameworks (OWASP, NIST, CIS).
+ Advanced understanding of cryptography, authentication, authorization, and identity concepts.
+ Practical experience with threat modelling and use of commercial threat modelling tools.
+ Experience securing cloud and containerized environments (AWS, Azure, Kubernetes).
+ Excellent communication skills with the ability to influence cross-functional teams through technical expertise.
+ This role is based out of Bangalore/Chennai, with at least 3 days per week in the office.
Preferred Qualifications
+ Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field.
+ One or more of the following certifications:
+ OSCP / OSWE
+ GWAPT / eWPT
+ CISSP, CSSLP, or CEH (with an application security focus)
Why Join Us?
+ Operate as a true expert individual contributor with real technical impact.
+ Work on complex, high-scale applications and modern platforms, including cloud and AI-driven systems.
+ Influence security outcomes across engineering teams without people-management overhead.
+ Competitive compensation, benefits, and long-term career growth on a technical expert track.
**Who we are:**
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing
**Job:** Security
**Job Family:** TECHNOLOGY
**Organization:** Corporate Strategy & Technology
**Schedule:** FULL\_TIME
**Workplace Type:** Hybrid
**Req ID:** 23014
Job Description:
We are seeking a highly experienced Lead Application Security Engineer to serve as a senior individual contributor and technical authority within the Application Security function. This role is designed for a hands-on expert who drives security outcomes through deep technical expertise, influence, and close collaboration with engineering teams.
The successful candidate will play a critical role in embedding security into the software development lifecycle (SDLC), identifying and mitigating complex application risks, and shaping secure engineering practices across the organization. You will work closely with developers, architects, DevOps, and cloud teams to ensure that security is built in by design and scaled effectively.
Key Responsibilities
Expert Application Security Delivery
+ Provide security guidance for AI technologies, including GenAI and agentic systems, ensuring responsible and secure adoption.
+ Perform advanced secure code reviews, dependency scanning (SCA), and dynamic application security testing (DAST/IAST) across a wide range of applications and technology stacks.
+ Conduct in-depth risk assessments and provide clear, actionable remediation guidance aligned with business priorities.
+ Act as an application security subject matter expert, guiding teams on secure design, architecture, and implementation patterns.
+ Embed application security controls into SDLC and CI/CD pipelines, ensuring security is integrated without slowing delivery.
+ Design, review, and advise on secure authentication and authorization mechanisms, APIs, and identity integrations.
+ Identify systemic security weaknesses and drive long-term improvements to reduce recurring vulnerabilities.
+ Partner closely with software engineers, architects, platform, and DevOps teams to solve security problems collaboratively.
+ Influence secure engineering practices through technical credibility, design reviews, and hands-on support, not policy enforcement.
+ Act as a trusted advisor to engineering leadership on application security risks, trade-offs, and improvements.
+ Contribute to internal security guidance, patterns, and documentation to improve security maturity at scale.
+ Stay current with emerging threats, attack techniques, and application security trends, translating insights into practical improvements.
+ Support secure adoption of cloud-native and containerized platforms (AWS, Azure, Kubernetes).
Qualifications & Skills
+ Good exposure to and understanding of AI technologies, including GenAI and agentic systems.
+ 8+ years of combined experience in software development, cybersecurity, and application security.
+ Proven track record as a senior / expert-level individual contributor in application security.
+ Strong hands-on experience with application security tools, including SAST, DAST/IAST, and SCA.
+ Deep understanding of secure software development practices and integrating security into SDLC and CI/CD pipelines.
+ Proficiency in one or more programming languages such as Python, Java, and JavaScript.
+ Strong knowledge of application security standards and frameworks (OWASP, NIST, CIS).
+ Advanced understanding of cryptography, authentication, authorization, and identity concepts.
+ Practical experience with threat modelling and use of commercial threat modelling tools.
+ Experience securing cloud and containerized environments (AWS, Azure, Kubernetes).
+ Excellent communication skills with the ability to influence cross-functional teams through technical expertise.
+ This role is based out of Bangalore/Chennai, with at least 3 days per week in the office.
Preferred Qualifications
+ Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field.
+ One or more of the following certifications:
+ OSCP / OSWE
+ GWAPT / eWPT
+ CISSP, CSSLP, or CEH (with an application security focus)
Why Join Us?
+ Operate as a true expert individual contributor with real technical impact.
+ Work on complex, high-scale applications and modern platforms, including cloud and AI-driven systems.
+ Influence security outcomes across engineering teams without people-management overhead.
+ Competitive compensation, benefits, and long-term career growth on a technical expert track.
**Who we are:**
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing
**Job:** Security
**Job Family:** TECHNOLOGY
**Organization:** Corporate Strategy & Technology
**Schedule:** FULL\_TIME
**Workplace Type:** Hybrid
**Req ID:** 23014
Is this job a match or a miss?
Apply Now
1
Job Description
**About Team & About Role**
The Application Security team plays a key role in ensuring that Rubrik's Products & Applications are securely designed, developed and maintained. The team is responsible for building, managing and optimizing Rubrik's Secure Software Development Life Cycle (SSDLC) framework and works closely with stakeholders across the business to achieve successful security outcomes in Rubrik's products and applications.
As an intern on the Application Security Engineering Team, you will be a key member of our growing team. The successful candidate will report directly to the Sr. Manager for Application Security and will have the opportunity to interact with and learn from the broader Information Security team on a regular basis. The successful candidate will have the opportunity to work on projects that will make a meaningful business impact within the Application Security team and beyond.
**About Rubrik's Internship Program**
Rubrik offers an opportunity to make an impact from day one. Our interns work on challenging, real-world projects that not only contribute to our success, but provide high-visibility into our company and products. Interns learn from the best in the industry, building connections with senior team members who support their development through 1:1 mentorship. Alongside the meaningful work, interns have the opportunity to be fully immersed into Rubrik's inclusive community through social events, networking opportunities, professional development workshops, and volunteering events. Join us on our mission to secure the world's data.
During the 12-week internship, you'll have access to:
+ **Meaningful projects** : the opportunity to translate your education into hands-on professional experience through high-impact, challenging work
+ **A dedicated manager & mentor** : a team that will provide you with guidance and support on a regular basis
+ **Intern events hosted once per week** : the opportunity to participate in networking events, leadership meet-and-greets, professional development workshops, volunteering opportunities, and social events
+ **Other perks** : a buddy program, access to 401K benefits, company-wide intern presentations, intern swag, and more!
In the past year, Rubrik's internship program has been recognized as a Top 100 Internship Program ( and a Campus Forward Award Winner ( .
Join us on our mission to secure the world's data!
**What You'll Do:**
We're looking for interns who are curious, who want to be entrusted with real responsibility, and who embrace the opportunity to make a meaningful impact.
+ Assist Engineering Teams in reproducing, triaging, tracking and addressing application security vulnerabilities
+ Build technical solutions that will further optimize Rubrik's Secure SDLC
+ Develop tooling that will automate repetitive tasks and improve the Application Security team's overall efficiency
+ Work closely with other Application Security Engineers to develop security best practices and document standards
+ Assist with the development and maintenance of reporting dashboards for Application Security metrics
+ Work with partners in multiple time zones.
**Preferred Qualifications & Experience You'll Need** :
+ Currently pursuing a Bachelor's degree, Master's degree, or PhD in Cybersecurity, Computer Science or a related field
+ Graduating in 2027
+ Available to work full-time for 12-week program
+ Demonstrated software engineering experience from a previous internship, work experience, coding competitions, or publications (i.e. Python, Go, Scala, C/C++, Javascript/Typescript)
+ Understanding of CI/CD pipelines, containerization (Kubernetes, Docker, etc) and MicroServices
+ A self-starter with excellent critical thinking and problem solving skills
+ Team Player: Be willing to roll up your sleeves and work cross-functionally.
+ You are proactive and not afraid to drive towards finding a better solution.
+ Curious, open-minded and ego-free, with a growth mindset who thrives on continuous learning
**Join Us in Securing and Accelerating the World's AI Transformation**
Rubrik (RBRK), the Security and AI Operations Company, leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing, monitoring, and recovering data, identities, and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions, enforcing real-time guardrails, fine-tuning for accuracy and undoing agentic mistakes.
Linkedin ( | X (formerly Twitter) ( | Instagram ( | Rubrik.com
**Inclusion @ Rubrik**
At Rubrik, we are dedicated to fostering a culture where people from all backgrounds are valued, feel they belong, and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the world's data.
Our goal is to hire and promote the best talent, regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.
**Our inclusion strategy focuses on three core areas of our business and culture:**
+ Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.
+ Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging, can thrive, and do their best work. Your contributions help us innovate and break boundaries.
+ Our Communities: We are dedicated to expanding our engagement with the communities we operate in, creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik, contributing to safer and stronger communities.
**Equal Opportunity Employer/Veterans/Disabled**
Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
EEO IS THE LAW ( OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS
The Application Security team plays a key role in ensuring that Rubrik's Products & Applications are securely designed, developed and maintained. The team is responsible for building, managing and optimizing Rubrik's Secure Software Development Life Cycle (SSDLC) framework and works closely with stakeholders across the business to achieve successful security outcomes in Rubrik's products and applications.
As an intern on the Application Security Engineering Team, you will be a key member of our growing team. The successful candidate will report directly to the Sr. Manager for Application Security and will have the opportunity to interact with and learn from the broader Information Security team on a regular basis. The successful candidate will have the opportunity to work on projects that will make a meaningful business impact within the Application Security team and beyond.
**About Rubrik's Internship Program**
Rubrik offers an opportunity to make an impact from day one. Our interns work on challenging, real-world projects that not only contribute to our success, but provide high-visibility into our company and products. Interns learn from the best in the industry, building connections with senior team members who support their development through 1:1 mentorship. Alongside the meaningful work, interns have the opportunity to be fully immersed into Rubrik's inclusive community through social events, networking opportunities, professional development workshops, and volunteering events. Join us on our mission to secure the world's data.
During the 12-week internship, you'll have access to:
+ **Meaningful projects** : the opportunity to translate your education into hands-on professional experience through high-impact, challenging work
+ **A dedicated manager & mentor** : a team that will provide you with guidance and support on a regular basis
+ **Intern events hosted once per week** : the opportunity to participate in networking events, leadership meet-and-greets, professional development workshops, volunteering opportunities, and social events
+ **Other perks** : a buddy program, access to 401K benefits, company-wide intern presentations, intern swag, and more!
In the past year, Rubrik's internship program has been recognized as a Top 100 Internship Program ( and a Campus Forward Award Winner ( .
Join us on our mission to secure the world's data!
**What You'll Do:**
We're looking for interns who are curious, who want to be entrusted with real responsibility, and who embrace the opportunity to make a meaningful impact.
+ Assist Engineering Teams in reproducing, triaging, tracking and addressing application security vulnerabilities
+ Build technical solutions that will further optimize Rubrik's Secure SDLC
+ Develop tooling that will automate repetitive tasks and improve the Application Security team's overall efficiency
+ Work closely with other Application Security Engineers to develop security best practices and document standards
+ Assist with the development and maintenance of reporting dashboards for Application Security metrics
+ Work with partners in multiple time zones.
**Preferred Qualifications & Experience You'll Need** :
+ Currently pursuing a Bachelor's degree, Master's degree, or PhD in Cybersecurity, Computer Science or a related field
+ Graduating in 2027
+ Available to work full-time for 12-week program
+ Demonstrated software engineering experience from a previous internship, work experience, coding competitions, or publications (i.e. Python, Go, Scala, C/C++, Javascript/Typescript)
+ Understanding of CI/CD pipelines, containerization (Kubernetes, Docker, etc) and MicroServices
+ A self-starter with excellent critical thinking and problem solving skills
+ Team Player: Be willing to roll up your sleeves and work cross-functionally.
+ You are proactive and not afraid to drive towards finding a better solution.
+ Curious, open-minded and ego-free, with a growth mindset who thrives on continuous learning
**Join Us in Securing and Accelerating the World's AI Transformation**
Rubrik (RBRK), the Security and AI Operations Company, leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing, monitoring, and recovering data, identities, and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions, enforcing real-time guardrails, fine-tuning for accuracy and undoing agentic mistakes.
Linkedin ( | X (formerly Twitter) ( | Instagram ( | Rubrik.com
**Inclusion @ Rubrik**
At Rubrik, we are dedicated to fostering a culture where people from all backgrounds are valued, feel they belong, and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the world's data.
Our goal is to hire and promote the best talent, regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.
**Our inclusion strategy focuses on three core areas of our business and culture:**
+ Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.
+ Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging, can thrive, and do their best work. Your contributions help us innovate and break boundaries.
+ Our Communities: We are dedicated to expanding our engagement with the communities we operate in, creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik, contributing to safer and stronger communities.
**Equal Opportunity Employer/Veterans/Disabled**
Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
EEO IS THE LAW ( OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS
Is this job a match or a miss?
Apply Now
2
Job Description
**Who We Are**
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips - the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world - like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
**What We Offer**
Location:
Bangalore,IND
You'll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible-while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We're committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our benefits ( .
**Job Summary**
The Application Security Engineer designs, implements, and operates security controls that protect enterprise applications and services on a scale. The role partners with application owners, identity, cloud, and network teams to prevent, detect, and remediate risks across web apps, APIs, and SaaS solutions while advancing policies, standards, and automation aligned to Zero Trust principles.
**Key Responsibilities**
+ Deploy, configure, and operate controls across WAF, API security, bot/DDoS mitigation, identity/MFA, egress/DLP/SSL inspection, and SaaS security posture management (SSPM).
+ Triage and remediate application and SaaS vulnerabilities/misconfigurations, drive hardening and exception governance.
+ Build and maintain security standards, procedures, and baseline policies for internet-facing services; review and approve exceptions.
+ Integrate security checks and guardrails into CI/CD and change processes; ensure inventory/CMDB accuracy for protected services.
+ Develop and publish operational dashboards and metrics; clearly communicate status, risks, and recommendations to stakeholders.
+ Collaborate with engineering and vendors to troubleshoot complex issues and deliver durable fixes.
+ Continuously monitor and respond to security incidents, perform root cause analysis, and implement corrective actions.
+ Secure and monitor data egress to prevent unauthorized data movement; promote secure data handling practices with developers and DevOps.
+ Support internal/external audits and assessments; close findings with monitored sustainable controls.
**Required Qualifications**
+ Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.
+ 7+ years' experience in Application/SaaS Security or related security engineering roles, operating WAF, identity/MFA, egress/DLP, and SSPM at scale.
+ Web and API security expertise (OWASP Top 10/API, policy baselines, logging/monitoring, bot/DDoS mitigation).
+ Identity and access security for admin surfaces; familiarity with IGA/PAM and time‑bound elevation models.
+ Ability to analyze application assets and enrich CMDB
+ SaaS security posture (SSPM) operations and remediation workflows.
+ Scripting/automation (e.g., Python/PowerShell) and CI/CD integration.
+ Strong analytical, documentation, and cross‑functional communication abilities.
**Preferred Qualifications**
+ Industry certifications such as CISSP, CCSP/CCSK, GIAC (GWEB/GCSA), or cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer).
+ Experience with enterprise platforms (e.g., Akamai/F5 WAF, CyberArk EPM/PAM, leading IdPs, ServiceNow CMDB, and dashboarding such as Power BI).
+ Experience with CASB tools and other similar platforms
+ Familiarity with AI/ML security, including MLSecOps and LLMs.
**Leadership**
+ May lead functional teams or projects with moderate resource requirements, risk, and/or complexity
**Problem Solving**
+ Leads others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions
**Impact**
+ Impacts the achievement of customer, operational, project or service objectives; work is guided by functional policies
**interpersonal Skills**
+ Communicates difficult concepts and negotiates with others to adopt a different point of viewWhen required, act as a good mentor and train junior engineers appropriately
**Additional Information**
**Time Type:**
Full time
**Employee Type:**
Assignee / Regular
**Travel:**
Not Specified
**Relocation Eligible:**
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips - the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world - like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
**What We Offer**
Location:
Bangalore,IND
You'll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible-while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We're committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our benefits ( .
**Job Summary**
The Application Security Engineer designs, implements, and operates security controls that protect enterprise applications and services on a scale. The role partners with application owners, identity, cloud, and network teams to prevent, detect, and remediate risks across web apps, APIs, and SaaS solutions while advancing policies, standards, and automation aligned to Zero Trust principles.
**Key Responsibilities**
+ Deploy, configure, and operate controls across WAF, API security, bot/DDoS mitigation, identity/MFA, egress/DLP/SSL inspection, and SaaS security posture management (SSPM).
+ Triage and remediate application and SaaS vulnerabilities/misconfigurations, drive hardening and exception governance.
+ Build and maintain security standards, procedures, and baseline policies for internet-facing services; review and approve exceptions.
+ Integrate security checks and guardrails into CI/CD and change processes; ensure inventory/CMDB accuracy for protected services.
+ Develop and publish operational dashboards and metrics; clearly communicate status, risks, and recommendations to stakeholders.
+ Collaborate with engineering and vendors to troubleshoot complex issues and deliver durable fixes.
+ Continuously monitor and respond to security incidents, perform root cause analysis, and implement corrective actions.
+ Secure and monitor data egress to prevent unauthorized data movement; promote secure data handling practices with developers and DevOps.
+ Support internal/external audits and assessments; close findings with monitored sustainable controls.
**Required Qualifications**
+ Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.
+ 7+ years' experience in Application/SaaS Security or related security engineering roles, operating WAF, identity/MFA, egress/DLP, and SSPM at scale.
+ Web and API security expertise (OWASP Top 10/API, policy baselines, logging/monitoring, bot/DDoS mitigation).
+ Identity and access security for admin surfaces; familiarity with IGA/PAM and time‑bound elevation models.
+ Ability to analyze application assets and enrich CMDB
+ SaaS security posture (SSPM) operations and remediation workflows.
+ Scripting/automation (e.g., Python/PowerShell) and CI/CD integration.
+ Strong analytical, documentation, and cross‑functional communication abilities.
**Preferred Qualifications**
+ Industry certifications such as CISSP, CCSP/CCSK, GIAC (GWEB/GCSA), or cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer).
+ Experience with enterprise platforms (e.g., Akamai/F5 WAF, CyberArk EPM/PAM, leading IdPs, ServiceNow CMDB, and dashboarding such as Power BI).
+ Experience with CASB tools and other similar platforms
+ Familiarity with AI/ML security, including MLSecOps and LLMs.
**Leadership**
+ May lead functional teams or projects with moderate resource requirements, risk, and/or complexity
**Problem Solving**
+ Leads others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions
**Impact**
+ Impacts the achievement of customer, operational, project or service objectives; work is guided by functional policies
**interpersonal Skills**
+ Communicates difficult concepts and negotiates with others to adopt a different point of viewWhen required, act as a good mentor and train junior engineers appropriately
**Additional Information**
**Time Type:**
Full time
**Employee Type:**
Assignee / Regular
**Travel:**
Not Specified
**Relocation Eligible:**
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
Is this job a match or a miss?
Apply Now
3
Job Description
**Overview**
We are seeking an experienced Team Lead of Application Security Engineering to establish, lead, and mature our Application Security (AppSec) Program. This senior leadership role will build a comprehensive program encompassing developer awareness, secure coding practices, training initiatives, and security enablement across the software development lifecycle. As the senior security leader for our (location) office, this position serves dual responsibilities: driving application security excellence enterprise-wide while providing local leadership, mentorship, and support to all security team members in the office.
**Key Responsibilities:**
**Application Security Program Development & Leadership**
+ **Design and implement** a comprehensive Application Security Program from strategy through execution, including policies, standards, processes, metrics, and tools
+ **Establish and mature** security practices across all phases of the SDLC, including threat modeling, secure design reviews, code analysis (SAST/DAST/SCA), penetration testing, and security acceptance criteria
+ **Drive security awareness** initiatives that elevate secure development practices across engineering teams, fostering a security-first culture
+ **Develop and deliver** training programs for developers, architects, and product teams on secure coding, threat modeling, and emerging security risks
+ **Create enablement frameworks** that reduce security friction while improving adherence to security standards and best practices
+ **Build security champions programs** to embed security advocates within development teams
+ **Define and track** program metrics and KPIs to measure security posture improvements, vulnerability reduction, and program maturity **Technical Leadership & Innovation**
+ **Architect and implement** AppSec tooling strategies, integrating security into CI/CD pipelines and developer workflows
+ **Evaluate and adopt** emerging security technologies and methodologies, including AI-powered security tools and secure AI development practices
+ **Partner with engineering leadership** to balance security requirements with development velocity and business objectives
+ **Stay current** with application security trends, vulnerabilities, and attack vectors, adapting the program to accommodate the changes from these threats/risks.
+ **Lead, mentor, and develop** a team of 5-10 Application Security Engineers and Architects
+ **Build team capabilities** through hiring, skills development, career planning, and performance management
+ **Foster a collaborative culture** that emphasizes continuous learning, innovation, and operational excellence
+ **Allocate resources effectively** across program initiatives, security assessments, and incident response activities, ensuring the team meets Service Level Agreements (SLAs) and Service Level Objectives (SLOs) **Office Leadership & Cross-Functional Collaboration**
+ **Serve as the senior security leader** for the (location) office, providing guidance, support, and mentorship to all security personnel in the office regardless of functional reporting structure
+ **Act as the primary point of contact** for office-based employees seeking security leadership, career guidance, or organizational support
+ **Build and maintain strong relationships** with engineering, product, DevOps, and business stakeholders
+ **Communicate program strategy, progress, and risk** to executive leadership and the CISO
+ **Collaborate with peer security leaders** to ensure consistency and knowledge sharing across the enterprise security program
+ **15+ years** of application security experience with progression into leadership roles
+ **10+ years** leading application security programs, including program design, implementation, and maturation
+ **5+ years** managing and developing security teams, with demonstrated success in team building and talent development
+ **Proven track record** establishing security awareness, training, and enablement programs that drive measurable improvements in security posture
+ **Deep expertise** across the full SDLC, including secure design, code review, security testing, and deployment practices
+ **Hands-on experience** with AppSec tools and technologies (SAST, DAST, SCA, WAF, API security, secrets management, etc.) **Technical Skills:**
+ Strong understanding of modern application architectures (cloud-native, microservices, APIs, containerization)
+ Proficiency with common programming languages and frameworks
+ Knowledge of security frameworks and standards (OWASP, NIST, BSIMM, ISO 27001)
+ Experience integrating security into CI/CD and DevSecOps environments **Leadership & Communication**
+ **Executive presence** with ability to communicate complex security concepts to technical and non-technical audiences
+ **Strategic thinking** balanced with tactical execution capabilities
+ **Influence without authority** skills to drive security culture change across development organizations
+ **Strong interpersonal skills** for coaching, mentoring, and building trust with diverse stakeholders
+ Bachelor's degree in computer science, Information Security, or related field (or equivalent experience)
+ Desired security certifications (CISSP, CSSLP, CEH, OSCP, or similar)
+ **Experience with AI/ML security,** including secure development practices for AI systems, model security, prompt injection prevention, and AI-powered security tools
+ Knowledge of **AI security frameworks** and emerging standards (OWASP LLM Top 10, NIST AI Risk Management Framework)
+ Experience in **highly regulated industries** (financial services, healthcare, government) with compliance requirements
+ Master's degree in relevant field
+ Experience with **security metrics and reporting** to board-level audiences
+ Previous experience in **multi-site or distributed team leadership** **Leadership Expectations**
+ This role requires a leader who can:
+ **Inspire and empower** teams to deliver security excellence while maintaining development agility
+ **Navigate ambiguity** in a fast-paced environment with competing priorities
+ **Build consensus** across diverse stakeholder groups with differing objectives
+ **Demonstrate servant leadership** by supporting team growth and removing barriers to success
+ **Model security-first behaviors** that set the tone for the broader organization
+ **Provide hands-on guidance** to office-based security staff on professional development, escalations, and day-to-day challenges\#LI-P1
**Who we are:**
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing
**Job:** Security
**Job Family:** TECHNOLOGY
**Organization:** Corporate Strategy & Technology
**Schedule:** FULL\_TIME
**Workplace Type:** Hybrid
**Req ID:** 23449
We are seeking an experienced Team Lead of Application Security Engineering to establish, lead, and mature our Application Security (AppSec) Program. This senior leadership role will build a comprehensive program encompassing developer awareness, secure coding practices, training initiatives, and security enablement across the software development lifecycle. As the senior security leader for our (location) office, this position serves dual responsibilities: driving application security excellence enterprise-wide while providing local leadership, mentorship, and support to all security team members in the office.
**Key Responsibilities:**
**Application Security Program Development & Leadership**
+ **Design and implement** a comprehensive Application Security Program from strategy through execution, including policies, standards, processes, metrics, and tools
+ **Establish and mature** security practices across all phases of the SDLC, including threat modeling, secure design reviews, code analysis (SAST/DAST/SCA), penetration testing, and security acceptance criteria
+ **Drive security awareness** initiatives that elevate secure development practices across engineering teams, fostering a security-first culture
+ **Develop and deliver** training programs for developers, architects, and product teams on secure coding, threat modeling, and emerging security risks
+ **Create enablement frameworks** that reduce security friction while improving adherence to security standards and best practices
+ **Build security champions programs** to embed security advocates within development teams
+ **Define and track** program metrics and KPIs to measure security posture improvements, vulnerability reduction, and program maturity **Technical Leadership & Innovation**
+ **Architect and implement** AppSec tooling strategies, integrating security into CI/CD pipelines and developer workflows
+ **Evaluate and adopt** emerging security technologies and methodologies, including AI-powered security tools and secure AI development practices
+ **Partner with engineering leadership** to balance security requirements with development velocity and business objectives
+ **Stay current** with application security trends, vulnerabilities, and attack vectors, adapting the program to accommodate the changes from these threats/risks.
+ **Lead, mentor, and develop** a team of 5-10 Application Security Engineers and Architects
+ **Build team capabilities** through hiring, skills development, career planning, and performance management
+ **Foster a collaborative culture** that emphasizes continuous learning, innovation, and operational excellence
+ **Allocate resources effectively** across program initiatives, security assessments, and incident response activities, ensuring the team meets Service Level Agreements (SLAs) and Service Level Objectives (SLOs) **Office Leadership & Cross-Functional Collaboration**
+ **Serve as the senior security leader** for the (location) office, providing guidance, support, and mentorship to all security personnel in the office regardless of functional reporting structure
+ **Act as the primary point of contact** for office-based employees seeking security leadership, career guidance, or organizational support
+ **Build and maintain strong relationships** with engineering, product, DevOps, and business stakeholders
+ **Communicate program strategy, progress, and risk** to executive leadership and the CISO
+ **Collaborate with peer security leaders** to ensure consistency and knowledge sharing across the enterprise security program
+ **15+ years** of application security experience with progression into leadership roles
+ **10+ years** leading application security programs, including program design, implementation, and maturation
+ **5+ years** managing and developing security teams, with demonstrated success in team building and talent development
+ **Proven track record** establishing security awareness, training, and enablement programs that drive measurable improvements in security posture
+ **Deep expertise** across the full SDLC, including secure design, code review, security testing, and deployment practices
+ **Hands-on experience** with AppSec tools and technologies (SAST, DAST, SCA, WAF, API security, secrets management, etc.) **Technical Skills:**
+ Strong understanding of modern application architectures (cloud-native, microservices, APIs, containerization)
+ Proficiency with common programming languages and frameworks
+ Knowledge of security frameworks and standards (OWASP, NIST, BSIMM, ISO 27001)
+ Experience integrating security into CI/CD and DevSecOps environments **Leadership & Communication**
+ **Executive presence** with ability to communicate complex security concepts to technical and non-technical audiences
+ **Strategic thinking** balanced with tactical execution capabilities
+ **Influence without authority** skills to drive security culture change across development organizations
+ **Strong interpersonal skills** for coaching, mentoring, and building trust with diverse stakeholders
+ Bachelor's degree in computer science, Information Security, or related field (or equivalent experience)
+ Desired security certifications (CISSP, CSSLP, CEH, OSCP, or similar)
+ **Experience with AI/ML security,** including secure development practices for AI systems, model security, prompt injection prevention, and AI-powered security tools
+ Knowledge of **AI security frameworks** and emerging standards (OWASP LLM Top 10, NIST AI Risk Management Framework)
+ Experience in **highly regulated industries** (financial services, healthcare, government) with compliance requirements
+ Master's degree in relevant field
+ Experience with **security metrics and reporting** to board-level audiences
+ Previous experience in **multi-site or distributed team leadership** **Leadership Expectations**
+ This role requires a leader who can:
+ **Inspire and empower** teams to deliver security excellence while maintaining development agility
+ **Navigate ambiguity** in a fast-paced environment with competing priorities
+ **Build consensus** across diverse stakeholder groups with differing objectives
+ **Demonstrate servant leadership** by supporting team growth and removing barriers to success
+ **Model security-first behaviors** that set the tone for the broader organization
+ **Provide hands-on guidance** to office-based security staff on professional development, escalations, and day-to-day challenges\#LI-P1
**Who we are:**
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing
**Job:** Security
**Job Family:** TECHNOLOGY
**Organization:** Corporate Strategy & Technology
**Schedule:** FULL\_TIME
**Workplace Type:** Hybrid
**Req ID:** 23449
Is this job a match or a miss?
Apply Now
4
Technical Program Manager, Stores Application Security
Bengaluru
Amazon
Posted 23 days ago
Job Viewed
Job Description
Description
Amazon Application Security is looking for a security-focused Technical Program Manager who wants to make a difference and support Amazon builders to ensure that protecting customer data is at the forefront of all development.
Our team approaches security challenges with empathy and curiosity to help Amazon builders identify areas of improvement and learn how to navigate the highly dynamic space of application security. Amazon Application Security focuses on enabling our builders to provide a secure and trustworthy experience to our customers without compromising the overall customer experience.
In this role you will work directly with security teams and Amazon builders providing direct front line support and security expertise to Amazon teams.
You'll also find this role will routinely challenge your background in technical product ownership, process development, operational and management skills, project management, critical thinking, relationship-building, and problem-solving. You'll also find yourself challenged in unique ways when operating at the massive scale of Amazon, unique to a select few corporations in the world. You must be self-directed and open to new challenges, adept at prioritization, innovation, and collaborating with others.
Key job responsibilities
* Plan, organize, and manage all phases of the project lifecycle ensuring successful delivery. This includes defining success criteria, developing and managing project governance plans, project schedules, team goals, communication strategies and project milestones.
* Collaborate with internal customers (senior business leaders, development teams, application security engineering teams and other partner security teams) to understand their needs, their business and how we can improve their security posture.
* Architect and manage internal scope of work documents with the customer clearly defining success criteria and timelines. Hold all stakeholders accountable to these documents through the project lifecycle, escalating as necessary.
* Build and manage relationships with key internal stakeholders and security teams and while advocating on behalf of our customers to deliver on their security goals.
* Guide the evolution and adoption of internal security support solutions, at times with complex priorities, prioritizing the work most beneficial to Amazon builders.
* Use knowledge of software system design to scope architecture, review associated threat models, educate customers on potential severity of security findings and guide developer and security engineering teams through remediation.
* Define and implement best practice methods, processes, tools and continuous improvement initiatives aimed at scaling and increasing the efficiency of Amazon's security guidance and builder support processes.
* Own the creation and delivery of business proposals (growth, new areas of focus, etc) and metrics to security leadership.
* Proactively identify and manage program risk, identifying paths to overcome risks, and escalating when necessary
* Work effectively and make sound decisions in a dynamic environment with changing priorities.
* Influence, negotiate, resolve conflicts and achieve results through others who are not direct reports.
* Foster a positive work environment leveraging existing skills in active listening, encouraging diverse perspectives and adapting to a variety of personality types.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- 3+ years of technical product or program management experience
- 3+ years of project management disciplines including scope, schedule, budget, quality, along with risk and critical path management experience
- Experience managing programs across cross functional teams, building processes and coordinating release schedules
- 5+ years of working directly with engineering teams experience
Preferred Qualifications
- Experience working with security teams
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Amazon Application Security is looking for a security-focused Technical Program Manager who wants to make a difference and support Amazon builders to ensure that protecting customer data is at the forefront of all development.
Our team approaches security challenges with empathy and curiosity to help Amazon builders identify areas of improvement and learn how to navigate the highly dynamic space of application security. Amazon Application Security focuses on enabling our builders to provide a secure and trustworthy experience to our customers without compromising the overall customer experience.
In this role you will work directly with security teams and Amazon builders providing direct front line support and security expertise to Amazon teams.
You'll also find this role will routinely challenge your background in technical product ownership, process development, operational and management skills, project management, critical thinking, relationship-building, and problem-solving. You'll also find yourself challenged in unique ways when operating at the massive scale of Amazon, unique to a select few corporations in the world. You must be self-directed and open to new challenges, adept at prioritization, innovation, and collaborating with others.
Key job responsibilities
* Plan, organize, and manage all phases of the project lifecycle ensuring successful delivery. This includes defining success criteria, developing and managing project governance plans, project schedules, team goals, communication strategies and project milestones.
* Collaborate with internal customers (senior business leaders, development teams, application security engineering teams and other partner security teams) to understand their needs, their business and how we can improve their security posture.
* Architect and manage internal scope of work documents with the customer clearly defining success criteria and timelines. Hold all stakeholders accountable to these documents through the project lifecycle, escalating as necessary.
* Build and manage relationships with key internal stakeholders and security teams and while advocating on behalf of our customers to deliver on their security goals.
* Guide the evolution and adoption of internal security support solutions, at times with complex priorities, prioritizing the work most beneficial to Amazon builders.
* Use knowledge of software system design to scope architecture, review associated threat models, educate customers on potential severity of security findings and guide developer and security engineering teams through remediation.
* Define and implement best practice methods, processes, tools and continuous improvement initiatives aimed at scaling and increasing the efficiency of Amazon's security guidance and builder support processes.
* Own the creation and delivery of business proposals (growth, new areas of focus, etc) and metrics to security leadership.
* Proactively identify and manage program risk, identifying paths to overcome risks, and escalating when necessary
* Work effectively and make sound decisions in a dynamic environment with changing priorities.
* Influence, negotiate, resolve conflicts and achieve results through others who are not direct reports.
* Foster a positive work environment leveraging existing skills in active listening, encouraging diverse perspectives and adapting to a variety of personality types.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- 3+ years of technical product or program management experience
- 3+ years of project management disciplines including scope, schedule, budget, quality, along with risk and critical path management experience
- Experience managing programs across cross functional teams, building processes and coordinating release schedules
- 5+ years of working directly with engineering teams experience
Preferred Qualifications
- Experience working with security teams
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Is this job a match or a miss?
Apply Now
5
Job Description
Description
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- First party application security research
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Identifying and mitigating security issues at scale
- Development of security automation tools
- Adversarial security analysis using innovative tools to augment manual effort
- Security guidance and working with internal software development teams on securing their applications
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Bachelor's degree in Computer Science, Information Security, 3+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Have good understanding of network architecture, enterprise IT systems and cloud such as AWS.
- Proficiency in programming or scripting languages (e.g., Java, Python, Perl, Bash, Ruby, PowerShell, etc.).
- Ability to explain complex technical risks in simple, clear language so that non-technical stakeholders can easily understand and take appropriate action.
Preferred Qualifications
- 3+ years of experience in one or more of the following areas: threat modeling, secure coding, identity and access management (IAM) and authentication, software development, cryptography, or security research.
- Strong experience with AWS services, network architecture, and enterprise IT systems.
- Hands-on experience performing security activities across one or more phases of the Software Development Lifecycle (SDLC), including security design reviews, threat modeling, secure code reviews, and security testing.
- Experience driving continuous and scalable improvements in security controls and practices, and collaborating with security stakeholders to develop and implement security strategies.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- First party application security research
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Identifying and mitigating security issues at scale
- Development of security automation tools
- Adversarial security analysis using innovative tools to augment manual effort
- Security guidance and working with internal software development teams on securing their applications
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Bachelor's degree in Computer Science, Information Security, 3+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Have good understanding of network architecture, enterprise IT systems and cloud such as AWS.
- Proficiency in programming or scripting languages (e.g., Java, Python, Perl, Bash, Ruby, PowerShell, etc.).
- Ability to explain complex technical risks in simple, clear language so that non-technical stakeholders can easily understand and take appropriate action.
Preferred Qualifications
- 3+ years of experience in one or more of the following areas: threat modeling, secure coding, identity and access management (IAM) and authentication, software development, cryptography, or security research.
- Strong experience with AWS services, network architecture, and enterprise IT systems.
- Hands-on experience performing security activities across one or more phases of the Software Development Lifecycle (SDLC), including security design reviews, threat modeling, secure code reviews, and security testing.
- Experience driving continuous and scalable improvements in security controls and practices, and collaborating with security stakeholders to develop and implement security strategies.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Is this job a match or a miss?
Apply Now
6
Job Description
Description
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- Security architecture and design guidance
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Development of security automation tools
- First party application security research
- Adversarial security analysis using innovative tools to augment manual effort
- Security training and outreach for internal development teams
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
- First party application security research
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
- Experience working in identifying security issues and risks, and developing mitigation plans
- Experience as a mentor, tech lead or leading an engineering team
- BS in Computer Science, Information Security, 5+ years of demonstrated experience in areas such as application security, offensive security and/or systems security and have a strong application security background with a focus on scalable solutions
- Solid understanding of threat modeling, design and architecture review, manual source code review, security vulnerabilities, attacker exploit techniques, and methods for their remediation and have excellent understanding of network architecture, enterprise IT systems and cloud such as AWS
- Programming/Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) Excellent written and verbal communication skills and strong problem-solving ability and the ability to work in ambiguous and constantly evolving environment
- Can identify and remove bottlenecks for your teammates, both in process and technology and collaborate with security stakeholders to develop security strategies and Can explain complex technical risks in simple, clear language that non-technical stakeholders can easily understand and act upon.
Preferred Qualifications
- Experience applying threat modeling or other risk identification techniques or equivalent
- Experience with security in service-oriented architectures/microservices and web services
- Demonstrated strong judgment in assessing and prioritizing technical risk, with a solid application security background and a focus on scalable solutions.
- Proven experience designing, building, and securing complex AWS architectures.
- Excellent written and verbal communication skills, with the ability to convey complex technical concepts effectively.
- Proactive in identifying and eliminating bottlenecks across processes and technology to enhance team productivity.
- Experience in one or more of the following areas: threat modeling, secure coding, identity and access management (IAM), authentication, software development, cryptography, or security research.
- Strong expertise in AWS services, network architecture, and enterprise IT environments.
- Hands-on experience performing security activities across one or more phases of the Software Development Lifecycle (SDLC), including security design reviews, threat modeling, secure code reviews, and security testing.
- Proven ability to drive continuous, scalable improvements in security controls and practices, and to collaborate effectively with stakeholders to develop and implement security strategies.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- Security architecture and design guidance
- Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
- Development of security automation tools
- First party application security research
- Adversarial security analysis using innovative tools to augment manual effort
- Security training and outreach for internal development teams
- Independently solve security problems that require novel methods or approaches
- Influence your team's and partners' process, priorities, and choices to improve outcomes
- First party application security research
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
\#Joinstoresappsec
Basic Qualifications
- 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
- Experience working in identifying security issues and risks, and developing mitigation plans
- Experience as a mentor, tech lead or leading an engineering team
- BS in Computer Science, Information Security, 5+ years of demonstrated experience in areas such as application security, offensive security and/or systems security and have a strong application security background with a focus on scalable solutions
- Solid understanding of threat modeling, design and architecture review, manual source code review, security vulnerabilities, attacker exploit techniques, and methods for their remediation and have excellent understanding of network architecture, enterprise IT systems and cloud such as AWS
- Programming/Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) Excellent written and verbal communication skills and strong problem-solving ability and the ability to work in ambiguous and constantly evolving environment
- Can identify and remove bottlenecks for your teammates, both in process and technology and collaborate with security stakeholders to develop security strategies and Can explain complex technical risks in simple, clear language that non-technical stakeholders can easily understand and act upon.
Preferred Qualifications
- Experience applying threat modeling or other risk identification techniques or equivalent
- Experience with security in service-oriented architectures/microservices and web services
- Demonstrated strong judgment in assessing and prioritizing technical risk, with a solid application security background and a focus on scalable solutions.
- Proven experience designing, building, and securing complex AWS architectures.
- Excellent written and verbal communication skills, with the ability to convey complex technical concepts effectively.
- Proactive in identifying and eliminating bottlenecks across processes and technology to enhance team productivity.
- Experience in one or more of the following areas: threat modeling, secure coding, identity and access management (IAM), authentication, software development, cryptography, or security research.
- Strong expertise in AWS services, network architecture, and enterprise IT environments.
- Hands-on experience performing security activities across one or more phases of the Software Development Lifecycle (SDLC), including security design reviews, threat modeling, secure code reviews, and security testing.
- Proven ability to drive continuous, scalable improvements in security controls and practices, and to collaborate effectively with stakeholders to develop and implement security strategies.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Is this job a match or a miss?
Apply Now
7
Senior AppSec Engineer - Cloud, API & Software Supply Chain
Bangalore
Applied Materials
Posted 23 days ago
Job Viewed
Job Description
**Who We Are**
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips - the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world - like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
**What We Offer**
Location:
Bangalore,IND
You'll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible-while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We're committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our benefits ( .
**Role Summary**
We are looking for a highly motivated Senior Application Security Engineer to join our Application Security team. This role will focus on securing modern cloud-native applications, with emphasis on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS) security.
The ideal candidate will work closely with engineering, platform, and product teams to embed security into the SDLC and enable secure-by-design development practices on a scale.
**Key Responsibilities**
**Application & API Security**
+ Establish and mature an API security program, including tools, processes, governance, standards, and best practices
+ Define secure API design guidelines aligned with OWASP API Top 10 and industry standards
+ Evaluate and integrate API security tools into the SDLC and CI/CD pipelines
+ Partner with engineering teams to embed secure-by-design API patterns
+ Guide implementation of API authentication and authorization controls (OAuth2, OIDC, JWT, mTLS)
**Infrastructure as Code (IaC) Security**
+ Review and assess IaC templates (Terraform, ARM, CloudFormation, etc.) for security misconfigurations
+ Define and maintain secure IaC guardrails and policies
+ Integrate IaC security scanning into CI/CD pipelines
+ Partner with cloud and platform teams to remediate infrastructure risks early in the lifecycle
**Container & Kubernetes Security**
+ Assess container images for vulnerabilities, misconfigurations, and insecure base images
+ Review Kubernetes manifests, Helm charts, and deployment configurations
+ Advice on runtime security controls, least privilege, and workload isolation
+ Support adoption of container security best practices across development teams
**Open-Source Software (OSS) Security**
+ Manage open-source risk including vulnerabilities, licensing, and supply-chain threats
+ Support and tune SCA (Software Composition Analysis) tools
+ Drive remediation of vulnerable dependencies and guide teams on secure OSS usage
+ Contribute to OSS security governance, policies, and exception handling
**Secure SDLC & Enablement**
+ Embed security checks into CI/CD pipelines (SAST, DAST, SCA, IaC, container scans)
+ Provide actionable remediation guidance to developers
+ Create security documentation, standards, and secure coding guidelines
+ Deliver security awareness sessions and hands-on enablement for engineering teams
**Collaboration & Reporting**
+ Partner with AppSec peers, PSIRT, Cloud Security, and Engineering stakeholders
+ Track findings, risk acceptance, and remediation progress
+ Contribute to metrics and reporting for application security posture
**Required Qualifications**
+ 4-7 years of experience in application security, product security, or secure software engineering
+ Strong understanding of web application and API security fundamentals
+ Hands-on experience with cloud-native environments (AWS, Azure, or GCP)
+ Practical exposure to:
+ API security testing and design reviews
+ IaC tools (Terraform, ARM, CloudFormation, etc.)
+ Containers and Kubernetes
+ Open-source dependency management
+ Familiarity with OWASP Top 10, OWASP API Top 10, CWE, CVSS
+ Experience integrating security tools into CI/CD pipelines
+ Ability to clearly communicate security risks and solutions to engineering teams
**Preferred / Nice-to-Have Skills**
+ Experience with AppSec tooling such as SAST, DAST, SCA, IaC scanning, container security tools
+ Knowledge of Zero Trust and cloud security architectures
+ Experience with DevSecOps practices
+ Exposure to AI/ML security, including risks related to:
+ AI-enabled applications and APIs
+ Model and dependency supply chain risks
+ Prompt injection, data leakage, and misuse scenarios
+ Relevant certifications (e.g., CSSLP, GWAPT, CCSP, Kubernetes security certifications)
+ Prior experience working with globally distributed engineering teams
**Behavioral & Leadership Expectations**
+ Demonstrates independent execution within defined security domains
+ Proactively identifies security gaps and drives improvements
+ Strong collaboration and influencing skills without direct authority
+ Balances security risk with business and engineering priorities
+ Shows ownership, accountability, and a continuous learning mindset
**What Success Looks Like in This Role**
+ Improved security posture of APIs, cloud infrastructure, containers, and OSS usage
+ Faster and more effective vulnerability remediation by engineering teams
+ Security embedded early and consistently across the SDLC
+ Clear, scalable security standards adopted across product teams
**Additional Information**
**Time Type:**
Full time
**Employee Type:**
Assignee / Regular
**Travel:**
Yes, 10% of the Time
**Relocation Eligible:**
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips - the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world - like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
**What We Offer**
Location:
Bangalore,IND
You'll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible-while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We're committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our benefits ( .
**Role Summary**
We are looking for a highly motivated Senior Application Security Engineer to join our Application Security team. This role will focus on securing modern cloud-native applications, with emphasis on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS) security.
The ideal candidate will work closely with engineering, platform, and product teams to embed security into the SDLC and enable secure-by-design development practices on a scale.
**Key Responsibilities**
**Application & API Security**
+ Establish and mature an API security program, including tools, processes, governance, standards, and best practices
+ Define secure API design guidelines aligned with OWASP API Top 10 and industry standards
+ Evaluate and integrate API security tools into the SDLC and CI/CD pipelines
+ Partner with engineering teams to embed secure-by-design API patterns
+ Guide implementation of API authentication and authorization controls (OAuth2, OIDC, JWT, mTLS)
**Infrastructure as Code (IaC) Security**
+ Review and assess IaC templates (Terraform, ARM, CloudFormation, etc.) for security misconfigurations
+ Define and maintain secure IaC guardrails and policies
+ Integrate IaC security scanning into CI/CD pipelines
+ Partner with cloud and platform teams to remediate infrastructure risks early in the lifecycle
**Container & Kubernetes Security**
+ Assess container images for vulnerabilities, misconfigurations, and insecure base images
+ Review Kubernetes manifests, Helm charts, and deployment configurations
+ Advice on runtime security controls, least privilege, and workload isolation
+ Support adoption of container security best practices across development teams
**Open-Source Software (OSS) Security**
+ Manage open-source risk including vulnerabilities, licensing, and supply-chain threats
+ Support and tune SCA (Software Composition Analysis) tools
+ Drive remediation of vulnerable dependencies and guide teams on secure OSS usage
+ Contribute to OSS security governance, policies, and exception handling
**Secure SDLC & Enablement**
+ Embed security checks into CI/CD pipelines (SAST, DAST, SCA, IaC, container scans)
+ Provide actionable remediation guidance to developers
+ Create security documentation, standards, and secure coding guidelines
+ Deliver security awareness sessions and hands-on enablement for engineering teams
**Collaboration & Reporting**
+ Partner with AppSec peers, PSIRT, Cloud Security, and Engineering stakeholders
+ Track findings, risk acceptance, and remediation progress
+ Contribute to metrics and reporting for application security posture
**Required Qualifications**
+ 4-7 years of experience in application security, product security, or secure software engineering
+ Strong understanding of web application and API security fundamentals
+ Hands-on experience with cloud-native environments (AWS, Azure, or GCP)
+ Practical exposure to:
+ API security testing and design reviews
+ IaC tools (Terraform, ARM, CloudFormation, etc.)
+ Containers and Kubernetes
+ Open-source dependency management
+ Familiarity with OWASP Top 10, OWASP API Top 10, CWE, CVSS
+ Experience integrating security tools into CI/CD pipelines
+ Ability to clearly communicate security risks and solutions to engineering teams
**Preferred / Nice-to-Have Skills**
+ Experience with AppSec tooling such as SAST, DAST, SCA, IaC scanning, container security tools
+ Knowledge of Zero Trust and cloud security architectures
+ Experience with DevSecOps practices
+ Exposure to AI/ML security, including risks related to:
+ AI-enabled applications and APIs
+ Model and dependency supply chain risks
+ Prompt injection, data leakage, and misuse scenarios
+ Relevant certifications (e.g., CSSLP, GWAPT, CCSP, Kubernetes security certifications)
+ Prior experience working with globally distributed engineering teams
**Behavioral & Leadership Expectations**
+ Demonstrates independent execution within defined security domains
+ Proactively identifies security gaps and drives improvements
+ Strong collaboration and influencing skills without direct authority
+ Balances security risk with business and engineering priorities
+ Shows ownership, accountability, and a continuous learning mindset
**What Success Looks Like in This Role**
+ Improved security posture of APIs, cloud infrastructure, containers, and OSS usage
+ Faster and more effective vulnerability remediation by engineering teams
+ Security embedded early and consistently across the SDLC
+ Clear, scalable security standards adopted across product teams
**Additional Information**
**Time Type:**
Full time
**Employee Type:**
Assignee / Regular
**Travel:**
Yes, 10% of the Time
**Relocation Eligible:**
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
Is this job a match or a miss?
Apply Now
8
Remote Application Security Specialist
226001 Lucknow / Remote
Placements24
Posted 5 days ago
Job Viewed
Job Description
About the Role WhatJobs Direct is seeking a highly skilled Application Security Specialist to join our **fully remote** cybersecurity team. This role is crucial for ensuring that our client's software applications are developed and maintained with security as a top priority. As a remote-first organization, we are looking for an independent and proactive individual who can effectively integrate security practices into the software development lifecycle (SDLC). The ideal candidate will have a strong understanding of common web application vulnerabilities, secure coding practices, and security testing methodologies. You will work closely with development teams to identify and remediate security flaws, reducing the attack surface of our client's applications. Key Responsibilities
- Perform security assessments of web applications, APIs, and other software components.
- Conduct static application security testing (SAST) and dynamic application security testing (DAST).
- Identify and document vulnerabilities, providing clear and actionable recommendations for remediation.
- Collaborate with development teams to promote secure coding practices and provide training.
- Review code for security flaws and architectural weaknesses.
- Develop and maintain security testing tools and scripts.
- Stay up-to-date with the latest application security threats, vulnerabilities, and mitigation techniques.
- Contribute to the development and implementation of the secure SDLC process.
- Assist in threat modeling for new application features and designs.
- Respond to and investigate security incidents related to applications.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
- Minimum of 4 years of experience in application security, software development, or a related security role.
- Proven experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus).
- Strong understanding of web application vulnerabilities (e.g., OWASP Top 10) and secure coding principles.
- Familiarity with SAST and DAST tools and techniques.
- Experience with at least one programming language (e.g., Java, Python, C#, JavaScript).
- Excellent analytical and problem-solving skills.
- Strong communication and collaboration skills, especially in a remote setting.
- Experience with cloud environments (AWS, Azure, GCP) and their security implications is a plus.
- Relevant certifications such as CSSLP, GWAPT, or CEH are beneficial.
- Ability to work effectively in a **fully remote** capacity.
Is this job a match or a miss?
Apply Now
9