Senior Application Security (DevSecOps) Engineer

Senior Application Security (DevSecOps) Engineer 

Location: India (Bangalore/Chennai/Hybrid)
Team: Application Security / DevSecOps
Reports to: Head of Application Security

About the Role

Pearson seeking a highly motivated and experienced Senior Application Security (DevSecOps) Engineer with a strong background in DevOps, Application Security, and Cloud Security. In this role, you will lead and support the integration of security controls into CI/CD pipelines and cloud environments, working closely with developers, SREs, and cloud platform teams. The ideal candidate has hands-on experience in building and scaling security automation in enterprise-grade environments.

Responsibilities

• Application security SME for ongoing GitHub migration program
• Integrate SAST, SCA, IaC scanning, and DAST tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
• Drive security initiatives within GitHub Enterprise Security (code scanning, secret scanning, dependency management).
• Collaborate with development, SRE, and cloud teams to embed security into SDLC and DevOps workflows.
• Manage and optimize CSPM tools (e.g., Rapid7 ICS, Prisma Cloud, Wiz, Lacework) to enforce security policies across cloud assets.
• Create and maintain reusable security automation patterns and scripts (e.g., GitHub Actions, Terraform modules).
• Support application security reviews and recommend mitigations for security findings.
• Build dashboards and metrics to track pipeline coverage, tool effectiveness, and SLA adherence.
• Provide guidance and hands-on support during secure development, threat modeling, and remediation planning.
• Advocate for security best practices in engineering forums and architecture discussions.

Skills & Experience Required

• 5–7 years of experience in a DevSecOps, Application Security, or DevOps Security role.
• Strong working knowledge of:
  • Extensive experience in GitHub Enterprise and related security capabilities specially security tool integrations and automations
  • CI/CD pipeline integration of security tooling.
  • Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions.
  • Working experience in Application security tools (SAST, DAST, SCA, IaC)
• Sound working experience in scripting and programming languages
• Experience collaborating with software engineers, cloud teams, and SREs in a security capacity.
• Good understanding of OWASP Top 10, secure coding practices, and DevOps lifecycle.
• Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible).

Nice to Have

• Experience with threat modelling or security architecture reviews
• Knowledge of container security and Kubernetes security controls (e.g., Kube-bench, Trivy)
• Exposure to risk and vulnerability management workflows (e.g., Jira, ServiceNow, Qualys)

Key Success Areas for the Candidates

• Becoming a security ‘guru’ for SRE and DevOps teams
• Increased security coverage across CI/CD pipelines with minimal developer friction
• Reduced remediation SLAs and high-quality integration of tools into engineering workflows
• Strong collaboration with engineering and platform teams on secure-by-default solutions