Senior Application Security (DevSecOps) Engineer
Bangalore, Karnataka, India
Pearson
Discover all Pearson has to offer for every step of your learning journey.Senior Application Security (DevSecOps) Engineer
Location: India (Bangalore/Chennai/Hybrid)
Team: Application Security / DevSecOps
Reports to: Head of Application Security
About the Role
Pearson seeking a highly motivated and experienced Senior Application Security (DevSecOps) Engineer with a strong background in DevOps, Application Security, and Cloud Security. In this role, you will lead and support the integration of security controls into CI/CD pipelines and cloud environments, working closely with developers, SREs, and cloud platform teams. The ideal candidate has hands-on experience in building and scaling security automation in enterprise-grade environments.
Responsibilities
- Application security SME for ongoing GitHub migration program
- Integrate SAST, SCA, IaC scanning, and DAST tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
- Drive security initiatives within GitHub Enterprise Security (code scanning, secret scanning, dependency management).
- Collaborate with development, SRE, and cloud teams to embed security into SDLC and DevOps workflows.
- Manage and optimize CSPM tools (e.g., Rapid7 ICS, Prisma Cloud, Wiz, Lacework) to enforce security policies across cloud assets.
- Create and maintain reusable security automation patterns and scripts (e.g., GitHub Actions, Terraform modules).
- Support application security reviews and recommend mitigations for security findings.
- Build dashboards and metrics to track pipeline coverage, tool effectiveness, and SLA adherence.
- Provide guidance and hands-on support during secure development, threat modeling, and remediation planning.
- Advocate for security best practices in engineering forums and architecture discussions.
Skills & Experience Required
- 5–7 years of experience in a DevSecOps, Application Security, or DevOps Security role.
- Strong working knowledge of:
- Extensive experience in GitHub Enterprise and related security capabilities specially security tool integrations and automations
- CI/CD pipeline integration of security tooling.
- Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions.
- Working experience in Application security tools (SAST, DAST, SCA, IaC)
- Sound working experience in scripting and programming languages
- Experience collaborating with software engineers, cloud teams, and SREs in a security capacity.
- Good understanding of OWASP Top 10, secure coding practices, and DevOps lifecycle.
- Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible).
Nice to Have
- Experience with threat modelling or security architecture reviews
- Knowledge of container security and Kubernetes security controls (e.g., Kube-bench, Trivy)
- Exposure to risk and vulnerability management workflows (e.g., Jira, ServiceNow, Qualys)
Key Success Areas for the Candidates
- Becoming a security ‘guru’ for SRE and DevOps teams
- Increased security coverage across CI/CD pipelines with minimal developer friction
- Reduced remediation SLAs and high-quality integration of tools into engineering workflows
- Strong collaboration with engineering and platform teams on secure-by-default solutions
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Application security Automation AWS Azure Bash CI/CD Cloud CSPM DAST DevOps DevSecOps GCP GitHub GitLab ICS Jenkins Jira Kubernetes OWASP Python Qualys SAST Scripting SDLC SLAs Terraform Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.