InfoSec L2 VM (App) Security Engineer

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The Information Security Strategy & Risk Management team at Zoetis ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen Zoetis' security posture, including protecting sensitive data, identifying and mitigating cyber threats, and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security, and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.

This position is responsible for supporting application security assessments across the organization, including web applications, mobile applications, business applications, and APIs. The Analyst will assist in identifying, analyzing, and reporting vulnerabilities while providing remediation support to development teams. With a focus on secure application development, this role contributes to improving the organization’s overall security posture. The Analyst will work alongside the Vulnerability Management Application Security Engineer and collaborate with various teams to ensure secure development practices. This position offers hands-on experience with leading security tools and methodologies, fostering professional growth in a fast-paced, innovative environment.

POSITION RESPONSIBILITIES Percent of Time
• Conduct security testing and vulnerability assessments for various applications, including web applications, mobile apps, business systems, and APIs.
• Assist in the identification, analysis, and prioritization of vulnerabilities, ensuring timely and effective remediation in collaboration with development teams.
• Support the development and execution of secure coding practices and application security guidelines.
• Monitor and interpret vulnerability scanning results to identify trends, root causes, and systemic risks, providing actionable insights to stakeholders.
• Collaborate with the wider Vulnerability Management team and other stakeholders to maintain and improve security processes and tools.
• Stay updated on emerging threats, vulnerabilities, and industry best practices to enhance testing methodologies and overall security strategies.
• Create and maintain detailed documentation and reports to track security metrics and demonstrate compliance with applicable standards. 100%

ORGANIZATIONAL RELATIONSHIPS

• The Analyst will work closely with the Vulnerability Management Application Security Engineer and the onshore vulnerability management team to execute security testing initiatives.

This role will also collaborate with:
• Application Development teams to address vulnerabilities and implement secure coding practices.
• Cloud and Application Security teams to align on strategy and processes.
• Other stakeholders within the Zoetis Tech & Digital (ZTD) organization to support vulnerability remediation efforts.

EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science or Information Systems is required
• MS or advanced identity courses or other applicable certifications is desirable, including
o Certified Information Systems Security Professional (CISSP)
• Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience:
• A minimum of 4+ years of relevant  experience with a strong background in vulnerability management and security engineering.
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Demonstrated ability to work within diverse technical teams.

TECHNICAL SKILLS REQUIREMENTS

• Hands-on experience in application security assessments, penetration testing, or secure development practices.
• Proficiency with application security and vulnerability scanning tools, such as Burp Suite, Veracode, and HCL AppScan.
• Knowledge of web application, mobile app, and API penetration testing methodologies.
• Familiarity with the Software Development Lifecycle (SDLC), secure coding practices, and application development processes.
• Understanding of application security vulnerabilities (e.g., OWASP Top 10), security frameworks (e.g., NIST), and risk mitigation strategies.
• Experience working with cloud platforms such as AWS and Azure is desirable.
• Strong analytical skills and a detail-oriented approach to identifying and addressing vulnerabilities.
• Excellent verbal and written communication skills to create reports and collaborate with internal teams.
• Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)