Cyber Security Application Security (AppSec) Lead

Job Description:

• Leverage Security Scorecard and vulnerability intel sources on application side (i.e.) Invicti, Checkmarx, Wiz to analyze open Vulnerabilities, risk posture, prioritize vulnerabilities, and align remediation based on CVSS scores and business criticality.
• Act as a hands-on technical lead, actively fixing vulnerabilities in code and setting remediation standards for the team.
• Should have excellent knowledge of SDLC controls including PR checks, severity thresholds, branch protection, and release gates.
• Perform secure code reviews and directly remediate vulnerabilities such as injection flaws, authentication issues, insecure APIs, and data exposure risks.
• Translate SAST/DAST findings into practical code fixes (input validation, encryption, auth controls, secure configurations).
• Partner with developers to triage vulnerabilities (CWE/OWASP) and drive faster remediation (MTTR reduction).
• Demonstrate strong development expertise (.NET / Java / APIs / Web apps) with ability to debug, refactor, and resolve security issues.
• Integrate security into CI/CD pipelines by implementing automated scanning, security gates, and remediation workflows.
• Oversee cloud vulnerability remediation (Wiz), prioritizing internet-facing risks, identity exposure, and misconfigurations.
• Establish and track AppSec KPIs (MTTR, false positives, recurring vulnerabilities, SLA adherence) and present insights to stakeholders.
• Lead and mentor teams by providing hands-on guidance, enforcing secure coding practices, and driving continuous improvement in vulnerability remediation and risk reduction.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or related field, with 8–12+ years of experience in application development and security.
• Proven hands-on experience in secure application development (.NET / Java / APIs / Web apps) with strong expertise in identifying and fixing code-level vulnerabilities.
• Deep knowledge of application security practices, including SAST/DAST tools (Checkmarx, Invicti), OWASP Top 10, CWE, and CVSS-based risk prioritization.
• Strong experience in DevSecOps and CI/CD integration, including implementing security gates, automated scanning, and secure SDLC controls.