- Own delivery of AppSec outcomes for critical applications and platforms
- Lead hands-on threat modelling, architecture reviews, and remediation execution
- Set and enforce security release gates and acceptance criteria
- Actively reduce critical and high-risk vulnerabilities through Deep Code reviews, root cause analysis, direct remediation guidance
- Ensure development teams understand the importance of application security principles
- Continuously liaise with various product teams to analyse application vulnerabilities
- Create and guide a team of local application security subject matter experts
- Serve as final technical authority for AppSec decisions on high-stakes initiatives
- Unblock engineering teams and resolve security-delivery conflicts
- Report clear, actionable risk status to senior leadership
- Develop organisational processes and methods for security, privacy and related assets
- Continuously evaluate vulnerabilities and risks in software platforms, interfaces and applications
- Perform SW Threat modelling, Security Risk Assessment across various technology stacks
- Create product security requirements and concepts; promote ‘secure by design’ approach
- Triage and remediation planning for discovered vulnerabilities aligned to program deadlines
- Engage with internal and external partners to ensure alignment to commitments
- Mentor SW teams on secure coding, best practices, industry standards, tools, and processes
- Seek to build-in security during development of software systems and applications
- Ensure that organisational processes stay current; contribute to the Quality Management System
- Qualification: B.E / B.Tech / M.E / M.Tech (Computer Science or related fields)
- 12–15+ years in software engineering, application security, or architecture experience
- Proven history of executing and delivering AppSec improvements at scale
- Deep hands-on expertise in: Secure SDLC and application architecture, OWASP Top 10, API Security Top 10, Threat modelling (STRIDE or equivalent)
- Strong experience securing Modern architectures (cloud, APIs, microservices, containers, Kubernetes) & Legacy enterprise systems (monoliths, SOA, on-prem)
- Strong understanding of Authentication & authorization (OAuth2, OIDC, SAML), Cryptography, secrets management, secure configuration
- Deep experience integrating security into CI/CD pipelines
- Experience with ISO 27001/27002 and NIST Cybersecurity Framework
- Experience in identifying potential attacks and threat vectors and offer mitigation
- Experience with vulnerability management tools like Blackduck, Trivy, Prisma cloud, Tenable etc.
- Proficient in Security assessments, Authentication and access control
- Understanding of penetration testing, Applied cryptography and security protocols preferable
- Experience with AppSec practices for Infrastructure, connected devices etc.
- Good understanding of cryptographic primitives and their underlying principles preferable
- Good understanding of networking protocols, such as TCP/IP and UDP.
- Good understanding of Content Delivery Networks and their integration into applications
- Active in the security community. Regularly attends meetups or conferences
- Working understanding of Agile Development processes
- Lead without authority in a matrix organization
- Excellent communication skills – verbal and written
- Ability to translate complex ideas into simple solutions to implement
- Hybrid working model.
- Family Mediclaim benefits including parents & Term life insurance Cover.
- Wide portfolio of training opportunities including but not limited to Conferences, Workshops, Education reimbursement & Online learning.
- A wide range of Career Path to explore based on Individual strengths and aspirations.
- Quarterly and Annual awards for outstanding individuals and Quality of Life Improvement Program
For those who prioritize precision, Mettler Toledo is precisely where you belong.
Referenznummer
Bevorzugter Arbeitsort
Pensum
Geschäftsniederlassung