Cloud Application Security

We are seeking a skilled Security Engineer to embed security best practices across the Software Development Lifecycle (SDLC), ensure compliance with enterprise security policies, and proactively identify and remediate risks across applications and data flows. This role will act as a critical liaison between development teams, enterprise security, and data engineering, with a focus on dynamic/static application security testing (DAST/SAST), DevSecOps practices, and data protection strategies. Key Responsibilities SDLC & DevSecOps Integration • Embed security controls and checkpoints throughout the SDLC, from design through deployment. • Collaborate with developers and product teams to review threat models, design secure architecture, and define secure coding practices. • Integrate automated security scans (e.g., SAST, DAST, OSS/Vulnerability scans) into CI/CD pipelines and ensure timely remediation. • Maintain security gates within Azure DevOps or similar ALM tools to enforce security quality standards. Security Scanning & Risk Management • Own the setup, configuration, and management of static and dynamic code scanning tools (e.g., SonarQube, Veracode, Fortify, etc.). • Monitor scan results, track vulnerabilities, and coordinate triage/resolution with development teams. • Maintain a vulnerability dashboard and produce reports that support security risk visibility and compliance. Data Security • Collaborate with the data engineering team to ensure data classification, encryption, access control, and retention policies are consistently applied. • Evaluate data flow diagrams and data models for security exposure and make recommendations to protect PII, PCI, and other sensitive data types. • Support secure integration patterns between applications, APIs, and databases. Governance & Enterprise Security Alignment • Coordinate with the Enterprise Security Office to align with corporate security standards, audit requirements, and incident response protocols. • Participate in internal and external audits, risk assessments, and penetration testing exercises. • Escalate systemic risks and propose design-level mitigations. Documentation & Awareness • Document security processes, requirements, and design patterns. • Educate developers and stakeholders on secure coding, SDLC security responsibilities, and emerging threats. Qualifications • 3–5+ years of experience in application security, cloud security, or a DevSecOps role. • Deep understanding of secure development practices and frameworks (OWASP Top 10, NIST, etc.). • Experience with static and dynamic scanning tools (e.g., Fortify, Veracode, Checkmarx, Burp Suite). • Familiarity with CI/CD tools and pipelines (e.g., Azure DevOps, GitHub Actions). • Strong knowledge of data protection techniques (masking, encryption, RBAC, etc.). • Hands-on experience with identity and access management (IAM), API security, and cloud-native platforms (Azure preferred). • Excellent collaboration skills across cross-functional teams (Dev, QA, Data, Infra, Enterprise Security). Nice to Have • Security certifications such as CISSP, CSSLP, OSCP, or Azure Security Engineer Associate. • Experience with infrastructure as code (IaC) security (e.g., Terraform, Bicep, or ARM templates). • Background in regulated industries or compliance frameworks (SOC 2, PCI-DSS).