Shortcuts:

IMAGE: Return to Main IMAGE: Show All Jobs

Position Details: Application Security

Location: All Deloitte USI Locations
Openings: 1
Salary Range:

Description:



Skill- Application Security

Exp- 4-12 yrs

Hybrid-All Deloitte USI Locations

No of positions-2

JD-

• 4+ years of hands-on experience in *application security / DevSecOps*,
with strong experience in *SAST, SCA, and DAST

• (and ability to operate
these in CI/CD).

• Experience with leading AppSec tools such as *Checkmarx, Veracode,
Fortify, Burp Suite, OWASP ZAP, Snyk, Mend/WhiteSource, Black Duck, or
similar*.

• Strong understanding of *SSDLC*, *OWASP Top 10*, secure coding
practices, and common *web/API

• vulnerabilities
(authentication/authorization, injection, SSRF, deserialization,
misconfiguration).

• Experience integrating security controls into *Jenkins, GitLab CI,
GitHub Actions, Azure DevOps, or similar CI/CD platforms*, including
pipeline templates, quality gates, and exception processes.

• Python proficiency for AppSec automation (e.g., pipeline integrations,
parsing/enrichment, and custom checks); experience with scripting to
operationalize security at scale.

• Hands-on experience designing/building *AI agents or agentic workflows
• for security/engineering use cases, including tool/function calling and
multi-step orchestration (frameworks such as
LangChain/LangGraph/CrewAI/AutoGen or equivalent).

• Experience in vulnerability triage, remediation validation, developer
enablement, and reporting.

• Working knowledge of *threat modeling*, *security architecture review*,
and secure design principles.

• Hands-on experience performing *API security testing
• and guiding
remediation for authorization and abuse-case issues (e.g., BOLA/BFLA) in
modern application architectures.

• Familiarity with *cloud-native application security*,
• containers/Kubernetes*, *IaC*, and *secrets management
• concepts in
delivery pipelines.

• Awareness of security risks in *LLM-enabled applications
• (prompt
injection, sensitive data exposure, insecure tool/function calling) and
ability to apply basic mitigating controls during delivery.

• Strong verbal and written communication skills, including the ability
to explain risk and remediation to both technical and business stakeholders.

 

Perform an action:

IMAGE: Apply to Position




Powered by: OpenCATS - Applicant Tracking System