**Senior Application Security (DevSecOps) Engineer** **Location:** India (Bangalore/Chennai/Hybrid) **Team:** Application Security / DevSecOps **Reports to:** Head of Application Security **About the Role** Pearson seeking a highly motivated and experienced Senior Application Security (DevSecOps) Engineer with a strong background in DevOps, Application Security, and Cloud Security. In this role, you will lead and support the integration of security controls into CI/CD pipelines and cloud environments, working closely with developers, SREs, and cloud platform teams. The ideal candidate has hands-on experience in building and scaling security automation in enterprise-grade environments. **Responsibilities** + Application security SME for ongoing GitHub migration program + Integrate SAST, SCA, IaC scanning, and DAST tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). + Drive security initiatives within GitHub Enterprise Security (code scanning, secret scanning, dependency management). + Collaborate with development, SRE, and cloud teams to embed security into SDLC and DevOps workflows. + Manage and optimize CSPM tools (e.g., Rapid7 ICS, Prisma Cloud, Wiz, Lacework) to enforce security policies across cloud assets. + Create and maintain reusable security automation patterns and scripts (e.g., GitHub Actions, Terraform modules). + Support application security reviews and recommend mitigations for security findings. + Build dashboards and metrics to track pipeline coverage, tool effectiveness, and SLA adherence. + Provide guidance and hands-on support during secure development, threat modeling, and remediation planning. + Advocate for security best practices in engineering forums and architecture discussions. **Skills & Experience Required** + 5–7 years of experience in a DevSecOps, Application Security, or DevOps Security role. + Strong working knowledge of: + Extensive experience in GitHub Enterprise and related security capabilities specially security tool integrations and automations + CI/CD pipeline integration of security tooling. + Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions. + Working experience in Application security tools (SAST, DAST, SCA, IaC) + Sound working experience in scripting and programming languages + Experience collaborating with software engineers, cloud teams, and SREs in a security capacity. + Good understanding of OWASP Top 10, secure coding practices, and DevOps lifecycle. + Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible). **Nice to Have** + Experience with threat modelling or security architecture reviews + Knowledge of container security and Kubernetes security controls (e.g., Kube-bench, Trivy) + Exposure to risk and vulnerability management workflows (e.g., Jira, ServiceNow, Qualys) **Key Success Areas for the Candidates** + Becoming a security ‘guru’ for SRE and DevOps teams + Increased security coverage across CI/CD pipelines with minimal developer friction + Reduced remediation SLAs and high-quality integration of tools into engineering workflows + Strong collaboration with engineering and platform teams on secure-by-default solutions 1166544 **Job:** Security **Job Family:** TECHNOLOGY **Organization:** Corporate Strategy & Technology **Schedule:** FULL\_TIME **Req ID:** 20394