Senior Application Security (DevSecOps) Engineer
Location: India (Bangalore/Chennai/Hybrid)
Team: Application Security / DevSecOps
Reports to: Head of Application Security
About the Role
Pearson seeking a highly motivated and experienced Senior Application Security (DevSecOps) Engineer with a strong background in DevOps, Application Security, and Cloud Security. In this role, you will lead and support the integration of security controls into CI/CD pipelines and cloud environments, working closely with developers, SREs, and cloud platform teams. The ideal candidate has hands-on experience in building and scaling security automation in enterprise-grade environments.
Responsibilities
Application security SME for ongoing GitHub migration program Integrate SAST, SCA, IaC scanning, and DAST tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). Drive security initiatives within GitHub Enterprise Security (code scanning, secret scanning, dependency management). Collaborate with development, SRE, and cloud teams to embed security into SDLC and DevOps workflows. Manage and optimize CSPM tools (e.g., Rapid7 ICS, Prisma Cloud, Wiz, Lacework) to enforce security policies across cloud assets. Create and maintain reusable security automation patterns and scripts (e.g., GitHub Actions, Terraform modules). Support application security reviews and recommend mitigations for security findings. Build dashboards and metrics to track pipeline coverage, tool effectiveness, and SLA adherence. Provide guidance and hands-on support during secure development, threat modeling, and remediation planning. Advocate for security best practices in engineering forums and architecture discussions.Skills & Experience Required
5–7 years of experience in a DevSecOps, Application Security, or DevOps Security role. Strong working knowledge of: Extensive experience in GitHub Enterprise and related security capabilities specially security tool integrations and automations CI/CD pipeline integration of security tooling. Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions. Working experience in Application security tools (SAST, DAST, SCA, IaC) Sound working experience in scripting and programming languages Experience collaborating with software engineers, cloud teams, and SREs in a security capacity. Good understanding of OWASP Top 10, secure coding practices, and DevOps lifecycle. Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible).Nice to Have
Experience with threat modelling or security architecture reviews Knowledge of container security and Kubernetes security controls (e.g., Kube-bench, Trivy) Exposure to risk and vulnerability management workflows (e.g., Jira, ServiceNow, Qualys)Key Success Areas for the Candidates
Becoming a security ‘guru’ for SRE and DevOps teams Increased security coverage across CI/CD pipelines with minimal developer friction Reduced remediation SLAs and high-quality integration of tools into engineering workflows Strong collaboration with engineering and platform teams on secure-by-default solutions