Job Description

Description GSPANN is hiring an Application Security Specialist with expertise in driving Secure Software Development Life Cycle (SSDLC) operations across enterprise applications. The role focuses on integrating application security tools into CI/CD pipelines, enforcing security gates, and managing vulnerabilities across the release lifecycle.

Role and Responsibilities

  • Drive adoption of the Secure Software Development Life Cycle (SSDLC) across design, build, test, release, and operate phases.
  • Perform application security reviews prior to release and enforce security gates.
  • Integrate Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secrets scanning using Checkmarx and GitHub Advanced Security (CodeQL, Secret Scanning, Dependabot), along with Application Security Posture Management (ASPM) using Apiiro, into Continuous Integration / Continuous Delivery (CI/CD) pipelines through GitHub Actions and pull request checks.
  • Coordinate Dynamic Application Security Testing (DAST) enablement with DAST Operations teams and ensure pipelines block releases on critical findings.
  • Triage security findings, create remediation workflows in Jira, track fixes against Service Level Agreements (SLAs), and escalate delays proactively.
  • Maintain and publish vulnerability dashboards using Jira, Confluence, and Apiiro.
  • Enable secure development practices by delivering developer training and supporting Security Champions programs.
  • Conduct security assessments of third-party and Software-as-a-Service (SaaS) applications.

    • Skills and Experience

  • 8-10 years of hands-on experience in Application Security and SSDLC operations.
  • Strong practical experience with Apiiro, GitHub Advanced Security (CodeQL, secrets scanning), Checkmarx, and Jira/Confluence.
  • Proven expertise in CI/CD pipelines using GitHub Actions, including SAST, SCA, and DAST integrations.
  • Expertise in coordinating with security tool vendors and external partners.
  • Efficiently coach and guide developers across Java, .NET, JavaScript, and Python technology stacks.

    • Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application