CrawlJobs Logo
NTT DATA Logo NTT DATA · IT - Software Development

Application Security DevSecOps Specialist

Romania, Brasov · Job Posted January 24, 2026
Apply Position
Job Link Share

Job Description

The Application Security DevSecOps Specialist will play a vital role in integrating security into the software development lifecycle. This position requires a bachelor’s degree in Cybersecurity, Computer Science, or Software Engineering, along with 3-5 years of experience in application security engineering. The ideal candidate will have proficiency in multiple programming languages and extensive experience with application security tools. Responsibilities include conducting security assessments, mentoring engineers, and designing security automation within CI/CD workflows.

Job Responsibility

  • Incorporate security controls and standards into all phases of the software development lifecycle (SDLC)
  • Collaborate with developers to adopt secure coding practices, including OWASP compliance
  • Conduct threat modeling and evaluate design documents to identify security vulnerabilities
  • Establish security requirements and acceptance criteria for application development projects
  • Design and implement security automation within CI/CD workflows using tools for SAST, DAST, IAST, SCA and compliance monitoring
  • Develop custom security testing frameworks compatible with agile and DevSecOps models
  • Conduct infrastructure-as-code (IaC) configuration checks and enforce compliance policies
  • Automate secrets scanning, credential hygiene practices, and dependency vulnerability reviews
  • Execute static (SAST) and dynamic (DAST) application security assessments
  • Perform manual penetration testing and secure code reviews to detect risks
  • Analyze application dependencies and third-party components, ensuring vulnerability remediation
  • Validate security fixes via rigorous regression testing and secure deployment methods
  • Prepare training initiatives for developers on secure coding practices, application security principles, and DevSecOps workflows
  • Create and disseminate security documentation, guidelines, and playbooks for developers and architects
  • Mentor engineers to adopt security-first product development and incident prevention strategies
  • Establish and support developer security champion programmes within agile teams
  • Implement robust security controls for containerized workloads in Docker, Kubernetes, and similar platforms
  • Design and secure API endpoints and microservices architectures
  • Leverage cloud security services on AWS, Azure, or GCP to deliver secure, scalable solutions
  • Advocate for best practices in secret management, repository vaulting, and cloud-native application monitoring

Requirements

  • Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience
  • Minimum 3-5 years of experience in application security engineering
  • Familiarity with implementing container security policies and securing high-performance CI/CD development ecosystems
  • Proficiency in multiple programming languages (e.g., Java, Python, JavaScript, Go, .NET)
  • Extensive experience deploying application security tools like SonarQube, Checkmarx, Veracode, OWASP ZAP
  • Expertise in CI/CD tools and platforms (e.g., Jenkins, GitHub Actions, Azure DevOps)
  • Solid understanding of container orchestration technologies (e.g., Kubernetes, Docker)
  • Familiarity with cloud platforms (AWS, Azure, GCP) and IaC assessment tools (Terraform, CloudFormation)
  • Advanced knowledge of the OWASP Top 10 vulnerabilities, secure coding techniques, and cryptographic best practices
  • Proficiency in API security testing and securing microservices
  • Hands-on involvement in framework-based security compliance efforts (ISO 27001, GDPR, SOC 2)
  • Exceptional collaboration and communication abilities when interfacing with software teams
  • Strong problem-solving mindset to balance security priorities in fast-paced DevOps environments
  • Capable of delivering security-focused workshops and team mentoring
  • Must meet UK SC Clearance eligibility guidelines
  • Excellent command of both spoken and written English

Nice to have

  • Preferred certifications include CSSLP, GWEB, or a Certified DevSecOps Engineer qualification
  • AWS / Azure / GCP Security specialization certifications are advantageous

What we offer

  • Smooth integration and a supportive mentor
  • Choose from Remote, Hybrid or Office work opportunities
  • Projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions or joining our accredited Coaching School
  • Epic parties or themed events
NTT DATA - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Application Security DevSecOps Specialist

8 matching positions

Application Security Specialist

Join us as an Application Security Specialist for Barclays, where you will play ...
Location
Location
United States , Whippany
Salary
Salary:
175000.00 - 225000.00 USD / Year
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive development experience in at least one ecosystem (e.g. Java (Spring), .NET, GoLang)
  • Experience in cloud-native development security, container orchestration (e.g. Kubernetes), and infrastructure-as-code tools such as Terraform and Helm
  • Advanced knowledge of API and mobile security, including common vulnerabilities and mitigation techniques
Job Responsibility
Job Responsibility
  • Lead the hands-on delivery and continuous enhancement of the firm's DevSecOps and Application Security programs
  • Embed security controls across the software development lifecycle, integrating guidance directly into developer workflows
  • Partner with engineering and security stakeholders to scale modern, developer-centric security capabilities that enable secure innovation
  • Development and execution of assessments, audits, and threat models to identify vulnerabilities within the banks systems, applications and servers using penetration tools and techniques, and communicate key findings and recommendations to stakeholders
  • Collaboration with stakeholders and IT teams to identify emerging cyber-attack techniques, tools and technologies and to support the development of penetration testing methodologies
  • Development and maintenance of comprehensive documents and reports for senior stakeholders on penetration test findings, and remediation guidance
  • Collaboration with stakeholders to understand their security requirements and controls in business processes, application/services, to enhance overall security posture and assurance
  • Identification of emerging vulnerabilities, exploit codes and cyber-attacks to develop testing methodologies and assurance activities
What we offer
What we offer
  • Medical
  • Dental
  • Vision coverage
  • 401(k)
  • Life insurance
  • Other paid leave for qualifying circumstances
  • Incentive award
  • Competitive holiday allowance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Cyber Security Devsecops Specialist

The DevSecOps Specialist will be crucial in integrating security practices withi...
Location
Location
Congo, the Democratic Republic of the , Kinshasa
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 3-5 years of experience in Cyber Security
  • Bachelor's degree in computer science, information technology, cyber security, or a related field
  • Security-related certifications such as DevOps Institute's DevSecOps Foundation
  • Certified Kubernetes Security Specialist (CKS)
  • AWS, Azure, or GCP Certified DevOps Engineer
  • Strong knowledge of cyber security principles and best practices
  • Exposure to DevSecOps Standards and Frameworks such as NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CIS Controls, and OWASP Top Ten
  • Well-versed in DevOps and DevSecOps frameworks, such as the DevOps Institute's DevSecOps Foundation, and thoroughly understand Continuous Integration and Continuous Delivery (CI/CD) best practices
  • Strong collaboration and communication skills, with the ability to work effectively across development, operations, and security teams
  • Problem-solving and critical thinking are essential, including analytical skills to identify security vulnerabilities and threats and strategic thinking to implement effective security solutions
Job Responsibility
Job Responsibility
  • Identify security risks through threat modelling, develop robust mitigation strategies, and implement advanced security measures throughout the software development lifecycle
  • Application threat modelling, assessing code and applications to ensure they are vulnerability-free before being shipped to production environments
  • Maintaining the security of application or APIs throughout the product lifecycle
  • Monitoring and securing the CI/CD pipeline, conducting comprehensive security audits, responding to and investigating security incidents, and establishing/enforcing stringent security protocols
  • Provide security expertise to development and operations teams, fostering a culture of security awareness and adherence to best practices
  • Staying current on the latest cyber threats and security technologies
Read More
Arrow Right

Cyber Security Specialist

We’re looking for a Cyber Security Specialist (SIEM Engineering) to join our div...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
auspost.com.au Logo
Australia Post
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years’ experience working with SIEM technologies
  • Strong experience in detection engineering and threat use‑case development
  • Building data ingestion pipelines, DCRs, ETL, Codeless Connectors and Syslog
  • Strong KQL capability (queries, detections, dashboards)
  • Knowledge of frameworks such as MITRE ATT&CK and NIST
  • Automation using platforms like SOAR, Logic Apps etc
  • DevSecOps and CI/CD pipelines
  • Detection‑as‑Code (ARM / Bicep)
  • Scripting (e.g. Python, SQL)
Job Responsibility
Job Responsibility
  • Support and enhance the SIEM platform, ensuring availability, performance and data quality
  • Design and build log ingestion and ETL pipelines to onboard data from diverse platforms and applications
  • Engineer, tune and maintain detections, correlation rules, alerts and dashboards aligned to threat use cases
  • Apply threat intelligence and threat landscape knowledge to detection engineering
  • Build automation and improve operational processes across Threat Detection & Response
  • Work closely with internal technology teams to ensure end‑to‑end detection validity from source to alert
What we offer
What we offer
  • Enterprise‑scale impact – Work on SIEM and detection capability covering IT and OT environments
  • Transformation work – Be part of major, multi‑year cyber security programs
  • Career growth and opportunities – Expand your skills
  • Hybrid ways of working
  • Fulltime
Read More
Arrow Right

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in sa...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent professional experience)
  • Minimum 7 years of experience in information security, IT risk management, or cybersecurity compliance, preferably in a federal or state agency environment
  • Demonstrated experience applying and interpreting NIST 800-53, OWASP, and DISA STIGs in real-world projects
  • Strong hands-on technical background in networking, system administration, or software development
  • Proficiency with SIEM tools—especially Splunk—for event correlation, alerting, and compliance reporting
  • Familiarity with Agile development environments and DevSecOps principles
  • Strong written and verbal communication skills, with the ability to create reports and briefings for technical and non-technical stakeholders
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical controls throughout the system development lifecycle (SDLC)
  • Identify and assess emerging security risks, weaknesses, and vulnerabilities associated with infrastructure, applications, and operations
  • Collaborate with developers and engineers to ensure identified risks are mitigated and documented effectively
  • Ensure compliance with federal and industry security standards including NIST SP 800-53, OWASP Top 10, Common Criteria, DISA STIGs, and SANS Institute recommendations
  • Support and contribute to Authorization to Operate (ATO) packages, including preparation of SSPs, POA&Ms, and continuous monitoring (ConMon) artifacts
  • Advise on policy alignment and security architecture improvements to support secure Agile delivery
  • Apply technical knowledge of networking, system administration, and development to assess the security posture of enterprise environments
  • Utilize Splunk to perform audit log analysis, generate system alerts, and support threat hunting and incident response activities
  • Recommend and implement automated logging, monitoring, and security reporting processes
  • Engage proactively with Agile development teams, product owners, and ISSOs to embed security into project planning and delivery
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Senior Security Engineer (Red Team Specialist)

We are seeking a highly skilled and experienced Senior Security Engineer Penetra...
Location
Location
Indonesia , Jakarta
Salary
Salary:
Not provided
Flip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field
  • Relevant certifications such as OSCP, OSCE, GPEN, or GXPN are highly desirable
  • Minimum of 5 years of hands-on experience in penetration testing (mobile applications {Android and iOS}, web applications, and API), red teaming, or ethical hacking, with a proven track record of identifying and exploiting vulnerabilities
  • Demonstrate a strong grasp of end-to-end SDLC, DevSecOps, and application development for web and mobile applications
  • Expertise in using various security testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, etc.) and manual techniques to conduct thorough security assessments
  • Proficiency in programming and scripting languages (e.g., Python, Go, Shell Script) to develop custom tools and automation scripts
  • Strong understanding of network protocols, operating systems, and common security technologies (SIEM, XDR/EDR, firewalls, IDS/IPS, WAFs, etc.)
  • In-depth knowledge of cybersecurity principles, attack vectors, and defense strategies. Familiarity with threat intelligence and risk assessment methodologies, OWASP, Cloud Security best practices
  • Excellent analytical and problem-solving abilities, with a proactive approach to identifying and mitigating security risks
  • Effective verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Lead and conduct penetration testing and red teaming activities against our organization's networks, applications, and physical security
  • Perform comprehensive security assessments to identify vulnerabilities and potential weaknesses
  • Develop realistic attack scenarios based on current threat intelligence and industry best practices
  • Simulate sophisticated attack techniques to identify gaps in our security controls and defenses
  • Conduct in-depth vulnerability assessments and risk analyses, utilizing various security testing tools and manual techniques
  • Provide detailed reports outlining identified vulnerabilities and recommended remediation actions
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and attack techniques
  • Continuously monitor emerging trends and industry developments to inform our security strategies
  • Collaborate with the security team and other stakeholders to review and improve our organization's security architecture, ensuring it aligns with industry standards and best practices
  • Assist the incident response team in handling cybersecurity incidents, performing forensic investigations, and providing expertise on the adversary's techniques and tactics
  • Fulltime
Read More
Arrow Right

Sr. Devops Engineer AWS

Location
Location
United States
Salary
Salary:
145000.00 - 165000.00 USD / Year
Megazone Cloud US
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor Degree or 10+ years of professional or military experience
  • 8+ years of experience as a technical specialist
  • 2+ years of hands-on experience of programming in languages such as Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented language
  • Experience with architecting and automating cloud native technologies, deploying applications, and provisioning infrastructure
  • Hands-on experience with Infrastructure as Code, using CloudFormation, Terraform, or other tools
  • Experience architecting cloud native CI/CD workflows and tools, such as Jenkins, Bamboo, TeamCity, Code Deploy (AWS) and/or GitLab
  • Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology
  • Experience with the full software development lifecycle and delivery using Agile practices
  • Experience with Chef, Puppet, Salt, or Ansible in production environments
  • Knowledge of IP networking, VPN's, DNS, load balancing and firewall
Job Responsibility
Job Responsibility
  • Advise customers on their DevOps journey, manage projects independently and also deliver as part of larger teams
  • Work with customers and partners internalizing their context while using your business and technical skills to design solutions based on requirements and constraints
  • Work towards customer business outcomes, ensuring there is a strong connection between delivery activities and business objectives
  • Own and complete key tasks and deliverables, and collaborate with others to define and implement optimal, complete solutions based on stakeholders needs
  • Guide customers’ technical and investments, maximizing alignment with the platform, and ease of adoption as new services and products become available
  • Design and deliver solutions that solve for new levels of complexity, scale and performance, and in turn, enable breakthrough innovations. Create and apply frameworks, methods, best practices and artifacts that deliver prescriptive guidance to customers, and publish and present them in large forums and across various media platforms
  • Experience with seamless/automated build scripts used for release management across all environments
  • Willingness to travel to client locations and deliver professional services
What we offer
What we offer
  • Discretionary bonus
  • Fulltime
Read More
Arrow Right

Azure Cloud Platform Engineering Manager

We are looking for an accomplished Azure Cloud Platform Engineering Manager to g...
Location
Location
United States , Bayport
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a related discipline
  • an advanced degree is preferred
  • At least 3 years of experience leading a cloud platform engineering and operations team
  • At least 7 years of people management experience within an enterprise IT environment
  • Strong hands-on knowledge of Microsoft Azure and core cloud architecture domains, including compute, storage, networking, databases, and security
  • Demonstrated experience with Infrastructure as Code, CI/CD pipelines, DevOps tooling, and DevSecOps methodologies
  • Solid understanding of identity and access management, Zero Trust concepts, cloud security controls, and incident response practices
  • Proven ability to lead cross-functional initiatives, adapt teams to evolving business demands, and communicate technical strategy to diverse stakeholders
Job Responsibility
Job Responsibility
  • Direct and develop a team of cloud engineers, platform specialists, and DevSecOps professionals, creating a high-performing environment focused on accountability and growth
  • Shape the cloud platform roadmap and align architecture decisions with organizational goals, application needs, and long-term technology plans
  • Lead the advancement of Azure-based infrastructure services, ensuring solutions are resilient, secure, scalable, and operationally effective
  • Establish and strengthen platform engineering practices through automation, reusable deployment patterns, Infrastructure as Code, and standardized CI/CD workflows
  • Oversee DevOps toolsets such as Azure DevOps and GitHub Actions to improve delivery consistency, deployment speed, and governance
  • Drive operational excellence by improving monitoring, incident response, change control, observability, and overall service reliability
  • Manage cloud spending through forecasting, subscription oversight, and FinOps-oriented optimization initiatives that balance cost, performance, and resource usage
  • Partner with product teams, security leaders, application owners, and other IT stakeholders to translate business needs into practical platform capabilities
  • Evaluate external providers and technology partners, maintaining effective vendor relationships and supporting sound platform investment decisions
Read More
Arrow Right

Devops Engineer AWS

Overview Application DevOps Engineer (L5) Key Responsibilites: Previous exper...
Location
Location
United States
Salary
Salary:
Not provided
Megazone Cloud US
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor Degree or 5+ years of professional or military experience
  • 5+ years of experience as a technical specialist
  • 2+ years of hands-on experience of programming in languages such as Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented language
  • Experience with automating cloud native technologies, deploying applications, and provisioning infrastructure
  • Hands-on experience with Infrastructure as Code, using CloudFormation, Terraform, or other tools
  • Experience developing cloud native CI/CD workflows and tools, such as Jenkins, Bamboo, TeamCity, Code Deploy (AWS) and/or GitLab
  • Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology
  • Experience with the full software development lifecycle and delivery using Agile practices
  • Experience with Chef, Puppet, Salt, or Ansible in production environments
  • Knowledge of IP networking, VPN's, DNS, load balancing and firewall
Job Responsibility
Job Responsibility
  • Previous experience in a lead DevOps role
  • Assist on larger projects or run smaller opportunities independently
  • Technical depth and hands-on implementation experience of various practices and tools in the DevOps toolchain
  • Comfortable rolling up their sleeves to design and code modules for infrastructure, application, and processes
  • Fulltime
Read More
Arrow Right