CrawlJobs Logo

Application Security DevSecOps Specialist

nttdata.com Logo

NTT DATA

Location Icon

Location:
Romania , Brasov

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Application Security DevSecOps Specialist will play a vital role in integrating security into the software development lifecycle. This position requires a bachelor’s degree in Cybersecurity, Computer Science, or Software Engineering, along with 3-5 years of experience in application security engineering. The ideal candidate will have proficiency in multiple programming languages and extensive experience with application security tools. Responsibilities include conducting security assessments, mentoring engineers, and designing security automation within CI/CD workflows.

Job Responsibility:

  • Incorporate security controls and standards into all phases of the software development lifecycle (SDLC)
  • Collaborate with developers to adopt secure coding practices, including OWASP compliance
  • Conduct threat modeling and evaluate design documents to identify security vulnerabilities
  • Establish security requirements and acceptance criteria for application development projects
  • Design and implement security automation within CI/CD workflows using tools for SAST, DAST, IAST, SCA and compliance monitoring
  • Develop custom security testing frameworks compatible with agile and DevSecOps models
  • Conduct infrastructure-as-code (IaC) configuration checks and enforce compliance policies
  • Automate secrets scanning, credential hygiene practices, and dependency vulnerability reviews
  • Execute static (SAST) and dynamic (DAST) application security assessments
  • Perform manual penetration testing and secure code reviews to detect risks
  • Analyze application dependencies and third-party components, ensuring vulnerability remediation
  • Validate security fixes via rigorous regression testing and secure deployment methods
  • Prepare training initiatives for developers on secure coding practices, application security principles, and DevSecOps workflows
  • Create and disseminate security documentation, guidelines, and playbooks for developers and architects
  • Mentor engineers to adopt security-first product development and incident prevention strategies
  • Establish and support developer security champion programmes within agile teams
  • Implement robust security controls for containerized workloads in Docker, Kubernetes, and similar platforms
  • Design and secure API endpoints and microservices architectures
  • Leverage cloud security services on AWS, Azure, or GCP to deliver secure, scalable solutions
  • Advocate for best practices in secret management, repository vaulting, and cloud-native application monitoring

Requirements:

  • Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience
  • Minimum 3-5 years of experience in application security engineering
  • Familiarity with implementing container security policies and securing high-performance CI/CD development ecosystems
  • Proficiency in multiple programming languages (e.g., Java, Python, JavaScript, Go, .NET)
  • Extensive experience deploying application security tools like SonarQube, Checkmarx, Veracode, OWASP ZAP
  • Expertise in CI/CD tools and platforms (e.g., Jenkins, GitHub Actions, Azure DevOps)
  • Solid understanding of container orchestration technologies (e.g., Kubernetes, Docker)
  • Familiarity with cloud platforms (AWS, Azure, GCP) and IaC assessment tools (Terraform, CloudFormation)
  • Advanced knowledge of the OWASP Top 10 vulnerabilities, secure coding techniques, and cryptographic best practices
  • Proficiency in API security testing and securing microservices
  • Hands-on involvement in framework-based security compliance efforts (ISO 27001, GDPR, SOC 2)
  • Exceptional collaboration and communication abilities when interfacing with software teams
  • Strong problem-solving mindset to balance security priorities in fast-paced DevOps environments
  • Capable of delivering security-focused workshops and team mentoring
  • Must meet UK SC Clearance eligibility guidelines
  • Excellent command of both spoken and written English

Nice to have:

  • Preferred certifications include CSSLP, GWEB, or a Certified DevSecOps Engineer qualification
  • AWS / Azure / GCP Security specialization certifications are advantageous
What we offer:
  • Smooth integration and a supportive mentor
  • Choose from Remote, Hybrid or Office work opportunities
  • Projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions or joining our accredited Coaching School
  • Epic parties or themed events

Additional Information:

Job Posted:
January 24, 2026

Work Type:
Remote work
Icon
NTT DATA - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Application Security DevSecOps Specialist

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in sa...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent professional experience)
  • Minimum 7 years of experience in information security, IT risk management, or cybersecurity compliance, preferably in a federal or state agency environment
  • Demonstrated experience applying and interpreting NIST 800-53, OWASP, and DISA STIGs in real-world projects
  • Strong hands-on technical background in networking, system administration, or software development
  • Proficiency with SIEM tools—especially Splunk—for event correlation, alerting, and compliance reporting
  • Familiarity with Agile development environments and DevSecOps principles
  • Strong written and verbal communication skills, with the ability to create reports and briefings for technical and non-technical stakeholders
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical controls throughout the system development lifecycle (SDLC)
  • Identify and assess emerging security risks, weaknesses, and vulnerabilities associated with infrastructure, applications, and operations
  • Collaborate with developers and engineers to ensure identified risks are mitigated and documented effectively
  • Ensure compliance with federal and industry security standards including NIST SP 800-53, OWASP Top 10, Common Criteria, DISA STIGs, and SANS Institute recommendations
  • Support and contribute to Authorization to Operate (ATO) packages, including preparation of SSPs, POA&Ms, and continuous monitoring (ConMon) artifacts
  • Advise on policy alignment and security architecture improvements to support secure Agile delivery
  • Apply technical knowledge of networking, system administration, and development to assess the security posture of enterprise environments
  • Utilize Splunk to perform audit log analysis, generate system alerts, and support threat hunting and incident response activities
  • Recommend and implement automated logging, monitoring, and security reporting processes
  • Engage proactively with Agile development teams, product owners, and ISSOs to embed security into project planning and delivery
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Technical Security Consultant

We are looking for a Technical Security Consultants to work as part of our Secur...
Location
Location
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Technical background, with knowledge of one or more of the following, Development, IT support, Data Science, networking or system administration
  • Experience of conducting risk assessments, threat models or security consulting for Generative AI systems
  • Deep knowledge and understanding of Cloud migration and Application Security development lifecycle and DevSecOps principles, automation, and familiarity with security architecture modelling
  • Knowledge and experience of securing Azure and/or Google Cloud Platforms
  • Knowledge and experience of using at least one risk methodology
  • Security Software as a Service implementations
  • Strong stakeholder management and communication skills and a proven track record of working with businesses to meet strategic objectives
  • Ability to discuss highly complex and technical problems and solutions in business language
  • Experienced in cyber security frameworks such as NIST, CIS20, MITRE Attack and STRIDE
Job Responsibility
Job Responsibility
  • Understand the Strategic Business Objectives, actively contribute to achieving them
  • Provide technical security consultancy to the change delivery functions – agile & waterfall
  • Assess security posture in CI/CD pipelines and support improvement
  • Support the Security Champions Programme and DevSecOps
  • Understand and deliver security assessments, threat modelling and security consultancy for Generative AI and Machine Learning
  • Liaise and collaborate with technical stakeholders within Agile Tribes, Projects, and Programmes
  • Assess changes for technical vulnerabilities, threat models, assess security risk exposure, and identify appropriate controls to bring the risk within tolerance
  • Engage effectively with specialists in Security Architecture, Security Operations, Security Culture, Security Delivery, and Security Risk and Governance teams to ensure completeness and consistency of the advice provided to delivery functions
  • Perform design reviews to ensure security principles and controls are included from design phase
  • Ensure advice provided is of a high standard and based on best practice, supported by Security Leadership and withing the cost and risk tolerance of the organisation
What we offer
What we offer
  • Everyone receives 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays)
  • You also have the option to buy or sell up to an additional five days of annual leave
  • Share package
  • Career growth and development opportunities
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Annual Holiday Allowance
  • Flexible Working
  • Simply Health
  • Fulltime
Read More
Arrow Right

Application Security Assurance Specialist - Principal

The Application Security Assurance Specialist - Principal is tasked with oversee...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ Years experience in providing technical expertise in managing security frameworks and tools (SAST, DAST, SCA, container security, etc.)
  • Advanced knowledge of application lifecycle management methodologies (Waterfall, Agile, DevSecOps, CI/CD)
  • Strong understanding of compliance with standards such as OWASP Top 10, NIST CSF, and CIS Controls
  • Demonstrated ability to lead security assurance initiatives across complex development environments
  • Proficiency in designing and executing technical assessments and risk evaluations
  • Familiarity with AI-driven application and security testing tools and their integration within pipelines
  • Professional certifications such as CISSP, CSSLP, or similar
  • Experience in development enablement through the creation of secure coding frameworks and tools for automated quality assurance
Job Responsibility
Job Responsibility
  • Define and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standards
  • Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environments
  • Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software delivery
  • Conduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standards
  • Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post-assessment
  • Collaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocity
  • Provide expert-level recommendations on the refinement of automation processes, risk mitigation strategies, and the deployment of compensating controls where necessary
  • Evaluate emerging technologies and leverage AI-driven application security tools to optimise assurance activities
  • Partner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational priorities
  • Actively engage in the training of development teams, fostering a culture of security awareness and empowering stakeholders to implement best practices
What we offer
What we offer
  • We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Our Learning and Development team ensure that there are continuous growth and development opportunities for our people
  • We also offer the opportunity to have flexible work options
Read More
Arrow Right

Cyber Security Devsecops Specialist

The DevSecOps Specialist will be crucial in integrating security practices withi...
Location
Location
Congo, the Democratic Republic of the , Kinshasa
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 3-5 years of experience in Cyber Security
  • Bachelor's degree in computer science, information technology, cyber security, or a related field
  • Security-related certifications such as DevOps Institute's DevSecOps Foundation
  • Certified Kubernetes Security Specialist (CKS)
  • AWS, Azure, or GCP Certified DevOps Engineer
  • Strong knowledge of cyber security principles and best practices
  • Exposure to DevSecOps Standards and Frameworks such as NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CIS Controls, and OWASP Top Ten
  • Well-versed in DevOps and DevSecOps frameworks, such as the DevOps Institute's DevSecOps Foundation, and thoroughly understand Continuous Integration and Continuous Delivery (CI/CD) best practices
  • Strong collaboration and communication skills, with the ability to work effectively across development, operations, and security teams
  • Problem-solving and critical thinking are essential, including analytical skills to identify security vulnerabilities and threats and strategic thinking to implement effective security solutions
Job Responsibility
Job Responsibility
  • Identify security risks through threat modelling, develop robust mitigation strategies, and implement advanced security measures throughout the software development lifecycle
  • Application threat modelling, assessing code and applications to ensure they are vulnerability-free before being shipped to production environments
  • Maintaining the security of application or APIs throughout the product lifecycle
  • Monitoring and securing the CI/CD pipeline, conducting comprehensive security audits, responding to and investigating security incidents, and establishing/enforcing stringent security protocols
  • Provide security expertise to development and operations teams, fostering a culture of security awareness and adherence to best practices
  • Staying current on the latest cyber threats and security technologies
Read More
Arrow Right

Application Security Specialist

Join us as an Application Security Specialist for Barclays, where you will play ...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong development experience in at least one ecosystem (e.g. Java (Spring), .NET, GoLang)
  • Expertise in cloud-native development security, container orchestration (e.g. Kubernetes), and infrastructure-as-code tools such as Terraform and Helm
  • Advanced knowledge of API and mobile security, including common vulnerabilities and mitigation techniques
Job Responsibility
Job Responsibility
  • Development and execution of assessments, audits, and threat models to identify vulnerabilities within the banks systems, applications and servers using penetration tools and techniques, and communicate key findings and recommendations to stakeholders
  • Collaboration with stakeholders and IT teams to identify emerging cyber-attack techniques, tools and technologies and to support the development of penetration testing methodologies
  • Development and maintenance of comprehensive documents and reports for senior stakeholders on penetration test findings, and remediation guidance
  • Collaboration with stakeholders to understand their security requirements and controls in business processes, application/services, to enhance overall security posture and assurance
  • Identification of emerging vulnerabilities, exploit codes and cyber-attacks to develop testing methodologies and assurance activities
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Secure by Design Expert

We are seeking a Secure by Design Expert to join our Global Cyber Security UK te...
Location
Location
Romania , Iasi
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Degree in telecommunications, computer science, or equivalent
  • Strong understanding of security architecture, risk management principles, and data privacy legislation
  • Hands-on experience with IT & Digital technologies including application security, mobile apps, cloud infrastructure, and network security
  • Ability to scope penetration tests and guide remediation of vulnerabilities
  • Excellent communication skills to explain complex security requirements in simple terms
  • Knowledge of security standards such as ISO27001, TSR, and PCI-DSS is desirable
  • Technical certifications (e.g., CISSP, SCCP) are an advantage
Job Responsibility
Job Responsibility
  • Perform Secure by Design assessments and provide consultancy to projects and business areas
  • Embed effective security practices into IT & Digital processes
  • Deliver cyber security guidance, design input, and review/approval of connectivity across Vodafone networks
  • Specify and oversee security testing, ensuring vulnerabilities are remediated
  • Identify and manage cyber security risks, ensuring compliance with Vodafone policies and UK Telecommunications Security Act
  • Influence stakeholders and maintain strong relationships across business functions
  • Provide technical leadership and task direction to Secure by Design Specialists and Cyber Security Champions
What we offer
What we offer
  • Hybrid way of working: 2 days per week/ 8 per month
  • Medical and dental services
  • Life and hospitalization insurance
  • Dedicated employee phone subscription
  • Take control of your benefits and choose any of the below options: MEAL TICKETS/ PRIVATE PENSION/VACATION VOUCHERS/ CULTURAL VOUCHERS within the budget
  • Special discounts for gyms and retailers
  • Annual Company Bonus
  • Ongoing Education – we continuously invest in you to ensure you have everything needed to excel on the job and enhance your skills
  • You get to work with tried and trusted web-technology
  • We let you write your own story by planning vacations: go for a trip, experience new things, have fun and enjoy your 23 days off
  • Fulltime
Read More
Arrow Right

Vulnerability Management Specialist

At ArrowSphere Cloud, we are shaping the future of secure digital ecosystems. As...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
arrow.com Logo
Arrow Electronics
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in application or dev security
  • Strong understanding of modern web technologies and CI/CD pipelines
  • Hands-on experience with scanning tools (e.g., Burp, SonarQube, Snyk, or similar)
  • Familiarity with programming languages and logics
  • Ability to communicate findings clearly to technical and non-technical teams
Job Responsibility
Job Responsibility
  • Identify, validate, and prioritize vulnerabilities from scans, tests, and research
  • Collaborate with development team to provide contextual risk assessments
  • Monitor and manage dependency risks (e.g., npm audit, third-party libraries)
  • Support integration and optimization of security tools (SAST, DAST, dependency scanners)
  • Track and follow up on remediation progress
  • Contribute to threat modeling and risk assessments for new features
  • Stay up to date with evolving threats (CVEs, OWASP, MITRE ATT&CK)
  • Fulltime
Read More
Arrow Right

Cyber Security Specialist

We’re looking for a Cyber Security Specialist (SIEM Engineering) to join our div...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
auspost.com.au Logo
Australia Post
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years’ experience working with SIEM technologies
  • Strong experience in detection engineering and threat use‑case development
  • Building data ingestion pipelines, DCRs, ETL, Codeless Connectors and Syslog
  • Strong KQL capability (queries, detections, dashboards)
  • Knowledge of frameworks such as MITRE ATT&CK and NIST
  • Automation using platforms like SOAR, Logic Apps etc
  • DevSecOps and CI/CD pipelines
  • Detection‑as‑Code (ARM / Bicep)
  • Scripting (e.g. Python, SQL)
Job Responsibility
Job Responsibility
  • Support and enhance the SIEM platform, ensuring availability, performance and data quality
  • Design and build log ingestion and ETL pipelines to onboard data from diverse platforms and applications
  • Engineer, tune and maintain detections, correlation rules, alerts and dashboards aligned to threat use cases
  • Apply threat intelligence and threat landscape knowledge to detection engineering
  • Build automation and improve operational processes across Threat Detection & Response
  • Work closely with internal technology teams to ensure end‑to‑end detection validity from source to alert
What we offer
What we offer
  • Enterprise‑scale impact – Work on SIEM and detection capability covering IT and OT environments
  • Transformation work – Be part of major, multi‑year cyber security programs
  • Career growth and opportunities – Expand your skills
  • Hybrid ways of working
  • Fulltime
Read More
Arrow Right
Remote jobs Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog Salaries Tools About Us FAQ Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy