Engineer III - DevSec at Wipfli CPA Consultants
Bengaluru, karnataka, India -
Full Time


Start Date

Immediate

Expiry Date

27 Sep, 26

Salary

0.0

Posted On

29 Jun, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Secure Application Development, Azure Security Engineering, DevSecOps, Secure Coding Practices, SAST/DAST, Azure AD, RBAC, Threat Modelling, CI/CD Pipelines, Terraform, PowerShell, Python, Microsoft Defender, Azure Sentinel, OAuth, OpenID Connect

Industry

Business Consulting and Services

Description
Overview Position: Engineer III - DevSecOps (6 to 10 years of experience in Secure Application Development & Azure Security Engineering) Type: Full Time Employee (FTE) Job Summary: We are seeking a highly skilled and experienced Security Development Engineer (SecDev Engineer – III) to design, develop, and secure enterprise-grade products and solutions built on Microsoft technologies. This role demands expertise in secure software development, DevSecOps practices, and cloud security, with a strong focus on embedding security into the development lifecycle. You will play a critical role in ensuring secure, scalable, and resilient application development across our platforms. Key responsibilities: • Design, develop, and maintain secure applications across cloud and on-prem environments. • Implement secure coding practices and integrate security into the SDLC (DevSecOps). • Perform code reviews, vulnerability assessments, and remediation. • Build and manage secure CI/CD pipelines with integrated security controls. • Design and implement Azure cloud security controls. • Implement identity and access management (Azure AD, RBAC). • Perform threat modelling and risk assessments. • Improve monitoring and threat detection capabilities. • Collaborate with DevOps, InfraOps, and Security teams. • Mentor junior engineers and contribute to documentation. Technology skills, Competencies and Experience: Application & Security Engineering: • .NET / API / web application security experience • Secure coding practices (OWASP Top 10) • Experience with SAST, DAST tools • Strong understanding and Experience in executing a Security Software Development lifecycle • Gathering/Identifying Security and Privacy requirements • Performing Security and Privacy Risk Assessments in support of the development process• Providing guidance on controls and mitigations for reported security issues • Experience protecting sensitive data and vulnerabilities on Cloud resources • Hands-on experience with web application penetration testing • Excellent communication – verbal and written • Leadership qualities including self-accountability, work-prioritization, meeting facilitation, time management, team co-ordination Cloud & Microsoft Stack: • Azure IaaS and PaaS services • App Services, Functions, Key Vault, Networking,Logic apps Identity & Access Management: • Azure AD, RBAC, Conditional Access • OAuth and OpenID Connect DevSecOps & Automation: • Azure DevOps / GitHub Actions / Jenkins • Infrastructure as Code (Terraform, ARM, Bicep) Monitoring & Threat Detection: • Microsoft Defender, Azure Sentinel (preferred) • Log analysis and alert response Scripting & Automation: • PowerShell • Python / Bash (preferred) Qualification: • Bachelor’s degree in Computer Science, Information Technology, or a related field. Experience: • 6 to 10 years of overall IT experience. • 3–5 years in application security, cloud security, or DevSecOps. • Experience in enterprise product or solution development preferred. Nice to have: • Azure security certifications (AZ-500, SC-200, SC-300) • Knowledge of threat modeling frameworks (STRIDE, MITRE) • Experience in API security • Experience in GenAI related solutioning for security review • Integrate AI-enabled security tools into CI/CD pipelines to support continuous security validation No. of positions: 01 Work location: Wipfli India, Bengaluru

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities
Design and develop secure enterprise-grade products using Microsoft technologies and Azure cloud security controls. Implement DevSecOps practices by integrating security into the SDLC and managing secure CI/CD pipelines.
Loading...