Lead I - Software Security Tester - DevSecOps Security - Trivandrum/Bangalore - UST

Key Responsibilities

• Design, build, and optimize end‑to‑end security‑integrated CI/CD pipelines using GitLab CI/CD.
• Implement and tune SAST solutions, primarily Semgrep, to detect code‑level vulnerabilities.
• Lead dynamic application security testing with Burp Suite and OWASP ZAP, ensuring comprehensive coverage.
• Manage Software Composition Analysis (SCA) and Software Bill of Materials (SBOM) processes to track third‑party risks.
• Collaborate with development, QA, and operations teams to embed security best practices into the SDLC.
• Provide mentorship and training on secure coding, testing tools, and DevSecOps principles.

Requirements

• 5–8 years of experience in DevSecOps, DevOps, or Security Engineering.
• Expertise in CI/CD pipeline engineering and security tool integration.
• Hands‑on experience with SAST (Semgrep), DAST (Burp Suite, OWASP ZAP), and SCA/SBOM tools.
• Strong understanding of application security fundamentals and secure coding practices.
• Excellent communication skills and ability to lead cross‑functional teams.