Technical Lead Application Security

Job description

Technical Lead – Application Security
Location: Mumbai, India (Onsite)
Experience Required: 20+ years (Application security + AI/ML security)
Compensation: As per industry benchmarks
Employment Type: Full-Time | Permanent
Role Overview
We are hiring a Techno Managerial Lead – Application Security to join our CISO team in
Mumbai.

This is a critical, hands-on leadership role that blends strategic oversight with deep
technical expertise in application security.

The ideal candidate will spearhead security testing
of applications, evangelize secure software development practices, lead secure code reviews,
and collaborate across teams to embed security into the software development lifecycle (SDLC).
Key Responsibilities
• Strategic Leadership:
✓ Define and evolve the bank’s application security strategy and roadmap including
AI/ML and LLM security testing.
✓ Align security initiatives with business goals and regulatory requirements.
• Technical Execution:
✓ Lead secure SDLC integration across development teams(including DevSecOps) of
security testing tools.
✓ Oversee application security tools & processes for SAST, SCA DAST, Code Review
across diverse technologies such as Web, Mobile, API etc.
✓ Participate and provide expert opinion in secure architecture design reviews for
critical applications.
✓ Ensure periodic refresh of test cases catalogue against bank specific use-cases,
emerging threats & global frameworks.
✓ Define, publish, and govern policies, secure coding standards, and open-source usage
guidelines.
✓ Leverage AI security tools for scanning, fuzzing, and penetration testing of AI models.
✓ Apply best practices from OWASP Top 10 for ML/LLMs, MITRE ATLAS, NIST AI RMF,
and ISO/IEC 42001 to test AI/ML assets.
✓ Stay informed about emerging threats and security trends in AI/ML technologies, and
provide recommendations for enhancing security posture.
✓ Ensure AI model security testing framework aligns with internal policy, national
regulatory requirements, and global best practices.
Classification - Internal
Classification - Internal
✓ Plan and execute security tests for AI/LLM systems, including jailbreaking, RAG
hardening,
• Program Management:
✓ Build and lead a high-performing AppSec team for pre-golive security testing as well as
post-go live testing of scoped applications through structured calendar program.
✓ Develop and track KPIs and metrics to measure program effectiveness.
✓ Manage vendor relationships and maintain centralized governance across application
security, source code review, open source, and AI Security programs.
✓ Drive compliance with internal and regulatory requirements through periodic security
testing and reporting.
• Stakeholder Engagement:
✓ Collaborate with engineering, risk, development, DevOps, risk, and compliance teams.
✓ Provide executive-level reporting and risk insights.
✓ Build and expand a security-first development culture through continuous secure
coding training, workshops, and security champion’s programme to promote security
awareness and advocacy within development teams
Required Skills & Experience
• 20 years of experience in cybersecurity, with at least 15 years in application security
program management, development & testing (SAST/DAST/SCA) and minimum 5 years in
leadership roles.
• Proven track record of managing large-scale AppSec programs in BFSI or regulated
environments.
• Experience in dealing with regulatory bodies and response.
• Hands-on experience with secure coding, manual application penetration testing, and
DevSecOps practices.
• Experience working with cloud-native applications and microservices architectures.
• Deep understanding of OWASP Top 10 for Web, Mobile and API and their corresponding
OWASP Testing guides, CWE and OWASP developer guide and other secure coding
standards.
• Proficiency in security tools: Fortify, Checkmarx, Veracode, MobSF, Frida, Xposed
Framework, Cydia, JDgui, Burp Suite, etc.
• Strong programming background (Java, .NET, Python, etc.) would be an added advantage.
• Familiarity with CI/CD pipelines and integrating security into DevOps.
• Hands-on experience with AI/ML security or secure MLOps/LLMOps
• Proficient in Python, TensorFlow/PyTorch, HuggingFace, LangChain, and common data
science libraries
• Strong understanding of AI-specific threat models (MITRE ATLAS) and security
benchmarks (OWASP Top 10 for ML/LLMs)
• Excellent communication, leadership, and stakeholder management skills.
• Ability to translate technical risks into business impact clearly to non-technical
stakeholders
Classification - Internal
Classification - Internal
Qualifications and Certifications
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• Certifications: CISA, CISM, CISSP, CSSLP, OSCP, OSWA, OSWE, SANS WAPT SEC542, Cloud
Security, ML Security, or relevant AI/ML certificates
• Why Join Us?
✓ Work on mission-critical security initiatives in a high-impact role.
✓ Be part of a forward-thinking cybersecurity team in a leading financial institution.
✓ Opportunity to shape the future of secure banking applications.

Required Skill Profession

Other General