Application Security
Tata Consultancy Services · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India - Mumbai, Maharashtra, India
Tata Consultancy Services · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India - Mumbai, Maharashtra, India
**About the Role** We are seeking an **Application Security Consultant** to join our growing security team. You will perform security assessments and conduct SAST-driven code reviews to identify and validate security vulnerabilities in modern applications. You will work closely with development teams to prioritize findings and guide remediation efforts. This role requires secure coding knowledge, analytical thinking, and hands-on experience with security testing tools, scripting, and manual code validation. **Key Responsibilities** **Security Assessment & Code Review** - Perform application security assessments across backend, frontend, and API environments - Conduct secure code reviews using SAST tools (Snyk, Checkmarx) and manual analysis to validate findings and distinguish true positives from false positives - Identify vulnerabilities aligned with OWASP Top 10 and API Top 10 - Provide clear, actionable remediation guidance to developers **Remediation Tracking & Developer Support** - Work with development teams to implement fixes and track remediation efforts - Create vulnerability assessments, remediation guidance, and knowledge base articles - Support development teams in effectively using application security testing tools - Maintain operation manuals and documentation **Tool Management & Governance** - Support enforcement of SAST policies and compliance with security requirements - Manage and optimize SAST tools; maintain tool hygiene and data quality - Track and report on vulnerability metrics, remediation status, and security trends **Security Program Evolution** - Contribute to secure SDLC practices and internal security standards - Research emerging threats in web, API, and modern application architectures - Partner with developers, DevOps, and security teams to embed secure design and secure coding practices into the SDLC - Proactively identify gaps in tool coverage and security processes **Technologies in Scope** The Application Security Consultant will perform security assessments across a full-stack technology environment, including: - **Backend / Core Languages:** Python, Java, C/ C# / .NET, Go, Ruby, PHP, node.js - **Frontend Languages & Libraries:** JavaScript, React, Angular, Vue.js The role also requires the ability to research and assess security risks in legacy, unsupported, or less common technologies encountered in different environments. **Required Qualifications** - 35+ years of experience in Application Security, Security Assessments, or Software Development with a security focus - Strong understanding of common vulnerability classes (e.g., injection, broken authentication, access control, cryptographic issues) - Ability to script or program to validate findings, automate tasks, or create small security tools - Hands-on experience with at least one SAST tool (e.g., Snyk, Checkmarx, Fortify, Semgrep) - Experience reviewing code in at least two modern programming languages - Understanding of CI/CD, DevOps and DevSecOps approaches and experience working with DevOps tools - Strong analytical and problem-solving skills **Nice to Have** - Experience supporting SCA/DAST tools, especially in a role responsible for triaging findings and refining scanning rules. - Experience reviewing APIs and microservices architectures - Familiarity with cloud security principles and best practices - Experience support threat modeling and security design review activities - Familiarity with security and compliance frameworks (e.g., OWASP ASVS, NIST, ISO 27001, PCI Security Standards Council standards) - Exposure to **Agentic AI or LLM agents** and their security considerations **Soft Skills** - Rigorous attention to detail in vulnerability assessment and triage - Excellent communication skills—able to explain complex security findings to technical and non-technical audiences - Strong organizational abilities for managing vulnerability data and remediation workflows - Collaborative problem-solver with a cross-functional mindset - Self-motivated learner who stays current with emerging security threats