PwC
Website:
pwc.com
Job details:
At PwC, our cybersecurity teams help organizations reduce cyber risk by identifying vulnerabilities, designing secure systems, and deploying proactive controls to protect sensitive data. In this DevSecOps and Application Security role, you will secure cloud workloads across AWS, Azure, and GCP by applying cloud-native controls and using Terraform/IaC to provision compliant infrastructure. You will embed security across the SDLC by partnering with engineering teams on secure design and code reviews, and by automating testing and policy enforcement in CI/CD (SAST/DAST/SCA, secrets and dependency scanning), and API security. You will help define and implement DevSecOps frameworks (security gates, configuration management, and supply-chain protections such as dependency, secrets, and artifact integrity controls). You will also guide teams on remediation and secure coding practices, and continuously improve security maturity as threats and tooling evolve.
- The role combines hands-on delivery with strong collaboration, you will advise engineering teams, support remediation, and help build a security-first culture.
- Design scalable security processes and governance for private, hybrid, and multi-cloud environments (AppSec/DevSecOps aligned)
- Build and implement cloud, container, and application security strategy, including SSDLC practices
- Identify security vulnerabilities on web applications, infrastructure systems, network equipment, Wi-Fi systems, mobile applications, API, etc.
- Provision secure landing zones and cloud infrastructure using Terraform/IaC across AWS, Azure, and GCP
- Embed security scanning into CI/CD (IaC, images, secrets, SAST, DAST, dependency/SCA) including Pipeline Hardening, Artifact repository ( JFrog,Nexus) and Binary provenance
- Implement automated governance and policy enforcement (policy-as-code, tagging, preventive guardrails, CI/CD security gates, and CNAPP controls)
- Implement API security - API gateways security, OAuth and/JWT misconfigurations
- Conduct cloud security assessments, source code reviews to detect security flaws and propose mitigation/remediation plans
- Develop proof-of-concept (PoC) exploits for validated vulnerabilities.
- Harden software supply chain and runtime workloads (signing/integrity, access controls, configuration management, EDR/runtime protection)
- Enable monitoring and response by integrating logs with SIEM/SOAR and defining detection/remediation workflows
- Conduct posture assessments and security reviews (config, code, permissions, and logs) and coach teams on remediation
- Provide guidance/training and support continuous upskilling (cloud security and DevSecOps)
- Qualifications
- Proven experience in DevSecOps and Application Security technologies
- Experience working with cloud platforms such as AWS/Azure/GCP
- Strong understanding of secure SDLC, threat modeling, and vulnerability management.
- Hands-on experience with application security tools in SAST, DAST, SCA, and API security testing Eg: Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF
- Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)
- Strong hands-on experience with Terraform and Infrastructure-as-Code practices
- Experience with CI/CD tools such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps
- Good understanding of OWASP Top 10, secure coding practices, and common vulnerabilities
- Experience with AI tools-Copilots, Agents building use cases as per project requirements
- Good to have experience with the below tools
- CNAPP (Prisma, Wiz, Orca)
- SAST (Checkmarx, Fortify, Veracode)
- Secrets scanning (TruffleHog, GitGuardian)
- Strong analytical, problem-solving, and communication skills
Preferred Qualifications
- Bachelor’s degree in computer science, Computer/Systems Engineering, or a related field
- Cloud certifications :
- Azure (AZ-500, AZ-400, AI-102)
- AWS- AWS Certified SecurityEngineer/ AWS Certified DevOps Engineer
- GCP - Professional Cloud Security Engineer, Professional Cloud DevOps Engineer)
Click on Apply to know more.