Security Testing Lead

• Lead the end-to-end application security testing lifecycle across critical government and enterprise applications.
• Define and implement robust security testing strategies, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Collaborate with DevOps and development teams to embed security into CI/CD pipelines and ensure secure software delivery.
• Conduct threat modelling, vulnerability assessments, and provide actionable remediation guidance.
• Serve as a subject matter expert (SME) in application security, engaging with senior stakeholders to communicate risks and mitigation strategies effectively.

• Proven expertise in application security testing tools such as Fortify, Veracode, Burp Suite, and OWASP ZAP etc.
• Deep understanding of secure coding practices, OWASP Top 10, and software development lifecycles.
• Strong analytical, communication, and leadership skills.
• Domain, process, functional / technical
• Thorough understanding of Agile methodologies.
• Experience working in highly regulated environments with strong knowledge of release governance and compliance.

Infosys