Skip to main content
Posted 12 June, 2026

Software Security Engineer II

Antal International
Pune, MH, IN Full Time
Reference: 58a13dfa6851f9fa

Job Description

Software Security Engineer II

About the Role

We are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services.
You will act as a trusted advisor and technical authority, embedding security by design, driving DevSecOps maturity, and ensuring our software development practices consistently meet the highest standards of security, compliance, and operational excellence.

Your Mission

As a Software Security Engineer, you will:

• Define and continuously evolve the company-wide SSDLC security framework, policies, and governance.

• Influence architecture and design decisions across product teams to ensure security is a core design principle.

• Lead initiatives for security tooling, automation, and vulnerability management.

• Enable and mentor engineering teams to adopt secure coding, perform code reviews, apply threat modeling, and embrace risk-driven design.

• Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements.

Key Responsibilities

Secure SDLC Governance & Strategy

• Establish and enforce a global SSDLC framework and secure development policies.

• Conduct risk assessments, threat modeling, and architecture security reviews.

• Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.

• Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools ( SAST, DAST, SCA , etc.)

• Guide the remediation of security incidents and root cause analysis

• Provide support for application-level security issues and audit follow-ups

• Run and/or supervise Pentests

DevSecOps & Security Automation

• Define the roadmap and architecture for AppSec tooling ( Checkmarx , SAST, DAST, SCA, container scanning, secrets detection…).

• Oversee the integration of security controls and gates into CI/CD pipelines.

• Standardize security guardrails for APIs, Kubernetes, containers, Microservices and cloud-native environments ( AWS.. )

• Establish metrics and dashboards to measure DevSecOps maturity.

Vulnerability & Compliance Management

• Oversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.

• Lead and support external audits and certification cycles (PCI Secure Software Standard, PCI Secure SLC).

• Provide security KPIs and risk reports to senior stakeholders and governance committees.

Training, Advocacy & Culture

• Promote secure coding best practices and continuous learning

• Design and deliver training programs on secure architecture, code review, threat Modeling and DevSecOps .

• Mentor security champions and influence technical leaders across the organization.

Required Profile

Education

• Master’s degree in Computer Science , Software Engineering, or Cybersecurity.

Experience

• 3 to 5 years of experience in Application Security, DevSecOps , or SDLC Security.

• Proven track record leading application security initiatives in complex or regulated environments.

• Experience securing hybrid architectures (legacy + microservices on Amazon Web Services).

• Strong stakeholder management and cross-team leadership skills.

Technical Skills

• In-depth knowledge of secure coding and understanding of architecture practices based on the NIST Secure Software Development Framework (SSDF), OWASP Top 10, OWASP ASVS, STRIDE…

• Hands-on expertise with AppSec tools (SAST, SCA, DAST, container scanning) and their integration in CI/CD.

• Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM, KMS, VPCs, security groups, observability stacks, etc.).

• Familiarity with Kubernetes security concepts (RBAC, network policies, secrets management).

Development experience in Java, Spring and Angular is a plus.

REQUIRED SKILLS

Skill Levels

1 – Beginner | 2 – Intermediate | 3 – Proficient | 4 – Expert

Knowledge & Expertise

Knowledge Area

Level

DevSecOps

4

Software Development Framework (SSDF)

Any one ( OWASP Top 10, OWASP ASVS, STRID E)

4

NIST Secure

3

AppSec tools (SAST, SCA, DAST, container scanning)

4

CI/CD

3

Amazon Web Services

2

Kubernetes security

2

TECHNICAL SKILLS

Technical Area

Level

PROFILE REQUIREMENTS

Education: Master’s degree (Engineering, Computer Science, Information Systems, or equivalent)

. Skillset Required: Amazon Web Services, Clo, Angular, Rails, Coo, Team Leadership, Cro, Risk Assessment, Leadership Skill, Stakeholder Management, Spring, Vpc, Education, Erp, Ned, Java, Sdlc, Compliance Management, Assessments, Application Security, Compliance, Aris, Web Service, Leadership, Iam, Evolve, Excel, Aws, Cybersecurity, Technical Skill, Technical Skills, Software Development
Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.