Posted 26 June, 2026
Senior Security Operations Engineer
Commvault
Bangalore, India
Full Time
Reference: 102_717285_5269605008
What you'll do...
- Design / build / implement and maintain scalable automation tools and pipelines for application security, including static (SAST), dynamic (DAST), and software composition analysis (SCA) scanning.
- Collaborate with developers, security engineers, and DevOps teams to integrate security automation seamlessly into CI/CD workflows.
- Identify opportunities for improving security tool coverage, efficiency, and performance.
- Develop custom scripts, plugins, or APIs to extend the capabilities of security testing and remediation automation.
- Monitor and analyze security automation tool results, generate actionable insights, and support incident response and remediation efforts.
- Stay up to date on the latest security automation trends, technologies, and best practices, and advocate for continuous improvement in tooling and processes.
- Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices.
Who you are?
- 6+ years of software engineering experience with a focus on security automation or application security.
- Proficiency in Python, Ruby, Go, Java, or similar programming languages.
- Strong understanding of application security principles, vulnerabilities (e.g., OWASP Top Ten), and remediation techniques.
- Hands-on experience implementing and configuring security scanning tools such as SAST (e.g., Checkmarx, Fortify), DAST (e.g., Burp Suite, OWASP ZAP), and SCA (e.g., Snyk, WhiteSource).
- Familiarity with CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI) and infrastructure as code tools (e.g., Terraform, Ansible) is a plus.
- Solid understanding of software development lifecycle (SDLC) processes and how to integrate security automation seamlessly.
- Excellent problem-solving skills and ability to work independently and as part of a team.
Preferred Skills:
- Experience with cloud-native security automation (e.g., in AWS, Azure, or GCP environments).
- Familiarity with container security (e.g., Docker, Kubernetes) and related security scanning solutions.
- Knowledge of threat modeling and security risk assessments.
#LI-VK