Key Facts

Remote From:

Fixed term

Senior (5-10 years)

English

Hard Skills

Sonatype Application Security Threat Modeling Code Analysis Web Application Security Secure Coding Vulnerability Management Cloud Computing Employee Onboarding Security Requirements Analysis Stakeholder Communications Empowerment

Other Skills

•
Collaboration
•
Communication
•
Leadership
•
Open Mindset

Roles & Responsibilities

8+ years of senior Application Security experience in a custom development environment
Strong experience with AppSec tooling (Snyk, Invicti, Sonatype, Intigriti or equivalents)
Experience with secure SDLC, secure coding concepts, and vulnerability management
Ability to guide a Center of Excellence (CoE) in large, multi-stakeholder organizations with expert-level guidance while not requiring daily hands-on work

Requirements:

Guide operations of the AppSec Center of Excellence (1–2 times per week), review dashboards, and handle escalations
Support application owners and developers with onboarding, tooling integration questions, and complex AppSec cases
Drive improvements in AppSec processes, metrics, and documentation
Lead or contribute to security tooling migrations (Invicti and Sonatype SaaS) and provide input on design security reviews, code reviews, and threat modeling when required

NextLink Group

About NextLink Group

NextLink is a global leader and the fastest growing next-generation provider of IT, BPO and digital services. We are a team of experienced IT practitioners, outstanding engineers, and innovative team members with a deep-rooted passion for automation. We strive to deliver the best possible solutions using digital technologies and targeted talent sourcing. We enable man-machine collaboration, solve complex business problems, and combine human creativity and intellect with powerful algorithms. Our Vision: To be the most reliable one-stop-shop for high quality technology services delivered within a collaborative empowerment culture. Our Values: • Customer Focus – Our customers are at the centre of everything we do. • Passion – We are passionate about delivering innovative, high quality services to our customers and our teams. • Collaboration – We work together with our customers, our partners and in our organisation to always achieve the best results. Together we are stronger. • Empowerment – We empower and enable our people to make things happen. • Flexibility – We are flexible and adaptable in our ways of thinking and working. We make the impossible possible. An Overview of our Services: TECHNOLOGY: • Enterprise Application Services • SAP • Microsoft • Salesforce • ServiceNow • Infrastructure Services • AWS • Oracle CONSULTING: • Technology Consulting • Enterprise Application Transformation Services • Mobility and Workplace Services OPERATIONS: • Targeted talent sourcing • Business Process Services DIGITAL TRANSFORMATION: • Mobility • Data Sciences & Analytics • Cloud • Internet of Things • Machine Learning Solutions • Robotics Process Automation • Artificial Intelligence • Blockchain • Digital Health Solutions

Company type: SME

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

This is a remote position.

We are strengthening our Application Security function within custom development. The role sits under the Head of Application Security and focuses on securing internally developed applications, SaaS applications, and supporting cloud security initiatives.
The position supports and guides a Center of Excellence (CoE) based in India that performs day-to-day operational AppSec activities. The mission also includes leading two major tooling evolutions: the migration of Invicti to its new platform and the migration of Sonatype from on premise to a SaaS solution.
The environment is complex and international, involving many stakeholders across development, data science, security, and platform teams.

Typical Day
• Regular touchpoints (1–2 times per week) with the AppSec Center of Excellence to guide operations, review dashboards, and handle escalations
• Supporting application owners and developers with onboarding, tooling integration questions, and complex AppSec cases
• Driving improvements in AppSec processes, metrics, and documentation
• Leading or contributing to security tooling migrations (Invicti and Sonatype SaaS)
• Collaborating with stakeholders to define roadmaps and improve secure development practices
• Providing expert input on design security reviews, code review reports, and threat modeling when required

Requirements

Years of Experience: Senior profile required – typically 8+ years of experience

Must Have
• Strong experience in Application Security within a custom development context
• Solid understanding of AppSec tooling (e.g. Snyk, Invicti, Sonatype, Intigriti or equivalent tools)
• Experience with secure SDLC, secure coding concepts, and vulnerability management
• Ability to work at expert level without being fully hands-on daily, guiding a CoE instead
• Experience working in large / complex organizations with multiple stakeholders
• Strong communication skills in English

• Proactive and autonomous mindset

Ideal Candidate
• A senior Application Security professional who can take ownership of tooling and processes
• Comfortable acting as a subject matter expert and advisor, not just an operator
• Proactive in identifying gaps, proposing improvements, and driving initiatives forward
• Able to engage confidently with developers, architects, platform teams, and security leadership
• Capable of quickly mastering existing tools and new functionalities to maximize value

Nice to Have
• Prior experience with UCB’s specific tools (Snyk, Invicti, Sonatype, Intigriti)
• Security certifications (AppSec, testing, or security-related)
• Pharma / life sciences exposure
• Familiarity with GxP concepts (not mandatory, limited impact)
• Exposure to GenAI / LLM security topics

Ready to apply?

APPLY

Share ·