Associate Lead Consultant - AppSec Job

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.

At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.

We are looking forward to hire Application Security Professionals in the following areas :

• Read/learn/discuss latest trends/tools/best practices/updates of cyber security, application development, and cloud services industries. 
• Perform custom impact and risk analysis of identified security vulnerabilities for each product team. 
• Create mitigation plans with product teams to resolve security vulnerabilities. 
• Build tooling to automate security into the product teams’ development, build, deployment, and operational processes. 
• Actively contribute to story planning, identifying and providing expertise on work items that involve security considerations. 
• Be On-Call for: Cyber security breaches 
• High impact events (like a day zero effecting a team) or a breach 
• Uptime disruptions caused by their contributions. 

Skills Required (Appsec Engineer’S Superpowers):

• Cloud Platform: AWS, Microsoft Azure 
• Development Environments: VSCode, JetBrains, Eclipse 
• Programming languages: Know at least a few languages well (Java, JavaScript/TypeScript, C++, C, Python, Powershell, unix shell, etc.) 
• Infrastructure as Code: CloudFormation, CDK, Bicep, Terraform, Ansible, etc. 
• SIEM/SOAR: Microsoft Sentinel, Splunk, Checkmarx 
• OS: Linux, Windows 
• Configuration Management tools: Git, GitHub, GitLab, Azure DevOps 
• Vulnerability management tools: Nessus Pro, Tenable IO, FireEye, CrowdStrike, Defender, SpyCloud etc. 

Competencies (Who Appsec Engineer Is):

• Willingness to prioritize team success over individual recognition. 
• Champions collaboration, knowledge sharing, and mentoring as foundational practices. 
• Committed to improving DevSecOps processes through continuous learning and experimentation. 
• Supports sustainable pace and actively addresses technical debt. 
• Willing to work onsite one week per quarter. 

Annual Goals (What AppSec Engineer will be measured on): 

• Direct reduction of measured security vulnerabilities via tooling 
• Cycle time to mitigate vulnerabilities, assigned -> closed 
• When On-Call, 100% of response times under 15 minutes 
• Leads annual threat modeling exercise for all products assigned

At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.

Our Hyperlearning workplace is grounded upon four principles

• Flexible work arrangements, Free spirit, and emotional positivity
• Agile self-determination, trust, transparency, and open collaboration
• All Support needed for the realization of business goals,
• Stable employment with a great atmosphere and ethical corporate culture