MCPNew: now works with Claude & AI assistants
bcg-editor

bcg-editor

Global Cybersecurity Senior Specialist – App Assurance

Company

bcg-editor

Role

Global Cybersecurity Senior Specialist – App Assurance

Location

Gurgaon, Haryana, India

Job type

-

Found on Mokaru

Yesterday

Share this job

Salary

Not disclosed by employer

Job description

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

Application Assurance Governance

  • Support the definition, maintenance, and continuous improvement of application assurance governance processes across BCG's application and product landscape.
  • Help establish secure SDLC expectations, application security standards, and control requirements for product and engineering teams.
  • Partner with application developers, product owners, architects, security champions, and engineering teams to improve application security posture across the enterprise.
  • Track application security risks, recurring control gaps, remediation trends, and governance exceptions across application environments.
  • Maintain application security coverage data, assurance metrics, and governance records to support risk reporting and decision-making.
  • Share practical observations and improvement opportunities with security architecture and application security leadership.

SAST, SCA, and Secure Engineering Enablement

  • Support SAST and SCA governance processes, including scan coverage, finding triage, risk prioritization, and remediation tracking.
  • Partner with development teams to improve secure coding practices and reduce recurring vulnerabilities across application codebases.
  • Develop, deliver, and improve application security trainings for developers, product teams, security champions, and engineering partners.
  • Contribute to the security champions program by supporting enablement content, recurring knowledge-sharing, and secure development guidance.
  • Guide teams on dependency risk, open-source component governance, software supply chain security, and remediation of vulnerable libraries.
  • Support integration of SAST, SCA, and related security tooling into CI/CD pipelines and engineering workflows.
  • Help teams interpret security findings, understand risk context, and apply practical remediation guidance without slowing delivery unnecessarily.

DevSecOps and Risk Management

  • Support DevSecOps initiatives that embed security controls, automation, and measurable assurance into product delivery processes.
  • Identify and implement security automation opportunities across SDLC workflows, CI/CD pipelines, reporting, governance, and remediation tracking.
  • Advise teams on CI/CD security, secure pipeline configuration, secrets handling, cloud-native application security, and container security.
  • Provide guidance on container hardening, Kubernetes security considerations, and secure deployment patterns.
  • Support secure adoption of low-code and no-code platforms by applying practical guardrails, assurance expectations, and risk-based controls.
  • Collaborate with security architects, code review specialists, DevOps teams, and engineering partners to strengthen enterprise application security practices.
  • Coordinate with DAST and penetration testing teams to incorporate relevant findings into broader application assurance governance and remediation activities.
  • Escalate sustained remediation gaps, recurring control issues, and material application security risks through appropriate ISRM governance channels

What You'll Bring

Education: Bachelor's degree in computer science, information security, engineering, or a related field, or equivalent practical experience.

Experience

  • 5+ years of experience in application security, secure engineering, DevSecOps, or cybersecurity assurance.
  • Experience working in enterprise technology environments with security governance and vulnerability management processes.
  • Experience partnering with product, engineering, infrastructure, and security teams to remediate application security risks.
  • Experience supporting secure SDLC, SAST, SCA, DevSecOps, or application security governance activities.
  • Experience contributing to developer security training, security champions programs, or secure engineering enablement initiatives.

Technical Proficiency

  • Strong knowledge of OWASP Top 10, AI threats, SANS Top 25, secure coding, threat modeling, and application security risk management.
  • Hands-on experience with SAST and SCA tools, findings analysis, vulnerability prioritization, and remediation tracking.
  • Understanding of software supply chain security, open-source dependency management, and secure build practices.
  • Working knowledge of CI/CD security, DevSecOps practices, security automation, and secure engineering workflows.
  • Familiarity with modern application environments, including APIs, SaaS platforms, cloud services, containers, Kubernetes, and low-code or no-code platforms.
  • Knowledge of container hardening, Kubernetes security, cloud-native security patterns, and secrets management practices.
  • Hands-on knowledge of DAST, penetration testing methods, and application exploitation techniques, with the ability to interpret findings and guide remediation.
  • Awareness of AWS, Azure, GCP, Docker, Kubernetes, and security tooling integration across DevOps environments.

Certifications: Certifications such as CSSLP or relevant cloud security certifications are helpful.

Who You'll Work With

You will be part of BCG’s Information Security Risk Management team, working with security architects, application security specialists, cybersecurity professionals, DevSecOps partners, and engineering teams who help protect BCG’s applications and information systems.

You will collaborate closely with product owners, application developers, security champions, infrastructure teams, system owners, DAST and penetration testing teams, and technology leaders across global BCG teams. Together, you will help teams strengthen secure development practices, improve application assurance governance, mature DevSecOps practices, and build security into products and platforms from design through delivery.

Additional info

YOU'RE GOOD AT

  • Translating application security requirements into practical engineering guidance.
  • Building trusted relationships with product and development teams while maintaining clear governance expectations.
  • Explaining SAST, SCA, DevSecOps, secure coding, and application risk topics in clear business and engineering language.
  • Connecting findings from SAST, SCA, DAST, penetration testing, and secure code reviews into a coherent risk picture.
  • Managing priorities across governance support, tooling adoption, automation, trainings, remediation timelines, and delivery needs.
  • Using structured reasoning and sound analysis to work through ambiguity.
  • Sharing practical recommendations that help teams take action on security findings.
  • Applying privacy-by-design and zero trust principles to application security decisions.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.

BCG is an E - Verify Employer. Click here for more information on E-Verify.

Resume ExampleCover Letter Example