At PwC, our cybersecurity teams help organizations reduce cyber risk by identifying vulnerabilities, designing secure systems, and deploying proactive controls to protect sensitive data.
In this DevSecOps and Application Security role, you will secure cloud workloads across AWS, Azure, and GCP by applying cloud-native controls and using Terraform/IaC to provision compliant infrastructure. You will embed security across the SDLC by partnering with engineering teams on secure design and code reviews, and by automating testing and policy enforcement in CI/CD (SAST/DAST/SCA, secrets and dependency scanning), and API security.
You will help define and implement DevSecOps frameworks (security gates, configuration management, and supply-chain protections such as dependency, secrets, and artifact integrity controls). You will also guide teams on remediation and secure coding practices, and continuously improve security maturity as threats and tooling evolve.
The role combines hands-on delivery with strong collaboration, you will advise engineering teams, support remediation, and help build a security-first culture.
Multi-Cloud Strategy:
Design and implement scalable, well-architected frameworks across AWS, Azure, and GCP, ensuring cross-cloud consistency and disaster recovery readiness.
Manage and optimize large-scale Kubernetes environments (EKS, AKS, GKE), focusing on service mesh implementation, ingress controllers, and cost-efficient scaling.
Design scalable security processes and governance for private, hybrid, and multi-cloud environments (AppSec/DevSecOps aligned)
Build and implement cloud, container, and application security strategy, including SSDLC practices
Identify security vulnerabilities on web applications, infrastructure systems, network equipment, Wi
Fi systems, mobile applications, API, etc.
Provision secure landing zones and cloud infrastructure using Terraform/IaC across AWS, Azure, and GCP
Embed security scanning into CI/CD (IaC, images, secrets, SAST, DAST, dependency/SCA) including Pipeline Hardening, Artifact repository ( JFrog,Nexus) and Binary provenance
Implement automated governance and policy enforcement (policy-as-code, tagging, preventive guardrails, CI/CD security gates, and CNAPP controls)
Implement API security
API gateways security, OAuth and/JWT misconfigurations
Conduct cloud security assessments, source code reviews to detect security flaws and propose mitigation/remediation plans
Develop proof-of-concept (PoC) exploits for validated vulnerabilities.
