Application Security Engineer Principal - India

Why you'll LOVE Sagent:

You could work anywhere. We know you are talented and looking for something inspiring and impactful. A place where you will make a difference and have a great time doing it!

By choosing Sagent, you can be part of our mission to make loans and homeownership simpler and safer for all US consumers.

Sagent powers servicers and consumers. You power Sagent!

About the Opportunity:  

Sagent is seeking an Experienced IS & Application Security Engineer Principal to join a growing information security team responsible for securing next-generation, cloud-native financial technology systems, used by some of the largest mortgage lenders and loan servicers in the Chennai India. As our Senior Application Security Engineer, you will be responsible for owning Sagent’s application security program. This role will entail delivering application security standards and solutions, driving engineering teams to evolve towards a DevSecOps model, building security automation wherever possible, and serving as formidable force for the ‘secure by default’ vision across the enterprise. This role will have abundant opportunities to challenge the “status-quo” and work with cutting-edge technologies, tools, and platforms across all 3 major cloud providers (Azure, GCP, AWS).

What your day-to-day will look like:

• Develop and update application security standards, secure coding principles, and threat modeling processes.
• Maintaining CI/CD integrated application security solutions, web application firewall technologies, and related
• Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance.
• Integrate and mature application security testing and controls into different phases of teams’ development lifecycles.
• Coordinate application security program metrics and reporting.
• Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Develop application security training methods and mentoring of security champions.
• Partner with third party vendors to deliver software security tools and services.
• Coordinate and partner with third party offensive security (manual pen test) engagements.
• Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design.
• Partner closely on security operations tasks with cross-functional teammates in Information Security, IT, DevOps, Engineering, and Quality Assurance.
• Engage with product owners, project managers and developers to integrate security best practices into product design.
• Working Model : 16/5.

We'd love to hear from you if you have:  

• Extensive combined hands-on experience in application security and software development.
• Experience building, deploying, and maturing CI/CD integrated application security tools.
• Solid understanding of web-based application technologies, web services/APIs, web-based authentication/single sign-on protocol and technologies.
• Deep experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling.
• Ability to read and understand code at a high-level across most common programming languages, with any C#, Java, Javascript and NodeJS experience a plus.
• Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies.
• Fundamental understanding of major cloud providers (Azure, GCP, AWS).
• Strong knowledge of software security risks and threats (OWASP top 10).
• Familiarity with “secure by design” and “shift left” security principles.
• Strong understanding of development methodologies, particularly Agile and DevOps.
• Able to explain impact of vulnerabilities and mitigating strategies to both technical and non-technical stakeholders.
• Capable taking ownership of the application security function, ability to work independently with minimal guidance and act as coach to other team members as necessary.

Strong communication & interpersonal skills, and experience working cross-functionally with various teams--this will be critical to success in this role.

  #LI-SM1

Perks!   As a Sagent Associate, you will be eligible to participate in our benefit programs beginning on Day #1!  We offer a comprehensive package including Remote/Hybrid workplace options, Group Medical Coverage, Group Personal Accidental, Group Term Life Insurance Benefits, Flexible Time Off, Food@Work, Career Pathing, Summer Fridays and much, much more!

Why Sagent?  Sagent is transforming the mortgage servicing industry by bringing the modern experience customers now expect from loan originations to loan servicing. Our platform lets customers manage their home-owing lives from anywhere while giving servicers lower costs, scale compliance and higher servicing values through full market cycles.

Sagent is a joint venture that combines Fiserv Inc.'s decades of market-leading fintech expertise with Warburg Pincus' skill in growing technology companies. We hire innovators and doers to disrupt the last and most complex frontier of lending and housing. We're growing fast and need you to help shape our future.

Sagent is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.