Job Description

Company Description
Aqilea is an IT and engineering consulting partner that helps companies get more out of their technology and operations. With teams in Stockholm and Bangalore, we work closely with our clients to build solutions that fit their needs - from software development, AI and infrastructure engineering to industrial automation and embedded systems.
We combine strong technical expertise with a practical, business-focused approach to help organizations modernize, improve security, and scale with confidence. Above all, we focus on long-term partnerships built on trust, quality, and real results.
With us, you have great opportunities to take real steps in your career and the opportunity to take great responsibility.
About the Role
Company: Aqilea India
Role: Software Security Lead
Experience: 8-14 Years
Location: Bangalore (Hybrid), Onsite
Job Summary
We are looking for a Lead Software Security professional to lead and strengthen Software Security across a retail organization. This role focuses on building secure software development practices, enabling development teams with the right tools and guidance, and ensuring security is built into applications from design to deployment.
You will work as part of a central Software Security team, defining standards, security patterns, and automated guardrails that help teams deliver software safely and quickly.
Key Responsibilities
Software Security & Architecture

• Define and improve secure software development practices (SSDLC) across teams.
• Provide secure architecture guidance for web, mobile, APIs, microservices, and cloud applications.
• Perform threat modeling and help teams identify and reduce security risks early.

DevSecOps & Tooling

• Manage and improve security tools such as:

• SAST, DAST, SCA (dependency scanning)
• Secrets scanning, container and IaC security
• Integrate security controls into CI/CD pipelines using GitHub and automation tools.
• Create reusable and secure CI/CD templates (paved roads) for development teams.

Secure Coding & Standards

• Ensure applications follow industry standards like OWASP, NIST SSDF, and ISO 27034.
• Maintain secure design patterns and coding guidelines.
• Help teams fix security issues and reduce false positives efficiently.

AI & Modern Development Security

• Define safe ways to use AI coding tools (e.g., GitHub Copilot, LLMs) in development.
• Ensure AI-generated code is secure, compliant, and reviewed properly.
• Guide secure design of AI-enabled features (input validation, prompt security, logging, monitoring).

Metrics & Continuous Improvement

• Track security metrics such as scan coverage, time to fix issues, and adoption of secure pipelines.
• Continuously improve developer experience while reducing security risks.

Leadership & Collaboration (for Lead role)

• Own the software security roadmap and capability maturity.
• Work closely with engineering, platform, and leadership teams.
• Mentor engineers and promote a strong security culture.

Required Skills & Experience

• 8-14 years of experience in application security / software security.
• Strong understanding of secure software development and threat modeling.
• Hands-on experience with SAST, DAST, SCA, and CI/CD security.
• Experience with GitHub security features (GHAS, Dependabot, code scanning).
• Knowledge of OWASP Top 10, SAMM, ASVS, and NIST SSDF.

Good to Have

• Assistants/platforms: GitHub Copilot, OpenAI Codex, Anthropic Claude / Claude Code, Google Gemini, or similar.
• SAST/DAST/SCA platforms such as SonarQube, Mend, Black Duck, Dependabot.
• IaC/container security: Trivy, Checkov, tfsec, kube-bench, OPA/Gatekeeper/Conftest.
• Knowledge of container and IaC security tools (Trivy, Checkov, tfsec, etc.).
• Programming or scripting experience (Java, Python, JavaScript, Go, etc.).
• Cloud and platform exposure (Azure/GCP), GitHub Actions/Azure DevOps and policy-as-code (e.g., Rego/OPA)

Who Should Apply

• Professionals who enjoy enabling developers rather than blocking them.
• Security engineers who want to build scalable, automated security solutions.
• Leaders who can balance security risk with developer productivity.

Start: Immediate to 15 Days
Location: Bangalore (Hybrid)

Skills Required