INDIA - Sr AI & App Security Consultant

We’re looking for a Senior AI & Application Security Consultant to partner closely with engineering teams to secure applications from design through deployment across traditional, cloud‑native, and AI‑enabled environments.
This role is ideal for someone who understands how applications are actually built and shipped and can help teams apply security in a way that’s practical, effective, and doesn’t slow delivery. You’ll work hands‑on with developers, platform teams, and data scientists to embed security into real workflows—not just policies or tooling.

What You’ll Do
- Partner with engineering teams to embed security across the SDLC, from architecture and design through CI/CD pipelines and production.
- Identify and mitigate application‑level risks including insecure APIs, authentication and authorization gaps, injection flaws, supply‑chain risks, and misconfigurations.
- Design and implement DevSecOps controls such as automated security testing, policy enforcement, secret management, and secure build/release processes.
- Implement and operationalize application security tooling, including SAST, DAST, SCA, container and IaC scanning, and API security testing, ensuring findings are actionable and developer‑friendly.
- Support web application and API protection, including WAF strategy, rule tuning, bot mitigation, and defense against OWASP Top 10 and emerging threats.
- Help secure AI‑enabled applications, including training and inference pipelines, model integrations, and risks such as prompt injection, data leakage, and model abuse.
- Lead threat modeling and security design reviews to identify risks early and guide secure architecture decisions.
- Act as a trusted security advisor to developers, providing secure coding guidance, reference architectures, and pragmatic remediation recommendations.
- Support application‑level incident response and root cause analysis, driving improvements back into design and development practices.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

- Software Development Background: Prior hands‑on experience as a software engineer or developer, with working knowledge of one or more programming languages such as Java, Python, JavaScript/TypeScript, C#, or Go.
- Application Security Experience: 5–8 years of experience securing web applications, APIs, and microservices in enterprise and cloud‑native environments.
- Modern Development & Cloud Environments: Strong familiarity with modern application stacks, including CI/CD pipelines (GitHub Actions, GitLab, Azure DevOps, Jenkins), cloud platforms (AWS, Azure), containers and orchestration (Docker, Kubernetes), and Infrastructure as Code (Terraform, ARM, CloudFormation).
- DevSecOps Practices: Proven experience integrating security testing and controls into agile and DevOps workflows without disrupting delivery velocity.
- Web & API Security: Hands‑on experience implementing and managing application‑layer protections such as WAFs, API gateways, and runtime security controls.
- Application Security Tooling: Practical experience with AppSec tools including SAST, DAST, SCA, container and IaC scanning, and secrets detection, with the ability to make findings actionable for developers.
- AI & Emerging Technology Awareness: Experience securing AI‑enabled applications or models, or demonstrated curiosity and hands‑on learning in this area.
- Communication & Influence: Strong ability to clearly communicate security risks and remediation guidance to developers, architects, and security leadership in a pragmatic, non‑fear‑based way.

- Experience securing enterprise or regulated applications
- Familiarity with OWASP Top 10, ASVS, and NIST secure development guidance
- Experience balancing security requirements with delivery timelines in agile environments
- Relevant certifications (e.g., GWAPT, CSSLP, cloud security certifications) are a plus, but not required

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.