DevSecOps Security Consultant
Engagement Type: Contract / FTC
Location: Bengaluru (2 Days Onsite/Hybrid/Remote based on client needs)
Only applicants currently based in Bengaluru or willing to relocate to Bengaluru for this assignment will be considered. Candidates serving longer notice periods will not be considered; the maximum acceptable notice period is 30 days.
Background
Arj Global Ltd is supporting enterprise clients across complex cybersecurity landscapes, delivering security assessment and DevSecOps enablement across a wide range of digital platforms.
Our clients operate diverse technology ecosystems including cloud-native applications, legacy systems, mobile platforms, and embedded devices. We are seeking experienced DevSecOps Security Consultants to strengthen secure software delivery practices and embed security into the development lifecycle.
Scope of Work
The consultant will support secure development and DevSecOps practices across multiple technology domains, including:
- Web applications
- Mobile applications
- Cloud platforms & infrastructure
- Embedded/IoT devices (e.g., cameras, sensors)
- ERP systems (e.g., Dynamics and similar platforms)
Key Objectives
The consultant will:
- Ensure security tooling delivers real, measurable value
- Reduce actual business risk, not just vulnerability counts
- Enable faster, secure product delivery
This role focuses on enabling teams through:
- Shifting security left in the SDLC
- Providing guardrails instead of bottlenecks
- Supporting faster, confident releases
Key Responsibilities
1. GitHub Advanced Security (GHAS) Enablement
- Assess current CI/CD pipelines and SDLC maturity
- Design standardized GHAS integration across products
- Implement:
- CodeQL scanning
- Secret scanning & push protection
- Dependency scanning (Dependabot)
- Customize rules to reduce false positives
- Define pipeline gating strategies (block / warn / report)
2. Vulnerability Triage & Risk Prioritization
- Develop risk-based vulnerability triage frameworks
- Define severity re-rating models based on exploitability
- Establish workflows for:
- False positives
- Risk acceptance
- SLA exceptions
- Align vulnerability management with business risk appetite
3. AI / LLM Security
- Assess AI/LLM usage across products
- Identify AI-specific threat scenarios
- Define security principles and guardrails for AI systems
- Align with:
- OWASP Top 10 for LLMs
- NIST AI Risk Management Framework
- Advise on secure AI SDLC practices
Required Skills & Experience
DevSecOps & CI/CD
- Strong experience integrating security into CI/CD pipelines
- Tools: GitHub Actions, Jenkins, GitLab CI, Azure DevOps
- Hands-on experience with GitHub Advanced Security (GHAS)
Application Security
- CodeQL customization and tuning
- Secret scanning & push protection
- Dependency management (Dependabot policies)
- Secure coding practices across:
- Java, JavaScript, Python, Go
Vulnerability Management
- Risk-based prioritization methodologies
- CVSS and exploitability-based severity assessment
- False positive reduction techniques
- Risk acceptance workflows
Security & Risk Mindset
- Threat modeling approach
- Understanding of compensating controls and exposure context
- Experience with security metrics:
- MTTR
- Fix rate
- Recurring vulnerability patterns
Collaboration & Enablement
- Developer-first communication style
- Ability to provide clear remediation guidance
- Experience supporting Security Champions programs
Top 3 Priority Skills
- CI/CD integration expertise
- GitHub Advanced Security (GHAS)
- Vulnerability triage and risk-based prioritization
Why Join Through Arj Global
- Work on enterprise-scale, high-impact security transformations
- Be part of a UK-led delivery model with global engineering capability
- Engage in modern DevSecOps, AI security, and cloud-native ecosystems