DevSecOps Lead- Security Testing SME

Location: Bangalore, Karnataka, India

Fortive is currently seeking a seasoned DevSecOps Lead to join the growing global Security team. We
are looking for an experienced DevSecOps Lead – Security Testing Subject Matter Expert to joinour
Product Security function to provide guidance, support and measurement as it relates to secure design,
secure coding, security testing and automation to enable DevOps teams to securely build software
applications and systems. You will work with management, product development engineering, and
operations teams on cross-functional projects throughout the organization to enhance the security
posture across the enterprise product portfolio, perform training, add context and priority to security
related findings, and support the Incident Response team as needed. This role requires enthusiasm,
attention to detail, and an insatiable commitment for positive outcomes.

This position will report directly to the director of product security.

Key Duties and Responsibilities:

 Ownership of the Security Testing Program including the ownership for the development, testing,
and delivery of processes and tools to streamline security testing practices, tooling,
implementation, and continuous compliance.
 Act as a security advisor to developers, architects, engineers, security engineers and other
stakeholders to ensure we design confidentiality, integrity, resiliency, and privacy into Fortive's
products and services.
 Build, train and mentor product developers, engineers, and DevOps teams across the enterprise
in security testing practices and remediation.
 Work with the product teams to support proactive research in the area of security testing and
integrate new security testing tools and processes to mitigate new emerging threats,
vulnerabilities, tactics, techniques and procedures.
 Integrate Security Testing toolsets into product teams CI/CD pipelines.
 Integrate DAST findings into product team agile management tooling (e.g., Jira)
 Create Key Performance Indicators (KPI) to accurately measure cyber security activities aligned
with current business strategies and risk management frameworks.
 Work with standardization and regulatory frameworks such as FedRAMP, ISO 27001, CIS Critical
Security Controls, NIST CSF frameworks, Cloud Security Alliance, PCI DSS, GDPR
 Other duties and obligations as assigned by the Director of Product Security

Minimum Qualifications

Demonstrated experience managing security testing initiatives in a highly fluid enterprise-level product
and service development environment; Experience managing vendors and service providers and
performing oversight for the delivery of security capabilities; Significant technical knowledge of product
security testing, penetration testing, web application security testing, security testing standards, product
security programs, concepts, processes, trends, and best practices; Demonstrated knowledge of aligning
secure coding practices with current compliance frameworks.

Preferred Qualifications:
 8-15 years relevant experience
 Strong background in product security testing; deep knowledge of security standards, protocols
and methodologies
 Excellent problem-solving and analytical skills with the ability to evolve product security and
security testing practices based on research, data, and industry trends
 Mastery level experience testing a variety of platforms including Web Applications, SaaS,
Microservices, databases, Application programing interfaces, associated security testing reporting
and remediation, mapping security testing standards to practices which satisfy security
requirements, coordinating efforts to scope, implement then deploying security testing practices in
automated ci/cd environments
 Strong focus on API security testing and Web Application security testing
 Strong communication and presentation skills with the ability to interact at all levels of the
organization. 
 Proven success managing cross-functional enterprise security programs
 Possess a passion and drive for cyber-security, with an active interest and knowledge of current
trends and emergent threats
 Experience on Orchestration/automation solutions would be helpful.
 Strong ethics, integrity, attention to detail, and self-motivation to succeed against challenges
 Proven capability and desire to diligently deliver high quality work, as an individual or part of a
team, to agreed specifications and timelines
 Demonstrable strong verbal and written communication skills, when communicating with peers,
seniors, juniors, or customers
 Experience in product development, quality assurance, or a Security related role within a product
development team.
 Familiarity, understanding and demonstration of the “attacker mind-set”, towards providing better
testing coverage against threats.