Job Title

At First American (India), we don’t just build software—we build the future of real estate technology. Our people-first culture empowers bold thinkers and passionate technologists to solve real-world challenges through scalable architecture and innovative design.If you're driven by impact, thrive in collaborative environments, and want to shape how world-class products are delivered, this is the place for you.About the RoleWe are looking for an experienced Platform Security Engineer with strong expertise in DevSecOps and Application Security (AppSec) to join our Security team. In this role, you will be instrumental in designing, building, and maintaining secure platforms and tooling that empower our development teams to deliver software efficiently, while embedding security throughout the development lifecycle. You’ll collaborate closely with engineering teams to integrate security best practices, automate controls, and ensure our platforms are resilient, compliant, and scalable.What You Will Do: Application Security Ownership: Take end-to-end responsibility for application security initiatives, including vulnerability remediation, conducting security reviews, and educating internal teams on secure coding practices and standards.Leadership and Cross-Team Collaboration: Provide technical leadership and mentorship to engineers while working closely with cross-functional teams to embed security seamlessly into development workflows.Continuous Improvement: Drive initiatives to continuously enhance platform security and efficiency by optimizing workflows, automating controls, and implementing industry best practices.Strategic Thinking: Contribute to the long-term vision for platform security and DevSecOps, aligning efforts with organizational goals and staying current with emerging technologies and trends.Technical Issue Resolution: Proactively identify, investigate, and resolve security vulnerabilities across applications, infrastructure, and cloud environments.Vulnerability Management: Lead efforts to detect, assess, and remediate infrastructure and software vulnerabilities, ensuring timely patching and mitigation in alignment with security policies.Cross-Functional Alignment: Collaborate with engineering, infrastructure, and compliance teams to ensure that platform capabilities and security measures align with broader organizational objectives.What You Bring:Over 10 years of hands-on experience in DevSecOps and AppSecOps, with at least 5 years in application development using .NET and Java technology stacks.Deep understanding of application, infrastructure, and cloud security principles. Proven experience in identifying, remediating, and preventing vulnerabilities across the stack.Demonstrated ability to lead technical initiatives, develop secure architecture patterns, and mentor engineering teams on secure development practices.Advanced knowledge of AWS and Azure, including secure cloud networking (e.g., security groups, NACLs), IAM, encryption, and compliance controls.Proficiency in scripting (Python, Bash) and infrastructure-as-code tools such as Terraform, Terragrunt, or CloudFormation to automate secure infrastructure provisioning.Experience with tools like Veracode, Snyk, Prisma Cloud, and Checkmarx to detect and remediate vulnerabilities in code, containers, and infrastructure.Ability to guide teams in addressing OWASP Top 10 and SANS Top 25 vulnerabilities, conduct threat modeling, and perform secure code reviews and penetration testing.Experience in conducting security training, raising awareness across engineering teams, and embedding security into the SDLC.Familiarity with DAST, SAST, and IAST tools such as Burp Suite, Veracode, and Checkmarx for comprehensive application security assessments.Strong ability to document technical findings, communicate risks and recommendations clearly to developers, and advocate for security best practices.Excellent communication, critical thinking, and problem-solving skills. Comfortable working independently or collaboratively in fast-paced, high-stakes environments.