Application Security Engineer Application Security Lead DevSecOps Azure DevOps

Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!

In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.

Who we are:

Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.

Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.

What’s in it for you?

At Accenture you will work on meaningful and innovative projects, powered by the latest technologies. You’ll be immersed in industry best practices such as event-driven architectures and domain-driven designs. Accenture will continually invest in your learning and growth. Youll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.

Summary: You will embed security into the software delivery lifecycle and reduce application risk across modern cloud and containerized environments. In this role, you will partner closely with engineering, DevOps, and product teams to implement and operate scalable DevSecOps controls, including SAST, DAST, SCA, API security testing, IAST, and RASP, and drive secure-by-design practices through automation in Azure DevOps CI/CD pipelines. You will also support penetration testing activities, provide secure coding guidance, and help establish standards and metrics that improve security posture without slowing down delivery.

Roles and Responsibilities:

Embed security into the SDLC by partnering with engineering and DevOps teams across planning, design, build, test, and release.

Implement and maintain application security testing programs, including:

SAST (Static Application Security Testing)

DAST (Dynamic Application Security Testing)

SCA (Software Composition Analysis)

IAST (Interactive Application Security Testing)

RASP (Runtime Application Self-Protection)

Integrate security scanning and quality gates into Azure DevOps pipelines (Build/Release), ensuring repeatable and automated controls.

Perform API security testing, including authentication/authorization validation, rate limiting checks, schema validation, and abuse testing.

Conduct and/or coordinate security penetration testing and validate remediation effectiveness.

Lead threat modeling and secure design reviews for new features, services, and architectures (microservices, serverless, containerized workloads).

Establish vulnerability triage and remediation workflows: verify findings, reduce false positives, prioritize by risk, and track to closure.

Define and promote secure coding standards and provide hands-on guidance (code review support, secure patterns, reference implementations).

Support cloud security posture for application layers across Azure, AWS, and/or GCP, including identity, secrets, network exposure, and service configurations.

Implement secrets management and secure configuration practices (e.g., key vault usage, environment hardening, least privilege).

Build dashboards and metrics to report coverage and progress (scan coverage, mean time to remediate, vulnerability trends, SLA compliance).

Evaluate and onboard AppSec tools and solutions; optimize pipelines for performance, reliability, and developer experience.

Run enablement sessions (training, brown bags) to raise developer security maturity and reduce recurring issues.

Participate in incident response activities related to application vulnerabilities, including root-cause analysis and prevention improvements.

Core Technical Requirements

Strong hands-on experience with SAST – Static Application Security Testing (tooling, tuning, triage, and remediation guidance).

Strong hands-on experience with DAST – Dynamic Application Security Testing (scanning strategies, authenticated scans, result validation).

Strong hands-on experience with SCA – Software Composition Analysis (open-source risk, license/compliance basics, dependency hygiene).

Experience with IAST – Interactive Application Security Testing and/or ability to operationalize runtime testing approaches.

Experience with RASP – Runtime Application Self-Protection concepts and/or runtime security controls in production.

Proven capability in API Security Testing (OWASP API Top 10 understanding; authN/authZ, token handling, mass assignment, rate limits).

Experience conducting Security Penetration Testing (web apps, APIs) and translating findings into actionable fixes.

Strong knowledge of common app vulnerabilities (OWASP Top 10), secure coding patterns, and security testing methodologies.

DevOps / DevSecOps & Delivery Tooling

Demonstrated DevOps background with CI/CD, automation, and pipeline-based deployments.

Demonstrated DevSecOps background integrating security into pipelines with quality gates and developer-friendly workflows.

Working knowledge of Azure DevOps (Repos, Pipelines, Build/Release, Artifacts, Boards) and integrating security scanning into it.

Experience with Infrastructure-as-Code and pipeline automation concepts (e.g., YAML pipelines, reusable templates, policy-as-code).

Cloud & Engineering Background

Hands-on experience with at least one major Cloud Platform (Azure, GCP, AWS); familiarity with identity, networking, secrets, and logging.

Dev background (software engineering experience) in one or more languages (e.g., C#, Java, JavaScript/TypeScript, Python, Go) with the ability to read and review code.

Familiarity with containers and modern app architectures (microservices, Kubernetes/AKS/EKS/GKE, serverless).

Professional / Collaboration Skills

Ability to communicate risk clearly to engineers and leadership, balancing security requirements with delivery needs.

Strong stakeholder management, collaboration, and influence skills—able to drive security adoption without relying on authority.

Experience establishing standards, playbooks, and measurable outcomes (KPIs/SLAs) for application security programs.

Nice-to-Have (Optional)

Experience with common AppSec tools (examples): Fortify/Checkmarx/Veracode/SonarQube (SAST), OWASP ZAP/Burp (DAST), Snyk/Mend/Black Duck (SCA).

Experience with WAF, API gateways, or service mesh security controls.

Security certifications (e.g., CSSLP, GWAPT, OSCP) or cloud certifications (AZ-500, AWS Security Specialty, GCP Security Engineer).

Work Set Up: Day Shift, Hybrid, Cubao site

What we believe:

All our leaders are committed to building a better, stronger and more durable company for future generations to create positive, long-lasting change. Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and creative, which helps us better serve our clients and our communities.

Our position as partner to many of the world’s leading businesses, organizations and governments affords us both an extraordinary opportunity and a tremendous responsibility to make a difference. Sustainability is one of our greatest responsibilities, which we embed it into everything we do and for everyone we work with.

Accenture is committed to providing equal employment opportunities for persons with disabilities. Please let your recruiter know if you require reasonable accommodation to enable your participation in the recruitment process, they will be happy to assist you.

What’s in it for you?

Competitive Total Rewards (Compensation, Performance Bonus, 13th Month Pay, Day 1 HMO & Life Insurance Coverage)

Expanded maternity leave up to 120 days*

Expanded paternity leave up to 30 days*

Flexible Working Arrangements*

Healthy and Encouraging Work Environment

Company-sponsored trainings like upskilling and certification

Employee Stock Purchase Pan

Loyalty and Christmas Gift

Inclusion and Diversity Benefits

Car and housing plan*

Terms & Conditions apply

Equal employment Opportunity Statement:

All employment decisions shall be made without regard to age.., race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

Accenture is committed to providing veteran employment opportunities to our service men and women.

Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.

IMPORTANT REMINDER: We appreciate your interest in applying with Accenture. Please ensure to complete your profile and accomplish all required information in Workday within the next 24 hours, in order for us to start processing your application. You may access Workday by clicking the “Apply Now” button or refer to the link sent via SMS or email.

---