Application Security Specialist (regular/senior)

WHO WE ARE:

The Cyber Security team, part of Accenture Security, assists clients in securing hybrid environments and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the SSDLC process.

THE WORK:

Collaborate closely with architecture, product, and development teams to embed security principles from the earliest stages of the Software Development Life Cycle (SDLC), following a security‑by‑design and shift‑left approach. Perform application and system security assessments in accordance with recognized industry standards and frameworks, including:

• OWASP ASVS
• OWASP Top 10
• OWASP API Top 10
• CWE Top 25
• and other relevant security best practices.

Design, implement, and govern security controls across the SDLC and SSDLC, ensuring consistent application of secure coding standards, security gates, and automated security testing. Conduct security architecture reviews for end‑to‑end solutions, including hybrid, cloud‑native, containerized, microservices‑based, and event‑driven architectures. Analyze and assess the security of application code, APIs, infrastructure‑as‑code (IaC), CI/CD pipelines, and supporting platforms. Support the design of modern, secure development environments, including secure CI/CD pipelines, hardened build environments, secure artifact repositories, and developer tooling. Define and drive Secure Software Development Lifecycle (SSDLC) processes, from security requirements definition and prioritization to software supply chain security, including dependency management, third‑party risk, and SBOM analysis. Perform threat modeling for applications and systems, with a strong focus on hybrid, distributed, and cloud‑based environments, identifying risks and proposing effective mitigation strategies. Provide hands‑on support to development teams in analyzing, prioritizing, and mitigating identified vulnerabilities, ensuring pragmatic and scalable security solutions. Assess and secure AI‑enabled systems and platforms, including applications based on machine learning, large language models (LLMs), and AI agents, across their full lifecycle. Identify and mitigate AI‑specific security risks, such as:

• model abuse
• prompt injection
• data poisoning
• training data leakage
• insecure model deployment
• and unauthorized model access.

Define security requirements and controls for AI pipelines, including data ingestion, model training, model storage, inference APIs, and integration with existing systems. Leverage AI‑based security tools and automation to enhance vulnerability detection, code analysis, threat detection, and security operations efficiency. Support governance and compliance efforts related to responsible and secure use of AI, including risk assessments, security controls, and alignment with internal and external regulations.

The work location for this role may include a mix of working remotely, onsite at a client or in an Accenture office - depending on specific project circumstances. Flexible: With all our roles, there is some in-person time for collaboration, learning and building relationships with clients, peers, leaders, and communities. As an employer, we will be as flexible as possible to support your specific work/life needs.

WHAT’S IN IT FOR YOU:

Work on international projects, collaborating with top global organizations to solve complex security challenges. Lead and drive innovation, helping clients transform their businesses with cutting-edge security technologies and frameworks. Grow your expertise in a dynamic environment, gaining exposure to the latest trends, tools, and best practices.

HERE’S WHAT YOU’LL NEED:

• Strong motivation to and a mindset of in cybersecurity, secure software engineering, and emerging technologies.
• Develop in the area of Application Security continuous learning and skill development.
• Solid background in IT or software development, with proven experience in engineering, architecture, or operational roles, combined with hands‑on or growing expertise in cybersecurity.
• Good understanding of end‑to‑end application and system architectures, including:
• layered and monolithic architectures
• microservices‑based architectures
• event‑driven architectures
• service‑oriented architectures (SOA).
• Basic knowledge of application security fundamentals, including:
• OWASP Top 10
• OWASP ASVS
• OWASP API Top 10
• secure coding best practices
• common vulnerability classes and exploitation techniques.
• Practical understanding of common attack techniques, such as:
• XSS
• CSRF
• SQL Injection
• MITRE ATT&CK / CAPEC frameworks.
• Knowledge of authentication, authorization, and session management concepts, including standards and protocols such as:
• OAuth 2.0
• OpenID Connect
• SAML
• SSO.
• Good understanding of cryptographic concepts and best practices, including encryption, hashing, key management, and secure use of cryptographic libraries.
• Knowledge of principles, including security requirements, secure design, secure coding, testing, vulnerability management, and release governance.
• Experience or knowledge of REST APIs, API security concepts, and API Gateway architectures.
• Ability to analyze source code, APIs, and Infrastructure‑as‑Code (IaC) from a security perspective.
• Interest in securing AI‑enabled applications, platforms, or services, including LLM‑based systems.
• Proficiency in at least one programming language at a good level, such as:
• Java
• .NET / C#
• JavaScript
• Go
• or scripting languages like Python.
• Experience with or strong understanding of code.