Job Title- IT Specialist (Application Security) Position type- Full Time Work Location- Bangalore/Gurugram/Noida Working style- Hybrid People Manager role: No Required education and certifications critical for the role- Any Graduate or Post-Graduate (full time) Required years of experience – Minimum 2 years of relevant experience AON IS IN THE BUSINESS OF BETTER DECISIONS At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are committed as one firm to our purpose, united through trust as one inclusive, diverse team and we are passionate about helping our colleagues and clients succeed. GENERAL DESCRIPTION OF ROLE: This position is required to implement and support ongoing Security programs including integration of all Aon CI/CD pipelines to SAST (static application security testing) tool and SCA (Software Composition Analysis) tool. The resource will be required to work with Application Development and DevOps teams across the organization to assist them in onboarding of their applications to SAST, SCA, Secrets Scanning and other tools. JOB RESPONSIBILITIES: Static Analysis Tool Implementation: Deploy and configure static application security testing (SAST) tools (like Snyk, Checkmarx, Fortify, SonarQube, etc.) across AON applications. Customize SAST/SCA rulesets and configurations to align with Aon Application Security requirements and organizational security standards. Integrate static analysis tools into CI/CD pipelines to automate security testing processes. Secure Software Development Lifecycle (SDLC): Collaborate with AON application teams and DevOps personnel to integrate security tests into the development processes. Conduct security code reviews and provide actionable feedback to developers on remediation strategies. Ensure that all applications meet AON Application security standards. Vulnerability Identification and Management: Analyze static analysis scan results, prioritize findings based on risk, and assist Development teams to drive remediation. Investigate false positives and tune tools to reduce noise while maintaining coverage. Collaboration and Training: Provide support to developers on using static analysis tools effectively. Advocate for secure coding practices and promote awareness of application security best practices. Work with Application and DevOps teams to ensure seamless integration of security practices into workflows. Documentation and Reporting: Document tool configurations, workflows, and security guidelines. Report on scan results, trends, and remediation progress to technical and non-technical stakeholders. Track and report on key application security metrics to measure progress and impact. General Application Security Responsibilities: Help with incident response when needed. Support governance and compliance audits related to PCI, HIPAA, Sox and other regulations when needed. Stay up-to-date with emerging threat landscape, technologies, and industry trends. Required Experience: Overall 3 years experience in IT with at least 1 year of relevant experience working in Application Security and Security in the SDLC. Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience). Strong Experience with at least one programming language (e.g., Java, C#, Python, JavaScript). Good understanding of OWASP Top 10 vulnerabilities and Common Secure Coding practices. Familiarity with static analysis tools and their role in vulnerability detection. Knowledge of software development lifecycle (SDLC), DevOps environments (e.g. Azure DevOps, Gilab, Gihub) and Version Control systems (e.g. Git) Preferred Experience: Experience integrating security tools into CI/CD pipelines (e.g., Azure DevOps, GitHub, GitLab CI/CD, Jenkins). Familiarity with DevOps principles and tools (e.g., Azure DevOps, GitLab). Knowledge of application security standards such as OWASP, NIST, or ISO 27001. Understanding of dynamic application security testing (DAST) and runtime application self-protection (RASP). Security certifications like CEH, CISSP, OSCP or equivalent. Strong problem-solving skills and attention to detail. Excellent communication skills, with the ability to explain technical issues to non-technical audiences. Self-motivated, flexible, with a ‘can do’ attitude with a with a proactive approach to learning and collaboration. Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply in day-to-day work HOW WE SUPPORT OUR COLLEAGUES In addition to our comprehensive benefits package, we are proud to be an equal opportunity workforce. At Aon, we believe a diverse workforce is an innovative workforce. Our agile, inclusive environment allows colleagues to manage their wellbeing and work/life balance while empowering you to be your authentic self. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging them to take time to focus on themselves. We offer a variety of workstyle options through our Smart Working model, but we also recognize that flexibility goes beyond just the place of work... and we are all for it! Our continuous learning culture inspires and equips colleagues to learn, share and grow, helping them achieve their fullest potential. As a result, Aon colleagues are more connected, more relevant and more valued. #LI-RK2 2555433