Application Development Security Lead

About TaskUs: TaskUs is a provider of outsourced digital services and next-generation customer experience to fast-growing technology companies, helping its clients represent, protect and grow their brands. Leveraging a cloud-based infrastructure, TaskUs serves clients in the fastest-growing sectors, including social media, e-commerce, gaming, streaming media, food delivery, ride-sharing, HiTech, FinTech, and HealthTech. 

The People First culture at TaskUs has enabled the company to expand its workforce to approximately 45,000 employees globally. Presently, we have a presence in twenty-three locations across twelve countries, which include the Philippines, India, and the United States.

It started with one ridiculously good idea to create a different breed of Business Processing Outsourcing (BPO)! We at TaskUs understand that achieving growth for our partners requires a culture of constant motion, exploring new technologies, being ready to handle any challenge at a moment’s notice, and mastering consistency in an ever-changing world.

What We Offer: At TaskUs, we prioritize our employees' well-being by offering competitive industry salaries and comprehensive benefits packages. Our commitment to a People First culture is reflected in the various departments we have established, including Total Rewards, Wellness, HR, and Diversity. We take pride in our inclusive environment and positive impact on the community. Moreover, we actively encourage internal mobility and professional growth at all stages of an employee's career within TaskUs. Join our team today and experience firsthand our dedication to supporting People First.

• Lead the design and institutionalization of a secure SDLC program across the organization, aligning with industry standards (e.g., OWASP SAMM, NIST SSDF).

• Define security requirements and checkpoints at each phase of the software development process.

• Collaborate with software architects and engineering leaders to ensure secure design and implementation of applications.

• Oversee threat modeling, architectural risk assessments, and secure code reviews for new and existing applications.

• Manage the implementation and optimization of security testing tools, including SAST, DAST, IAST, SCA, and container scanning.

• Lead the security testing team responsible for identifying, validating, and remediating application vulnerabilities.

• Define vulnerability management processes, including SLAs, risk scoring, exception handling, and reporting.

• Develop and enforce secure coding standards, practices, and guidelines across teams.

• Lead the SAAS security Posture management Threats and help in remediation of issues.
   

• Establish and manage the organization's DevSecOps roadmap and initiatives.

• Integrate security tools and automation into CI/CD pipelines (e.g., GitHub Actions,  Jenkins, Azure DevOps).

• Advocate for and implement "security-as-code" practices using IaC tools (e.g., Terraform, CloudFormation) and security policy enforcement.

• Partner with DevOps, QA, and cloud infrastructure teams to balance security with delivery speed and reliability.
   

• Oversee the review and remediation of cloud-related security findings impacting applications, including:

  • IAM misconfigurations

  • Misuse of public storage

  • Secret/key exposure

  • Insecure APIs

• Work closely with Cloud Security and Platform Engineering to apply best practices for securing applications deployed on AWS or Azure.

• Ensure security controls are embedded in microservices, serverless, and containerized architectures.

• Utilize CNAPP, CSPM (e.g., Wiz, Prisma Cloud) to manage risks in cloud environments.
   

• Lead and mentor a team of application security and DevSecOps engineers.

• Provide technical and career development guidance, set goals, and conduct performance reviews.

• Work with executive leadership to align security initiatives with business goals and compliance requirements.

Engage regularly with development teams to provide security consultation and training.

How We Partner To Protect You: TaskUs will neither solicit money from you during your application process nor require any form of payment in order to proceed with your application. Kindly ensure that you are always in communication with only authorized recruiters of TaskUs.

DEI: In TaskUs we believe that innovation and higher performance are brought by people from all walks of life. We welcome applicants of different backgrounds, demographics, and circumstances. Inclusive and equitable practices are our responsibility as a business. TaskUs is committed to providing equal access to opportunities. If you need reasonable accommodations in any part of the hiring process, please let us know.

We invite you to explore all TaskUs career opportunities and apply through the provided URL https://www.taskus.com/careers/.