Tata Consultancy Services
Security Engineer (Windows and Linux)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Tata Consultancy Services
Tata Consultancy Services (TCS) is a prominent global IT services, consulting, and business solutions organization, established in 1968 as part of Tata Sons Limited. The company has grown significantly since its inception, now operating in over 55 countries with a workforce of more than 600,000 associates and over 200 service delivery centers worldwide. TCS is known for its innovative approach and engineering excellence, helping clients across various industries adapt to changing technologies. TCS offers a wide range of services, including digital transformation, IT consulting, software development, engineering, and business process outsourcing. Its expertise spans multiple sectors such as banking, telecommunications, manufacturing, healthcare, energy, and government. The company has developed notable products, including core banking platforms and securities clearing systems, and has played a significant role in major technological initiatives, including Y2K remediation. With consolidated revenues of approximately US $30 billion for the fiscal year ending March 31, 2025, TCS is one of the largest IT services companies globally. It is publicly traded and recognized as a top employer, reflecting its commitment to community empowerment and sustainability through initiatives like sponsoring major international marathons.
Security at Tata Consultancy Services
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- TCS positions application security as embedded into the SDLC ("security-as-a-plugin"), emphasizing shift-left integration, security-by-design, proactive risk mitigation, and measurable outcomes.
- The operating model combines centralized governance (CoE) and SOC-like Threat Management Centers with program-level security teams that operate independently of application development.
- Automation, orchestration, and security-as-a-service are core to reducing manual effort, improving visibility, and accelerating remediation.
Security Team
- Organizational constructs and roles: dedicated AppSec/security teams operating independently of dev teams.
- A central CoE to provide governance, expertise, and program support.
- Threat Management Centers/TMCs and managed MDR teams (multiple centers, referenced as 13+).
- Roles include strategists, analysts, ethical hackers/pen testers, triage/enrichment specialists, playbook authors, incident responders, and MDR/SOAR operators.
- Responsibilities include vulnerability discovery and automated scans, manual testing where required, triage and enrichment, playbook-based remediation, continuous maturity assessment and project-specific improvement roadmaps.
Key Initiatives
- Operational priorities and stated goals: shift-left integration of security in SDLC.
- Automation and orchestration to centralize and reduce manual triage.
- Vulnerability discovery (automated and authenticated scanning) plus manual pen testing for higher assurance.
- Risk-based remediation to accelerate remediation velocity.
- Cloud, container, and API security.
- Program-level visibility (single-pane dashboards) and governance.
- Maturity assessments and quantified improvement roadmaps.
- Stated outcome targets include improved visibility, faster detection and response, reduced MTTR/MTTD, reduced operational effort (examples cited: up to ~32% effort reduction, ~37% productivity gain), and 30–60% reduction in vulnerabilities in some programs..
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.