AppSec Jobs
← Back to all jobs

GlobalLogic

Software Engineer-Information Security (Open Source Compliance)

Dallas, TXWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About GlobalLogic

GlobalLogic is a digital product engineering services company based in San Jose, California, founded in 2000. As part of the Hitachi Group since 2021, it specializes in software product design, development, and engineering services. The company operates globally, with delivery centers in countries such as India, Slovakia, Poland, Ukraine, and Mexico. GlobalLogic offers end-to-end software development services, combining design, engineering, and data to create innovative digital products and platforms. Its expertise spans various domains, including Big Data & Analytics, Cloud Computing, Internet of Things (IoT), and Embedded Systems. The company collaborates closely with clients to co-create technologies that drive digital transformation and improve societal outcomes. GlobalLogic's services are integrated into many everyday digital experiences, supporting a wide range of clients from software startups to large industry leaders.

Industry

information technology & services

Employees

34,000

11763 engineers

Revenue

$2.0B

Website

Visit →

Security at GlobalLogic

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • GlobalLogic's AppSec mission is to integrate security measures as a foundational element of the development process.
  • They emphasize developer enablement by securing products and services across all layers using best practices, including AI-enabled security technologies.
  • Their risk philosophy involves contextualizing vulnerabilities and assessing realistic impact, accounting for mitigating and aggravating factors.
  • A stated goal is that every developer must undergo secure code training.
  • Gaps include the lack of publicly available explicit, current (2025–2026) written team charters or public AppSec SLAs describing last-mile triage SLAs, OKRs, or formal developer gating policy.

Security Team

The organizational structure and reporting line for GlobalLogic's AppSec team are not publicly available. Key public-facing leaders include Kulbhushan Bhardwaj, VP Engineering and Global Security Practice Head, whose mission is to implement a security-first culture and improve application security posture, and Alok Malik, Global IT / Security (CIO & CISO), recognized for setting up the Global Information Security Team, specifically SOC. The team size estimate is not publicly available, as a LinkedIn search did not return a reliable aggregate. As of, there is at least one active AppSec job posting. Common skill and tool patterns from job postings include expert proficiency in Web Application Penetration Testing, Secure Code Review, and strong working knowledge of at least two programming or scripting languages. Gaps include the lack of a definitive list of tools mandated by AppSec hiring or internal tool ownership.

Key Initiatives

There is no public evidence of a formal 'Security Champions' program at GlobalLogic, though security awareness is spread through 'Security tournaments' and an 'Internal Security Bug Bounty'. Their 'Shift Left' approach integrates 'security measures as a foundational element of the development process' and includes 'Threat modeling basics'. Vulnerability management intake sources include 'Dynamic application security testing (DAST)', 'Vulnerability scanning', and 'Penetration testing'. However, public statements describing triage, ticketing flows, SLA/MTTR targets, or whether AppSec assigns Jira tickets directly are not found. Secure SDLC artifacts include 'Secure Code Review' and 'Threat modeling basics'. Recent initiatives (last 6 months) include active hiring for AppSec roles, with a job posting 'Published on 19 August 2025', but no public announcements of new tooling rollouts. Gaps include no public org chart or reporting line, no public description of vulnerability triage SLAs, and no named Security Champions program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.