AppSec Jobs
← Back to all jobs

Birlasoft

Security Engineer / DevSecOps Engineer

Noida, Uttar Pradesh, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Birlasoft

Birlasoft Limited is a global technology company that specializes in digital transformation, focusing on Cloud, AI, Data, and enterprise solutions. Established in 1990, it is part of the CK Birla Group and employs around 12,000 professionals worldwide. The company has delivery centers in India and China, with a presence across the Americas, Asia Pacific, Europe, and the Middle East. Headquartered in Noida, India, Birlasoft emphasizes customer and people-centric values, aiming to enhance productivity for its clients. The company offers a range of IT services, consulting, and digital solutions, including digital transformation initiatives, enterprise solutions like application development and ERP, and industry-specific expertise in sectors such as manufacturing, energy, life sciences, and banking. Birlasoft reported a revenue of ₹1,755 crore (USD 213 million) for the fiscal year ending March 31, 2023, reflecting a 15% year-over-year growth. The company is recognized for its commitment to quality and innovation, holding various certifications and accolades in the technology space.

Industry

information technology & services

Employees

12,000

3436 engineers

Revenue

$629M

Website

Visit →

Security at Birlasoft

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Birlasoft's AppSec philosophy centers on ensuring secure software development and protection against application-layer attacks, which is a core component of their BSecure Framework.
  • They aim to build a security-inclusive development environment, emphasizing 'shift left' and instituting security into the development process (DevSecOps).
  • Their risk philosophy involves utilizing a risk and process management engine to aggregate, grade, and prioritize vulnerabilities at an organizational level, conducting risk assessments, gap analysis, and cyber risk quantification.
  • Stated goals include automated compliance monitoring, enhanced threat detection through AI-driven insights to reduce false positives, and faster incident response by automating processes to reduce mean time to detect and respond.

Security Team

The organizational structure and reporting lines for Birlasoft's AppSec team are not publicly available. The key public-facing leader identified is Vipin Jamwal, AVP & Global Head of Cybersecurity Practice, ICTS, who drives the development of intelligent, platform-based cybersecurity solutions. The team size estimate is not publicly available, based on a LinkedIn search. As of, there was 1 active AppSec/DevSecOps focused job posting for a Security Engineer / DevSecOps Engineer. Common skill and tool patterns from this posting include Secure SDLC, Threat Modeling (STRIDE, DREAD, PASTA), Vulnerability Management (Nessus, Qualys, OpenVAS), Application Security (OWASP Top 10, SAST, DAST, IAST, RASP), IAM, scripting (Python/Bash/Go/JavaScript), CI/CD Security, IaC Security, Container Security, Cloud Security (AWS, Azure, GCP, CSPM, CWPP), Secrets Management, Security Monitoring, Incident Response, and GRC frameworks (NIST, ISO 27001, CIS Benchmarks, SOC 2, PCI-DSS).

Key Initiatives

There is no public evidence found for a Security Champions Program. Birlasoft practices 'shift left' by instituting security into the development process (DevSecOps), implementing and embedding security practices across all phases of the software development lifecycle from design through deployment, and building a security-inclusive development environment. Their vulnerability management process includes intake from bug bounty programs and utilizes a risk and process management engine to aggregate, grade, and prioritize vulnerabilities, with a job posting mentioning conducting vulnerability assessments using tools like Nessus, Qualys, or OpenVAS and delivering remediation plans. Secure SDLC artifacts include a Secure Software Development Lifecycle (SDLC), threat modeling using frameworks like STRIDE, DREAD, or PASTA, and regular audits and penetration testing. A recent initiative (published September 2025) is the BSecure Framework, a comprehensive, AI-augmented cybersecurity service.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.