Back to Jobs
Global Cybersecurity Senior Specialist – App Assurance
Actively Reviewing
Boston Consulting Group (BCG)
Job Description
Who We Are
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
Application Assurance Governance
Education: Bachelor's degree in computer science, information security, engineering, or a related field, or equivalent practical experience.
Experience
Who You'll Work With
You will be part of BCG’s Information Security Risk Management team, working with security architects, application security specialists, cybersecurity professionals, DevSecOps partners, and engineering teams who help protect BCG’s applications and information systems.
You will collaborate closely with product owners, application developers, security champions, infrastructure teams, system owners, DAST and penetration testing teams, and technology leaders across global BCG teams. Together, you will help teams strengthen secure development practices, improve application assurance governance, mature DevSecOps practices, and build security into products and platforms from design through delivery.
Additional info
YOU'RE GOOD AT
BCG is an E - Verify Employer. Click here for more information on E-Verify.
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
Application Assurance Governance
- Support the definition, maintenance, and continuous improvement of application assurance governance processes across BCG's application and product landscape.
- Help establish secure SDLC expectations, application security standards, and control requirements for product and engineering teams.
- Partner with application developers, product owners, architects, security champions, and engineering teams to improve application security posture across the enterprise.
- Track application security risks, recurring control gaps, remediation trends, and governance exceptions across application environments.
- Maintain application security coverage data, assurance metrics, and governance records to support risk reporting and decision-making.
- Share practical observations and improvement opportunities with security architecture and application security leadership.
- Support SAST and SCA governance processes, including scan coverage, finding triage, risk prioritization, and remediation tracking.
- Partner with development teams to improve secure coding practices and reduce recurring vulnerabilities across application codebases.
- Develop, deliver, and improve application security trainings for developers, product teams, security champions, and engineering partners.
- Contribute to the security champions program by supporting enablement content, recurring knowledge-sharing, and secure development guidance.
- Guide teams on dependency risk, open-source component governance, software supply chain security, and remediation of vulnerable libraries.
- Support integration of SAST, SCA, and related security tooling into CI/CD pipelines and engineering workflows.
- Help teams interpret security findings, understand risk context, and apply practical remediation guidance without slowing delivery unnecessarily.
- Support DevSecOps initiatives that embed security controls, automation, and measurable assurance into product delivery processes.
- Identify and implement security automation opportunities across SDLC workflows, CI/CD pipelines, reporting, governance, and remediation tracking.
- Advise teams on CI/CD security, secure pipeline configuration, secrets handling, cloud-native application security, and container security.
- Provide guidance on container hardening, Kubernetes security considerations, and secure deployment patterns.
- Support secure adoption of low-code and no-code platforms by applying practical guardrails, assurance expectations, and risk-based controls.
- Collaborate with security architects, code review specialists, DevOps teams, and engineering partners to strengthen enterprise application security practices.
- Coordinate with DAST and penetration testing teams to incorporate relevant findings into broader application assurance governance and remediation activities.
- Escalate sustained remediation gaps, recurring control issues, and material application security risks through appropriate ISRM governance channels
Education: Bachelor's degree in computer science, information security, engineering, or a related field, or equivalent practical experience.
Experience
- 5+ years of experience in application security, secure engineering, DevSecOps, or cybersecurity assurance.
- Experience working in enterprise technology environments with security governance and vulnerability management processes.
- Experience partnering with product, engineering, infrastructure, and security teams to remediate application security risks.
- Experience supporting secure SDLC, SAST, SCA, DevSecOps, or application security governance activities.
- Experience contributing to developer security training, security champions programs, or secure engineering enablement initiatives.
- Strong knowledge of OWASP Top 10, AI threats, SANS Top 25, secure coding, threat modeling, and application security risk management.
- Hands-on experience with SAST and SCA tools, findings analysis, vulnerability prioritization, and remediation tracking.
- Understanding of software supply chain security, open-source dependency management, and secure build practices.
- Working knowledge of CI/CD security, DevSecOps practices, security automation, and secure engineering workflows.
- Familiarity with modern application environments, including APIs, SaaS platforms, cloud services, containers, Kubernetes, and low-code or no-code platforms.
- Knowledge of container hardening, Kubernetes security, cloud-native security patterns, and secrets management practices.
- Hands-on knowledge of DAST, penetration testing methods, and application exploitation techniques, with the ability to interpret findings and guide remediation.
- Awareness of AWS, Azure, GCP, Docker, Kubernetes, and security tooling integration across DevOps environments.
Who You'll Work With
You will be part of BCG’s Information Security Risk Management team, working with security architects, application security specialists, cybersecurity professionals, DevSecOps partners, and engineering teams who help protect BCG’s applications and information systems.
You will collaborate closely with product owners, application developers, security champions, infrastructure teams, system owners, DAST and penetration testing teams, and technology leaders across global BCG teams. Together, you will help teams strengthen secure development practices, improve application assurance governance, mature DevSecOps practices, and build security into products and platforms from design through delivery.
Additional info
YOU'RE GOOD AT
- Translating application security requirements into practical engineering guidance.
- Building trusted relationships with product and development teams while maintaining clear governance expectations.
- Explaining SAST, SCA, DevSecOps, secure coding, and application risk topics in clear business and engineering language.
- Connecting findings from SAST, SCA, DAST, penetration testing, and secure code reviews into a coherent risk picture.
- Managing priorities across governance support, tooling adoption, automation, trainings, remediation timelines, and delivery needs.
- Using structured reasoning and sound analysis to work through ambiguity.
- Sharing practical recommendations that help teams take action on security findings.
- Applying privacy-by-design and zero trust principles to application security decisions.
BCG is an E - Verify Employer. Click here for more information on E-Verify.
Required Skills
Similar Jobs
View all →
Full Stack Developer | Remote | $30 - $85/hr
NearSkill
India
REST API
Spring Boot
Adobe Illustrator
+33
Backend Developer/Engineer | Remote | $30 - $90/hr
NearSkill
India
REST API
Spring Boot
Adobe Illustrator
+23
Generative AI Engineer
Nuvo AI
Gujarat
Retrieval-Augmented Generation
Adobe Illustrator
Jupyter Notebooks
+18
Senior Full Stack Developer
INNOFarms.AI
Gurgaon
Machine Learning
REST API
Tailwind CSS
+35
Lead Product Security Engineer
Envestnet
Trivandrum
Adobe Illustrator
Java
JavaScript
+9
Share
Quick Apply
Upload your resume to apply for this position
–