Who We Are
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips – the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world – like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
What We Offer
Location:
Bangalore,IND
You’ll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible—while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We’re committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our
benefits
.
Role Summary
We are looking for a highly motivated Senior Application Security Engineer to join our Application Security team. This role will focus on securing modern cloud-native applications, with emphasis on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS) security.
The ideal candidate will work closely with engineering, platform, and product teams to embed security into the SDLC and enable secure-by-design development practices on a scale.
Key Responsibilities
Application & API Security
Establish and mature an API security program, including tools, processes, governance, standards, and best practices
Define secure API design guidelines aligned with OWASP API Top 10 and industry standards
Evaluate and integrate API security tools into the SDLC and CI/CD pipelines
Partner with engineering teams to embed secure-by-design API patterns
Guide implementation of API authentication and authorization controls (OAuth2, OIDC, JWT, mTLS)
Infrastructure as Code (IaC) Security
Review and assess IaC templates (Terraform, ARM, CloudFormation, etc.) for security misconfigurations
Define and maintain secure IaC guardrails and policies
Integrate IaC security scanning into CI/CD pipelines
Partner with cloud and platform teams to remediate infrastructure risks early in the lifecycle
Container & Kubernetes Security
Assess container images for vulnerabilities, misconfigurations, and insecure base images
Review Kubernetes manifests, Helm charts, and deployment configurations
Advice on runtime security controls, least privilege, and workload isolation
Support adoption of container security best practices across development teams
Open-Source Software (OSS) Security
Manage open-source risk including vulnerabilities, licensing, and supply-chain threats
Support and tune SCA (Software Composition Analysis) tools
Drive remediation of vulnerable dependencies and guide teams on secure OSS usage
Contribute to OSS security governance, policies, and exception handling
Secure SDLC & Enablement
Embed security checks into CI/CD pipelines (SAST, DAST, SCA, IaC, container scans)
Provide actionable remediation guidance to developers
Create security documentation, standards, and secure coding guidelines
Deliver security awareness sessions and hands-on enablement for engineering teams
Collaboration & Reporting
Partner with AppSec peers, PSIRT, Cloud Security, and Engineering stakeholders
Track findings, risk acceptance, and remediation progress
Contribute to metrics and reporting for application security posture
Required Qualifications
4–7 years of experience in application security, product security, or secure software engineering
Strong understanding of web application and API security fundamentals
Hands-on experience with cloud-native environments (AWS, Azure, or GCP)
Practical exposure to:
API security testing and design reviews
IaC tools (Terraform, ARM, CloudFormation, etc.)
Containers and Kubernetes
Open-source dependency management
Familiarity with OWASP Top 10, OWASP API Top 10, CWE, CVSS
Experience integrating security tools into CI/CD pipelines
Ability to clearly communicate security risks and solutions to engineering teams
Preferred / Nice-to-Have Skills
Experience with AppSec tooling such as SAST, DAST, SCA, IaC scanning, container security tools
Knowledge of Zero Trust and cloud security architectures
Experience with DevSecOps practices
Exposure to AI/ML security, including risks related to:
AI-enabled applications and APIs
Model and dependency supply chain risks
Prompt injection, data leakage, and misuse scenarios
Relevant certifications (e.g., CSSLP, GWAPT, CCSP, Kubernetes security certifications)
Prior experience working with globally distributed engineering teams
Behavioral & Leadership Expectations
Demonstrates independent execution within defined security domains
Proactively identifies security gaps and drives improvements
Strong collaboration and influencing skills without direct authority
Balances security risk with business and engineering priorities
Shows ownership, accountability, and a continuous learning mindset
What Success Looks Like in This Role
Improved security posture of APIs, cloud infrastructure, containers, and OSS usage
Faster and more effective vulnerability remediation by engineering teams
Security embedded early and consistently across the SDLC
Clear, scalable security standards adopted across product teams
Additional Information
Time Type:
Full time
Employee Type:
Assignee / Regular
Travel:
Yes, 10% of the Time
Relocation Eligible:
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
