{"hiringOrganization":{"logo":"https:\/\/careers.societegenerale.com\/themes\/custom\/sg_careers\/images\/LOGO_Groupe_EN.jpg","@type":"Organization","name":"Societe Generale","sameAs":"https:\/\/careers.societegenerale.com"},"employmentType":"Permanent contract","validThrough":"2026\/04\/01","datePosted":"2026\/02\/13","title":"Lead Software Engineer (DevOps Expert) - Innovation \/ Project \/ Organization - Bangalore, India","@context":"http:\/\/schema.org\/","@type":"JobPosting","description":"Responsibilities

a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; } <\/p>

1. Vulnerability Identification & Assessment<\/strong>

• Perform vulnerability scanning\u00a0<\/li>
• Analyze and validate vulnerabilities in the context of application architecture, APIs, integrations, OS configurations, and middleware.<\/li>
• Evaluate CVSS scores, exploitability, and real\u2011world applicability to the application.<\/li>
• Prioritize application and server vulnerabilities based on ITRM policies, business criticality, and threat intelligence.<\/li><\/ul>2. Application Security Ownership<\/strong>
  • Act as the primary security owner<\/strong> for the application.<\/li>
  • Review application code, APIs, and data flows to identify security weaknesses.<\/li>
  • Enforce best practices aligned with OWASP Top 10, SANS CWE Top 25<\/strong>, and secure coding standards.<\/li>
  • Work with developers to ensure security defects are remediated as part of the SDLC.<\/li><\/ul>3. Server Patching & Compliance Management<\/strong>
    • Own the lifecycle of patching for OS, middleware, DB components, app servers, and supporting infrastructure.<\/li>
    • Collaborate with infra\/ops teams to ensure timely, accurate, and compliant patch deployments.<\/li>
    • Maintain and track patch compliance against internal ITRM standards and external regulatory requirements.<\/li>
    • Validate patches in lower environments, assess compatibility with the application, and plan patch windows to reduce downtime.<\/li>
    • Ensure all missing patches\u2014critical, high, and medium\u2014are remediated within SLA.<\/li><\/ul>4. Governance, Risk & Compliance (ITRM Alignment)<\/strong>
      • Ensure the application meets internal IT Risk Management (ITRM)<\/strong> and audit expectations.<\/li>
      • Maintain audit-ready documentation, including risk exceptions, evidence, and remediation plans.<\/li>
      • Track SLA adherence for vulnerability closure (e.g., Critical < X days, High < Y days).<\/li>
      • Support internal and external audits, providing artifacts and technical justifications.<\/li>
      • Identify and document risk exceptions where remediation is not feasible.<\/li><\/ul>5. Remediation Coordination & Technical Guidance<\/strong>
        • Interpret vulnerability findings and provide actionable remediation guidance to engineering and infra teams.<\/li>
        • Facilitate triage meetings with developers, infrastructure, and DevOps teams.<\/li>
        • Validate implemented fixes and ensure vulnerabilities are fully resolved.<\/li>
        • Track and escalate overdue vulnerabilities and patch failures.<\/li><\/ul>6. Security Monitoring & Continuous Improvement<\/strong>
          • Partner with SOC\/SIEM teams to enhance monitoring of application\/server security events.<\/li>
          • Contribute to threat modeling, baseline security controls, and hardening guides.<\/li>
          • Drive continuous improvement in vulnerability management processes, automation, and tooling.<\/li>
          • Recommend security improvements to server configurations, network controls, and application design.<\/li><\/ul>7. Incident Response & RCA<\/strong>
            • Participate in security incident investigations impacting the application or servers.<\/li>
            • Provide root cause analysis (RCA) for recurring vulnerability or patching failures.<\/li>
            • Recommend long-term fixes to eliminate systemic issues.<\/li><\/ul>Skills & Qualifications<\/strong>Technical Skills<\/strong>
              • Strong knowledge in:
                • Vulnerability scanning\u00a0<\/li>
                • Patch management\u00a0<\/li>
                • Middleware patching (WebLogic, Tomcat, IIS, Apache, Nginx)<\/li>
                • API & application security<\/li>
                • Secure configuration\/hardening (CIS Benchmarks, STIG)<\/li><\/ul><\/li>
                • Understanding of:
                  • Secure SDLC<\/li>
                  • Identity & access (OAuth2, JWT, SSO)<\/li>
                  • Encryption, certificates, network security, firewalls<\/li><\/ul><\/li>
                  • Ability to interpret:
                    • CVSS scores<\/li>
                    • CIS controls<\/li>
                    • Compliance frameworks (PCI\u2011DSS, GDPR, ISO 27001)<\/li><\/ul><\/li><\/ul><\/p>Profile required

                      a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; } <\/p>

                      • Soft Skills<\/strong>

                        • Strong problem\u2011solving and analytical skills.<\/li>
                        • Excellent communication between security, dev, and infra teams.<\/li>
                        • Ability to drive remediation across multiple stakeholders.<\/li>
                        • Detail\u2011oriented with strong risk judgement.<\/li><\/ul><\/p><\/li><\/ul>Why join us

                          We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status\u201d.<\/i><\/p>Business insight

                          At Soci\u00e9t\u00e9 G\u00e9n\u00e9rale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you\u2019re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!<\/p>

                          Still hesitating?\u00a0
                          You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.<\/p>

                          We are committed to support accelerating our Group\u2019s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.<\/p>","identifier":{"@type":"PropertyValue","name":"Recruitment Societe Generale","value":"260002WZ"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Bangalore","addressCountry":"India"}}} window.dataLayer = window.dataLayer || []; var aData = { customVarPage1: "Lead Software Engineer (DevOps Expert)", customVarPage2: "Bangalore", customVarPage3: "Permanent contract", customVarPage4: "260002WZ", customVarPage5: "SG Global Solution Centre", customVarPage6: "Innovation / Project / Organization", customVarPage7: "2026/02/13" } window.dataLayer.push(aData);

                          Back to offers

                          Lead Software Engineer (DevOps Expert)

                          Innovation / Project / Organization

                          Apply

                          Add to favorites

                          Permanent contract

                          Bangalore, India

                          Hybrid

                          Reference 260002WZ

                          Start date 2026/04/01

                          Publication date 2026/02/13

                          Responsibilities

                          a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }

                          1. Vulnerability Identification & Assessment

                          • Perform vulnerability scanning 
                          • Analyze and validate vulnerabilities in the context of application architecture, APIs, integrations, OS configurations, and middleware.
                          • Evaluate CVSS scores, exploitability, and real‑world applicability to the application.
                          • Prioritize application and server vulnerabilities based on ITRM policies, business criticality, and threat intelligence.

                          2. Application Security Ownership

                          • Act as the primary security owner for the application.
                          • Review application code, APIs, and data flows to identify security weaknesses.
                          • Enforce best practices aligned with OWASP Top 10, SANS CWE Top 25, and secure coding standards.
                          • Work with developers to ensure security defects are remediated as part of the SDLC.

                          3. Server Patching & Compliance Management

                          • Own the lifecycle of patching for OS, middleware, DB components, app servers, and supporting infrastructure.
                          • Collaborate with infra/ops teams to ensure timely, accurate, and compliant patch deployments.
                          • Maintain and track patch compliance against internal ITRM standards and external regulatory requirements.
                          • Validate patches in lower environments, assess compatibility with the application, and plan patch windows to reduce downtime.
                          • Ensure all missing patches—critical, high, and medium—are remediated within SLA.

                          4. Governance, Risk & Compliance (ITRM Alignment)

                          • Ensure the application meets internal IT Risk Management (ITRM) and audit expectations.
                          • Maintain audit-ready documentation, including risk exceptions, evidence, and remediation plans.
                          • Track SLA adherence for vulnerability closure (e.g., Critical < X days, High < Y days).
                          • Support internal and external audits, providing artifacts and technical justifications.
                          • Identify and document risk exceptions where remediation is not feasible.

                          5. Remediation Coordination & Technical Guidance

                          • Interpret vulnerability findings and provide actionable remediation guidance to engineering and infra teams.
                          • Facilitate triage meetings with developers, infrastructure, and DevOps teams.
                          • Validate implemented fixes and ensure vulnerabilities are fully resolved.
                          • Track and escalate overdue vulnerabilities and patch failures.

                          6. Security Monitoring & Continuous Improvement

                          • Partner with SOC/SIEM teams to enhance monitoring of application/server security events.
                          • Contribute to threat modeling, baseline security controls, and hardening guides.
                          • Drive continuous improvement in vulnerability management processes, automation, and tooling.
                          • Recommend security improvements to server configurations, network controls, and application design.

                          7. Incident Response & RCA

                          • Participate in security incident investigations impacting the application or servers.
                          • Provide root cause analysis (RCA) for recurring vulnerability or patching failures.
                          • Recommend long-term fixes to eliminate systemic issues.

                          Skills & QualificationsTechnical Skills

                          • Strong knowledge in:
                            • Vulnerability scanning 
                            • Patch management 
                            • Middleware patching (WebLogic, Tomcat, IIS, Apache, Nginx)
                            • API & application security
                            • Secure configuration/hardening (CIS Benchmarks, STIG)
                          • Understanding of:
                            • Secure SDLC
                            • Identity & access (OAuth2, JWT, SSO)
                            • Encryption, certificates, network security, firewalls
                          • Ability to interpret:
                            • CVSS scores
                            • CIS controls
                            • Compliance frameworks (PCI‑DSS, GDPR, ISO 27001)

                          Profile required

                          a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }

                          • Soft Skills

                            • Strong problem‑solving and analytical skills.
                            • Excellent communication between security, dev, and infra teams.
                            • Ability to drive remediation across multiple stakeholders.
                            • Detail‑oriented with strong risk judgement.

                          Why join us

                          We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

                          Business insight

                          At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

                          Still hesitating? 
                          You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

                          We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.

                          Diversity and Inclusion

                          We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

                          Share

                          Lead Software Engineer (DevOps Expert)

                          Permanent contract

                          Bangalore, India

                          Hybrid

                          Responsibilities Profile required Why join us Business insight Diversity and Inclusion

                          Apply

                          Add to favorites

                          Titre

                          Similar jobs

                          Lead Software Engineer (DevOps Expert)

                          Permanent contract

                          Bangalore, India

                          Lead Software Engineer (DevOps Expert)

                          Permanent contract

                          Bangalore, India

                          Lead Software Engineer (DB Expert)

                          Permanent contract

                          Bangalore, India

                          Titre

                          Jobs & contracts

                          Read more
                          { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Home", "item": "https://careers.societegenerale.com/en" } , { "@type": "ListItem", "position": 2, "name": "Job offers", "item": "https://careers.societegenerale.comhttps://careers.societegenerale.com/en/search" } , { "@type": "ListItem", "position": 3, "name": "Lead Software Engineer (DevOps Expert)", } ] }
                          • Home
                          • Job offers
                          • Lead Software Engineer (DevOps Expert)