Senior Manager, Application Security - Architect

Ready to shape the future of work?
At Genpact, we don’t just adapt to change—we drive it. AI and digital innovation are redefining industries, and we’re leading the charge. Genpact’s AI Gigafactory, our industry-first accelerator, is an example of how we’re scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies’ most complex challenges.
If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that’s shaping the future, this is your moment.
Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions – we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook.
Inviting applications for the role of Senior Manager, Application Security - Architect
In this role, candidate will be part of Genpact Application Security Team and will drive proactive security initiatives across the application lifecycle. The core responsibilities will include threat modeling, secure design reviews, and security risk mitigation consultation to help our development teams build and maintain secure applications. This role requires strong collaboration with engineering, architecture, DevOps, and product teams to identify threats early, guide on security best practices, and ensure effective remediation.

Responsibilities
Key responsibilities tagged to each attribute of roles
• Threat Modeling & Secure Design
o Lead threat modeling workshops with product owners, architects, and developers for new and existing applications.
o Identify potential security threats, attack vectors, and abuse cases during early design phases.
o Document and maintain threat models using industry standards (e.g., STRIDE, PASTA, LINDDUN).
o Integrate threat modeling into the Secure SDLC process to ensure security-by-design.
• Security Mitigation Consultation
o Provide detailed mitigation strategies and design recommendations to address identified risks.
o Advise teams on secure coding practices aligned with OWASP ASVS, OWASP Top 10, SANS CWE Top 25.
o Review and validate security controls for both custom-built applications and third-party integrations.
o Act as a security advisor during architecture reviews, ensuring controls meet corporate and regulatory requirements.
• Secure Development Lifecycle (SDLC) Support
o Collaborate with developers and QA teams to integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) into CI/CD pipelines.
o Validate remediation effectiveness through retesting and security regression testing.
o Support penetration testing activities and coordinate with vendors for remediation verification.
• Security Governance & Risk Management
o Maintain an up-to-date risk register for application security issues and track mitigation status.
o Ensure compliance with relevant frameworks (e.g., ISO 27001, NIST 800-53, PCI DSS, GDPR).
o Participate in security policy and standard updates related to application security.
• Security Awareness & Coaching
o Mentor and guide junior security analysts and developers on secure design principles.
o Conduct targeted secure coding training sessions for development teams.
o Promote a proactive security culture by embedding security checkpoints in Agile ceremonies.
Qualifications we seek in you!
Minimum Qualifications
• Education: Bachelor’s /Master’s degree in Computer Science, Cybersecurity, Information Security, or related field.
• Experience:
o Relevant years of experience in Application Security or Software Security Engineering.
o Proven track record in threat modeling and secure architecture reviews for complex applications.
Preferred Qualifications/ Skills
• Technical Skills:
o Strong knowledge of Web, API, mobile, and cloud application security threats.
o Familiarity with OWASP, CWE, NIST CSF, and MITRE ATT&CK for applications.
o Hands-on experience with security testing tools (SAST, DAST, SCA, IAST, container security).
o Understanding of authentication/authorization frameworks (OAuth2.0, OIDC, SAML).
o Experience in securing applications hosted on AWS, Azure, or GCP.
• Soft Skills:
o Strong communication and presentation skills for interacting with senior stakeholders.
o Ability to translate technical risks into business impact.
o Problem-solving mindset with strong analytical skills.
Why join Genpact?
• Be a transformation leader – Work at the cutting edge of AI, automation, and digital innovation
• Make an impact – Drive change for global enterprises and solve business challenges that matter
• Accelerate your career – Get hands-on experience, mentorship, and continuous learning opportunities
• Work with the best – Join 140,000+ bold thinkers and problem-solvers who push boundaries every day
• Thrive in a values-driven culture – Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress
Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up.
Let’s build tomorrow together.
Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation.
Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training.