Application Security Engineer

Role and Responsibilities

The Application Security / DevSecOps Specialist role presents a hands on opportunity to support and scale IQVIA’s global Application Security and DevSecOps capabilities. We are deepening our DevSecOps capabilities, maturing AI security governance, and embedding security earlier into the software development lifecycle across a complex global environment — including cloud-native platforms, containerized workloads, third-party SaaS, and AI-enabled systems.
This role is for a technically strong, practitioner-level leader who can operate at the intersection of engineering and security architecture. You will not only assess and advise — you will build, automate, and drive adoption of secure-by-design practices across IQVIA’s global delivery teams.
You will sit within the global Information Security organization, collaborating closely with Security Architecture, Cloud Security, Vulnerability Management, and DevOps platform teams, as well as directly with product engineering and delivery teams across business units and regions.
 
Principal responsibilities will include:

•    Drive adoption and ownership of CI/CD security controls across product engineering teams, including tooling configuration, findings triage, pipeline onboarding, and remediation follow-through.
•    Provide follow-up support for CI/CD security requests, including assisting teams with pipeline security tooling, configuration issues, findings remediation, and onboarding to DevSecOps services.
•    Support application security assessments and security design reviews, working with delivery and architecture teams to identify risks, define mitigations, and track remediation actions.
•    Act as a security point of contact for development teams, providing consultancy and guidance on secure coding practices, SDLC requirements, and secure architecture patterns.
•    Review and assess application architectures, including cloud-native, microservices, APIs, containerized workloads, and event-driven systems, with an architectural security mindset.
•    Support cloud application deployments and architecture patterns across Microsoft Azure and Amazon AWS, focusing on secure configuration, identity, network controls, and workload security.
•    Contribute to the implementation and operationalization of DevSecOps practices, including SAST, DAST, SCA, container scanning, secret detection, and infrastructure-as-code security.
•    Develop and maintain Python scripts and automations to support security checks, data analysis, reporting, or CI/CD integrations where appropriate.
•    Support and contribute to AI Security for Development, including guidance on securing AI/ML architectures, protecting training pipelines, managing model risks, securing LLM prompt workflows, and addressing data leakage, model abuse, and agentic system risks.
•    Assist in defining and maintaining security standards, requirements, and guidance related to application security, DevSecOps, cloud development, and AI-enabled systems.
•    Collaborate closely with Security Architecture, Cloud Security, Vulnerability Management, and DevOps platform teams to ensure alignment with IQVIA security frameworks and toolsets.
•    Track, follow up, and support security findings remediation, ensuring issues identified through assessments or pipeline tools are addressed effectively by delivery teams.
•    Help promote Security by Design and Shift-Left principles, supporting teams early in design and development phases rather than late-stage security enforcement. 

Required Experience and Qualifications

•    Minimum of 6-8 years of professional experience in Application Security, DevSecOps, Software Engineering, Cloud Engineering, or related technical security roles.
•    Hands on experience with CI/CD pipelines and DevSecOps tooling, including integrating security controls into build and deployment workflows.
•    Working knowledge of application security testing techniques such as SAST, DAST, SCA, container scanning, and infrastructure as code security.
•    Experience with cloud environments (Microsoft Azure and/or Amazon AWS), including deploying and securing applications in IaaS and PaaS platforms.
•    Experience with containerized and modern application architectures, including Kubernetes, microservices, APIs, and event driven systems.
•    Practical scripting experience, preferably in Python, for automation, integrations, or security tooling support.
•    Knowledge of secure software development practices, OWASP Top 10, common application attack patterns, and secure coding principles.
•    Foundational to intermediate knowledge of AI and ML security considerations, including Agent development, model risk, data protection, pipeline security, and misuse/abuse scenarios.
•    Bachelor's degree in Computer Science, Software Engineering, Information Security, or equivalent practical experience is preferred.
•    Security or cloud certifications (such as CSSLP, GWAPT, AWS/Azure Security, CKAD/CKS, or equivalent) are preferred but not mandatory.
•    Working knowledge of security frameworks and standards such as NIST, OWASP, ISO 27001, or similar is an advantage.
•    Strong communication skills, with the ability to work directly with engineering teams and explain security concepts in a practical, delivery focused manner.

IQVIA is a leading global provider of clinical research services, commercial insights, and healthcare intelligence to the life sciences and healthcare industries. We create intelligent connections to accelerate the development and commercialization of innovative medical treatments to help improve patient outcomes and population health worldwide. Learn more at https://jobs.iqvia.com.

IQVIA is committed to integrity in our hiring process and maintains a zero tolerance policy for candidate fraud. All information and credentials submitted in your application must be truthful and complete. Any false statements, misrepresentations, or material omissions during the recruitment process will result in immediate disqualification of your application, or termination of employment if discovered later, in accordance with applicable law. We appreciate your honesty and professionalism.

At IQVIA, we believe that diversity, inclusion, and belonging empower our mission to accelerate innovation for a healthier world. We create a culture of belonging by valuing the perspectives of all talented employees worldwide and providing them with the opportunity to power smarter healthcare for everyone, everywhere. When our talented employees bring their authentic selves and their diverse experiences to work, they enable us to accomplish extraordinary things. Multifaceted thought processes spark innovation. Multi-talented collaboration harnesses innovation to deliver superior outcomes. Likewise, as part of this culture, IQVIA is committed to ensuring effective equality between women and men, integrating it as a strategic principle in its corporate and human resources policies.