Staff Security Engineer II - Application Security - Confluent
Bangalore, IndiaPosted Jul 8, 2026
Apply**Introduction**
At IBM Software, we transform client challenges into solutions. Building the world’s leading AI-powered, cloud-native products that shape the future of business and society. Our legacy of innovation creates endless opportunities for IBMers to learn, grow, and make an impact on a global scale. Working in Software means joining a team fueled by curiosity and collaboration. You’ll work with diverse technologies, partners, and industries to design, develop, and deliver solutions that power digital transformation. With a culture that values innovation, growth, and continuous learning, IBM Software places you at the heart of IBM’s product and technology landscape. Here, you’ll have the tools and opportunities to advance your career while creating software that changes the world.
**Your role and responsibilities**
As a Staff Application Security Engineer at Confluent, you will join a team of security architects and engineers responsible for shaping and advancing the application security strategy across our on-premises products and cloud services. In this role, you will go beyond implementation to define the long-term security posture of our ecosystem, spanning high-scale distributed systems, on-prem deployments, and globally operated cloud platforms.
You will lead the design and evolution of application security architecture, ensuring security is embedded throughout the product lifecycle--from early design decisions to cloud deployment and ongoing operations. Acting as a strategic partner to Engineering and Product leadership, you will influence architectural direction and proactively mitigate systemic and emerging security risks.
This role plays a key part in building and sustaining a strong security culture across Engineering, Product, and the broader organization. You will architect and oversee security automation and tooling that scales security operations and enables consistent, high-quality outcomes. The ideal candidate brings deep technical expertise and sound security judgment, with a proven ability to eliminate entire classes of vulnerabilities through architecture, automation, and cross-functional leadership.
What You Will Do:
*
Partner closely with Engineering, Product, and Platform teams to identify security risks early, influence architectural decisions, and drive adoption of secure-by-design practices across the organization.
*
Define and standardize threat modeling frameworks and security design standards, and lead security design reviews for complex, distributed systems, providing actionable architectural guidance to engineers and product managers.
*
Serve as the subject matter expert (SME) for product security implementation reviews, overseeing security code reviews and API security testing while providing definitive remediation guidance.
*
Architect and drive the roadmap for security automation, building scalable software security tooling to transform product security operations and vulnerability management practices.
*
Design and lead the deployment of automation and orchestration frameworks that integrate security seamlessly into the cloud-native deployment pipeline.
*
Proactively identify new vulnerability classes, lead research initiatives and orchestrate complex table-top exercises to keep the organization ahead of the evolving threat landscape.
*
Strategically identify and deploy advanced technology controls to maximize observability and harden key attack surfaces across the ecosystem.
**Required technical and professional expertise**
*
10-12 years of hands-on Application Security experience, who can drive measurable security improvements across large-scale, distributed systems and global engineering organizations.
*
Comprehensive knowledge of security fundamentals as applied to modern web applications and cloud-native platforms including secure software design and architecture, secure coding practices, common vulnerability classes.
*
Ability to partner as a trusted peer with Engineering and Product leadership to embed security into the core architecture of the organization.
*
Ability to lead technical investigation and response to application security incidents while driving preventive improvements through architecture and automation.
*
Proven experience evolving the software development lifecycle to embed security by default, from securing CI/CD pipelines and build systems to implementing automated security guardrails in cloud-native deployment workflows. Passionate about applying AI and LLMs to automate complex security workflows, reduce manual toil, and drive measurable improvements in security outcomes.
*
Experience in Go, Python, or Java, with the ability to design and build scalable security automation frameworks.
*
Experience in leading cross-functional initiatives in distributed environments, translating security requirements into clear, executable technical roadmaps.
*
A data-driven decision-maker who can balance security requirements with business velocity and engineering trade-offs to deliver outcomes.
*
Ability to raise the organization's security bar through architectural reviews, advanced technical guidance, and the development of engineers across all levels.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.