APPLICATION SECURITY ASSURANCE SPECIALIST

LITIT, a joint venture between NTT DATA and Reiz Tech, is a company with deep-rooted industry know-how, dedicated to innovation within the IT sector. Its primary focus is delivering high-quality solutions in the DACH region. With a commitment to excellence, LITIT combines the best of German precision, Japanese work ethics, and Lithuanian talent to provide unparalleled IT service and support to its clients.

We are looking for an experienced Application Security Assurance Specialist to join our team and play a key role in strengthening security practices across software development and delivery environments. In this role, you will be responsible for integrating security into development lifecycles, overseeing security assurance processes, and driving the maturity of application security frameworks across complex enterprise systems. You will collaborate closely with development, DevOps, and security teams to ensure secure-by-design principles are embedded throughout the SDLC and CI/CD pipelines, while supporting organisations in managing risk effectively without compromising delivery speed.

This position is ideal for a security professional who combines strong technical expertise with strategic thinking and leadership capabilities.

• →

• Define and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standards.

• Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environments.

• Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software delivery.

• Conduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standards.

• Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post-assessment.

• Collaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocity.

• Provide expert-level recommendations on the refinement of automation processes, risk mitigation strategies, and the deployment of compensating controls where necessary.

• Evaluate emerging technologies and leverage AI-driven application security tools to optimise assurance activities.

• Partner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational priorities.

• Actively engage in the training of development teams, fostering a culture of security awareness and empowering stakeholders to implement best practices.

• Lead cross-functional teams to complete security assurance initiatives effectively.

• Generate actionable reports and presentations tailored to technical and non-technical audiences, highlighting findings, severity assessments, and remediation tracking.

• Maintain clear, auditable documentation for compliance purposes and contribute strategic insights into executive-level reviews.

• Proven experience working with application security frameworks and tools such as SAST, DAST, SCA, container security, and related technologies;

• Strong knowledge of software development lifecycle methodologies, including Agile, DevSecOps, CI/CD, and traditional models;

• Deep understanding of security standards and frameworks such as OWASP Top 10, NIST CSF, and CIS Controls;

• Experience with AWS, Azure, or GCP is highly beneficial, as the application runs in a cloud environment;

• Experience with Terraform and Git is a plus;

• Demonstrated ability to lead security assurance initiatives within complex development environments;

• Experience performing technical risk assessments and security evaluations across application ecosystems;

• Strong communication skills with the ability to engage both technical and business stakeholders.

• Willingness and readiness to travel as required by project or client needs is expected. This may include occasional domestic or international travel, sometimes on short notice.