Principal Application Security Engineer; Vulnerability Management Bengaluru, Karnataka, India

Principal Application Security Engineer (Vulnerability Management) About Us

Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C‑Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.

At Diligent, we're building the future with people who think boldly and move fast. Whether you're designing systems that leverage large language models or part of a team reimaging workflows with AI, you'll help us unlock entirely new ways of working and thinking. Curiosity is in our DNA, we look for individuals willing to ask the big questions and experiment fearlessly - those who embrace change not as a challenge, but as an opportunity.

The future belongs to those who keep learning, and we are building it together. At Diligent, you’re not just building the future - you’re an agent of positive change, joining a global community on a mission to make an impact.

The Principal Application Security Engineer will be a key member of the Security group at Diligent, working in close partnership with Software Development, Site Reliability Engineering, and Product Management. This individual will serve as the technical leader and subject matter expert, driving the Application Security program with a primary focus on Vulnerability Management for Diligent’s Board management and GRC platform. The Application Security team’s mission is to support secure software development by defining and enforcing best practices, maintaining security tools and processes, and ensuring vulnerabilities are identified, prioritized, and remediated according to company standards.

The ideal candidate will have a strong background in software development, security engineering, or Dev Ops, coupled with deep security expertise and a demonstrated ability to influence and lead in dynamic global environments.

• Design, implement, and lead the Vulnerability Management program, ensuring vulnerabilities (across infrastructure and applications) are continuously identified, risk assessed, and remediated in alignment with Diligent’s Vulnerability Management Standard and timelines.
• Provide technical leadership and mentorship to application security engineers and other stakeholders involved in secure software development.
• Drive collaboration with Engineering to ensure timely application of security patches and mitigation of vulnerabilities, including clear escalation paths, exception management, and compliance reporting.
• Influence engineering practices and culture by developing and advocating secure coding standards, response runbooks, and risk-based remediation guidance.
• Serve as a primary escalation point for complex vulnerability management issues and customer or audit inquiries related to application security.
• Participate actively in risk evaluation, prioritization, remediation planning, and exception handling processes for high‑risk vulnerabilities.
• Liaising with cross‑functional partners to strengthen overall security posture.

• Bachelor’s degree in Computer Science or related discipline
• Minimum 10 years of professional experience in application design, development, and security for web and mobile applications.
• Excellent knowledge of security concepts related to Internet technologies, architectures, and protocols, as well as application software security concepts. This includes extensive experience in mitigating vulnerabilities
• Deep understanding of vulnerability management frameworks and security best practices (e.g., asset inventory, vulnerability assessment and scanning, patch management, risk/timeline evaluation, remediation, and exception handling).
• Proven experience designing, implementing, and refining vulnerability lifecycle processes, including asset inventory management, vulnerability identification, risk validation, prioritization, remediation tracking, verification, and exception handling.
• Advanced communication…