Talent.com
This job offer is not available in your country.
Application Security

Application Security

Vitasta Consulting Pvt Ltdbangalore, India
10 hours ago
Job description

Organisation Unit Purpose (why does the unit exist? What are the results the unit is expected to deliver?)

  • The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

Job Purpose (Why does the job exist? What is the unique contribution made by the job holder?)

Primary / General Job Purpose :

  • Encourage 'Shift Left' Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
  • Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
  • Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

    • Key Skills – Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

  • Tools and Technologies – Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

    • Experience with following Components :

    Technical Requirements

    Application Security - Assessment Skillset

    1. Web Application Security – Owasp top 10 , CVSS etc

    2. Security Code Review – manual code review in Git etc

    3. API Security Review – Open shift, container review etc.

    4. Database Security – Requirements to enhance security on Database

    5. Web Server Security – Requirements to enhance security on the web server

    6. Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.

    7. Integration review – How the application connects with different systems, performed security review on those integrations.

    8. Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

    Soft Skills :

  • Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
  • Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement "good architecture principles" to lower technical debt
  • Assertive personality; should be able to hold her / his own in a project board or work group setting
  • Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
  • Ability to work under pressure and meet tough / challenging deadlines
  • Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs,
  • Risk & Audit) of why a certain observation is a concern or not
  • Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
  • Has strong decision making, planning and time management skills.
  • Can work independently.
  • Has a positive and constructive attitude.

    • Education

    Bachelor's degree in a computer-related field such as computer science, cyber / information security discipline, physics, mathematics or similar (Essential)

  • General Information Security : OSCP, CEH, CISM / CISA or similar
  • General Cloud Security : CCSK / CCSP or similar
  • Specific Cloud Security : Azure Security or similar
  • Network Security : CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

    • Experience (Essential)

  • Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

    • Knowledge & Skills - Technical, Functional & Managerial

  • Expert at the Web Application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. (Essential)
  • Good understanding of Microservice based architecture (Technical) (Essential)
  • Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection / detection & API / Micro services Security (Essential)
  • Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST / SAST tools and building Evil Stories (Technical) (Essential)
  • The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)
  • The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. (Essential)
  • The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)
  • The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)
  • The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
  • The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
  • The Analyst / Engineer has automation skills / capability in the form of scripting or similar
  • The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures
  • Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and / or during agile ceremonies, via Evil Stories Desirable
  • The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Desirable
  • The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. Desirable
  • The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and / or residual risks based on the assessment of such reports
  • Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
  • Good negotiation skills will be desirable Desirable
  • Must have good judgment skills to decide on an exception approval
  • Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders
  • Knowledge of application of Agile methodologies / principles such as Scrum or Kanban

    • Behavioral Competencies - Thinking Related, People Related & Self Related (All Essential)

  • Influencer / Security Evangelist for the Team / Squad
  • Positive & Constructive Attitude
  • Autonomous worker / Decision Maker
  • Good listener
  • Patient & Calm during stressful situations
  • High energy individual / Motivator
  • Win-Win Attitude
  • Hacker / Defense-In-Depth mindset
  • Analytical thinking
  • Team Player / Interpersonal Skills
  • Eye for detail
  • Persistent & Persuasive
  • Organized / Structured
  • Deadline oriented
  • Competent and committed
  • People's Person; understands stakeholder management
  • Empathetic
  • Passionate about architecting smart solutions
  • Innovator / Out of the box thinker
  • Collaborative Leadership style
  • Confident Presenter All Essential

    • Other Information

  • Age – No bar
  • Nationality – No bar
  • Gender – No bar
    • Create a job alert for this search

    Application Security • bangalore, India

    Related jobs
    • Promoted
    Lead Application Security Engineer

    Lead Application Security Engineer

    InMobi AdvertisingBengaluru, Karnataka, India
    InMobi is the leading provider of content, monetization, and marketing technologies that fuel growth for industries around the world. Our end-to-end advertising software platform, connected content,...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Application Security Engineers

    Application Security Engineers

    NETSACH GLOBALbangalore, India
    Greetings from Netsach - A Cyber Security Company.We are looking for Application security Engineers (2 resources) with 8+ yrs of strong experience who would be responsible for providing technical e...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    VAPT Pentester / Web Application Security

    VAPT Pentester / Web Application Security

    NETSACH GLOBALbangalore, India
    Greetings from Netsach - A Cyber Security Company.We are looking for Web Application Security with 3 yrs of relevant experience and mandatory skills set are Web Application Security, Security Code ...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Application Security Architect

    Application Security Architect

    ResMedbangalore, India
    The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed.We are focused on application, infrastructure, and user productivity solutions, with innovat...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Pentester / Mobile Application Security

    Pentester / Mobile Application Security

    NETSACH GLOBALbangalore, India
    Greetings from Netsach - A Cyber Security Company.We are looking for Mobile Application Security with 3 yrs of relevant experience and mandatory skills set are Web and Mobile Application Security, ...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Security Analyst-WAF operation and EMail security

    Security Analyst-WAF operation and EMail security

    NTT DATA Servicesbangalore, India
    NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us.If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now....Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Penetration Tester / Application Security Analyst

    Penetration Tester / Application Security Analyst

    CGIbangalore, India
    We are seeking a skilled and detail-oriented Penetration Tester to join our cybersecurity team.This role involves performing manual security assessments across web, mobile, API, and network environ...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Application Security Lead Engineer

    Application Security Lead Engineer

    Anicalls (Pty) Ltdbangalore, India
    Create and manage bug bounty programs.Evangelize software security best practices.Perform threat modeling, architecture design reviews, and detection capabilities. Develop and implement security too...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Lead, ERP Security Analyst

    Lead, ERP Security Analyst

    Schneider Electricbangalore, India
    JD for SAP S / 4 HANA Fiori and GRC consultant : Minimum of 5-8 years of experience Candidates should have Minimum of 5 years of experience in SAP Authorizations and Security • Proficiency in SAP role ...Show moreLast updated: 10 hours ago
    • Promoted
    Security Technology Lifecycle Analyst

    Security Technology Lifecycle Analyst

    HR PLACEMENT CONSULTANTS (HRPC)Bangalore Rural, Karnataka, India
    Position - Analyst - Security Technology Lifecycle Analyst.Job Type - Full-time (Third party payroll •).The Security Technology Lifecycle Analyst plays a critical role in supporting the Corporate Se...Show moreLast updated: 21 days ago
    • Promoted
    • New!
    Cyber Security / Application

    Cyber Security / Application

    Anicalls (Pty) Ltdbangalore, India
    Strong in application security, including the ability to perform an independent security review of solution architectures and design appropriate security controls ( Application Vulnerability Assess...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    25743- Application Security L3 (5.1-7 years)-Information Security-Bangalore

    25743- Application Security L3 (5.1-7 years)-Information Security-Bangalore

    CGIbangalore, India
    Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concep...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Security Engineer, Application Security

    Security Engineer, Application Security

    ADCI - Karnatakabangalore, India
    In Amazon Stores, we ship some of the widest arrays of technology found at any company.Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction u...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Web Application Security Expert

    Web Application Security Expert

    AXA Groupbangalore, India
    Web Application Security Expert.Your role is to ensure that AXA XLs web applications are protected via the necessary security controls. This involves understanding our applications, their vulnerabil...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Security Expert-Azure

    Security Expert-Azure

    Anicalls (Pty) Ltdbangalore, India
    Azure Cloud Network & Security Design Expert.Azure Cloud Security Design SME.Project Delivery Manager with Network Security Project Management background. Azure Virtual Firewall - FirePower implemen...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Sr. Security Engineer, Application Security

    Sr. Security Engineer, Application Security

    ADCI - Karnatakabangalore, India
    In Amazon Stores, we ship some of the widest arrays of technology found at any company.As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers sa...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Secure Coding Specialist - Application Security

    Secure Coding Specialist - Application Security

    airbusbangalore, India
    Airbus is on its Digital journey and the objective is to transform the company and to prepare it for the future.This transformation includes new global governance, new ways of working and the imple...Show moreLast updated: 10 hours ago
    • Promoted
    • New!
    Implementation Engineer - Security

    Implementation Engineer - Security

    SYNNEXbangalore, India
    The Technical (Security) Engineer will be responsible for providing front line technical Professional Services which includes Implementation, Installation, Configuration, Optimization & Support for...Show moreLast updated: 10 hours ago