Talent.com
This job offer is not available in your country.
Senior Architect - Product Security

Senior Architect - Product Security

EnvestnetTrivandrum, KL, IN
30+ days ago
Job description

Description

Responsibilities

Define and enforce secure coding standards and best practices.

  • Perform threat modeling, security architecture reviews, and code analysis.
  • Design and implement secure CI / CD pipelines with integrated security controls.
  • Automate security testing (SAST, DAST, IAST, SCA, container scanning) in SDLC process.
  • Evaluate and integrate security tools and platforms
  • Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
  • Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.)
  • Leverage ASPM and build workflows and reports
  • Evaluate and integrate security tools and platforms
  • Implement Infrastructure as Code (IaC) security and cloud-native security controls.
  • Monitor and respond to security incidents in development and production environments.
  • Collaborate with development teams to remediate vulnerabilities and design secure applications.
  • Develop and deliver secure coding training and awareness programs.
  • Stay current with emerging threats, vulnerabilities, and security technologies.
  • Ensure compliance with industry standards (e.g., OWASP, NIST etc).

Requirements

Overall 10+ years of experience in application security, software development, or related roles.

  • 6+ years of work experience in Application security, preferably in a fintech or financial services domain
  • Strong understanding of web, mobile, API and cloud application architectures.
  • Experience of code reviewing or code contributing in Java, Java Script, .Net. C#, Python, or IaC scripting.
  • Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
  • Deep understanding of DevSecOps practices and experience in CI / CD automation for  one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
  • Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
  • Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.)
  • The experiences in building security controls for a system that follows NIST CSF and SSDF frameworks and  performing the risk-based security reviews that meet the OWASP, SOC2, GDPR requirements.
  • Ability to identify and summarize practical operational procedures, write standards or SOPs, and provide security scan reports.
  • A good understanding of full stack software development and best practices for developing software (version control, branching, automation, IaC, documentation, testing, etc.)
  • Ability to collaborate cross-functionally and communicate effectively with highly technical teams and provide written assessment reports as needed.
  • Certifications such as CSSLP, OSWE, or CEH.
    • Create a job alert for this search

    Security Architect • Trivandrum, KL, IN