▷ [High Salary] Director of Application Security

HCLSW seeks a Director, Head of Product & Application Security. The successful candidate will lead the end to end Product Security portfolio within HCL Software. Maintains and strengthens the risk posture across the organization through discovery and remediation of product security vulnerabilities and supply chain security. Establishes and communicates strategic vision for the programs, and ensures they align with development goals and opportunities. Leads a dynamic group of Application Security professionals worldwide, with expectations to expand team over time.

This individual is also expected to contribute to additional tasks in a cross-functional security team, especially assisting the Threat Management team; network and operating system vulnerability management; continuous monitoring and reporting; security incident handling, and participation in vendor and third-party application security reviews.

Key Responsibilities :

• Develop and execute secure software development strategy in the form of Secure SDLC for the enterprise, including policies, standards and governance
• Advance and execute a software supply chain security development strategy to include Identify security risk and vulnerabilities across client's supply chain partners as well and track implementation of corrective action plans by supply chain partners
• Identify and manage risks involved with use the of AI within products and within the development of products
• Manage Product Risk management and risk profiling
• Lead the updating of the Secure Engineering Framework.
• Manage the Vulnerability and Penetration Testing Team
• Manage relationships with multiple 3rd party penetration testing vendors
• Oversee the security portion of release management
• Manage Product Security incident response program and team
• Make data-based decisions and considers measurable metrics as part of the initiative
• Consult with Development, Operations and Product groups on technical security issues.
• Closely partner with PISOs, Development Leads to integrate security tool automation such as SAST, DAST, Container Analysis and other security tools
• Directly engage development leaders to understand their challenges, roll-up sleeves when needed and understand / address their issues at a technical level
• Lead Comprehensive Penetration Testing Activities, to include both staff and vendor relationships
• Manage Delivery of Developer Security Training

Key Skills :

Mandatory Qualifications

Desirable Certifications