Security Architect - Application Security

Job Description : - Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. - At least 8 - 12 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. - Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). - Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. - Exposure of security tools integration in DevOps architecture. - Exposure of Microservices security and API security. - Exposure implementation of evaluation and implementation of Application Security & Testing tools. - Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. - Good understanding of Application Security Standards like OWASP, SANS, NIST etc. - Good understanding of Security by Design and Privacy by Design. - Good understanding of compliance requirements for payment and nonpayment applications. - Product & platform security assessment exposure is desirable. - Understanding of Load Balancer, WAF, CDN, API Gateway,Secrets Management etc. is desired. - Exposure of cloud application (SaaS) security solutions is desirable. - Good understanding of encryption tools and technologies; SSL,Keys Management, HSM and PKI infrastructure and secrets management. - Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Responsibilities : - Subject Matter Expert for Application and Product Security. - Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cybersecurity. - Driving SSDLC for projects from initial stage to development and implementation. - Planning, resource allocation and tracking of SSDLC service delivery. - Conducting Threat Modelling, Application Architecture Review,SCA, SAST, DAST & IAST- Implementation of SCA, SAST, DAST & IAST tools for application security testing. - Continual learning and enhancement of skills and processes for service delivery. - Provide advice on Secure coding best practices. - Conduct Application Security related trainings for team and developers. - Managing small team of Application Security & SSDLC. - Provide inputs for product and platform security. - Assess application, product and platform security as per scope of the engagement. - Prepare application risk summary & register and trace foreclosure. - Prepare weekly/monthly service delivery reports and review with BU Lead and VH. - Provide service delivery inputs to PMO & other relevant systems. - Develop Microservices & API security architecture. - Work on DevSecOps integration and automation with DevOps team. - Face internal and external audits for the scope of servicedelivery. - Participate in security risk assessments and audits. - Build-up and transfer interdisciplinary knowledge. - Provide SME advice on security tool capabilities and configuration adjustments when needed to contain security incidents or block future security attacks. - Troubleshooting experience with Data security and application troubleshooting. - Coordinating with business and understanding their requirements regarding enhancements . - Review of effectiveness of controls and preparing Risk dashboards. - Participate in continual improvement and benchmarking activities. - Contribute to CoE initiatives and other activities delegated by Reporting Manager or Vertical Head. - Collaborate with internal and external stakeholders for timely delivery of the assigned engagements/projects. - Reviewing the status of the project s and taking corrective/preventive measures as approved. Certifications : ISO 27001, CISSP, CISA, CSSLP, CEH, C|ASE, CSSD, GWEB, CMWPT, GPEN, API Security Architect Location : Navi Mumbai Employment Type : All positions are on fixed term contract on a full -time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent (ref:hirist.tech)

Location: navi-mumbai, IN

Posted Date: 10/21/2024