Senior Manager - Applications Security

Senior Manager - Application Security - DevSecOps Job Description, Position Title, Responsibility Level: - Senior Manager - Application Security & DevSecOPS Function - Information Security, Data Privacy and Business Continuity Reports to AVP - Permanent/ Temporary Permanent Span of Control - NA Location Noida Basic Function: - Primarily responsible for Managing the Threats / Vulnerability posture for the organization - Performing Web Application Penetration Testing. - Performing API Application Penetration Testing. - Performing Mobile Application Penetration Testing. - Performing Thick Client Application Penetration Testing. - Implementing, Managing & Troubleshooting Aws & Azure DevSecOps. - Performing Code review Using fortify SCA Essential Functions: - To Perform Web, Mobile, Thick client, API Penetration Testing and releasing reports to stakeholders. - To test and research for new vulnerabilities - Risk analysis and manual assessment of vulnerabilities, Execution of internal and external penetration tests. - Tracking Closure of Vulnerabilities. - Performing Code Review Using fortify SCA - Coordinate with team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS. - Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior. - Manage new projects and initiatives related to application security as needs arise. Primary Internal Interactions: - Technology Function (Network, Systems, Applications, WAF etc) - SOC / NOC - SISRA - Business Teams - Enabling Functions - HR / Legal / Finance / Facilities - Business Units Primary External Interactions: - Clients - Auditors - Security Suppliers Organizational Relationships: - Reports To : AVP Supervises : - Skills Technical Skills - Familiar with Fortify SCA, Web Inspect, Burp Suite, Fortify SSC and DevSecOps (Jenkins, Jira, Github enterprise, Gitlab, Fortify SCA ) - Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage. - Process Specific Skills - Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies. - Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile. - Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall firm strategy. - Passion for Security, Agile, and DevOps. - Experience in management and definition of security in the software development lifecycle (SDLC). - Experience in software development and SDLC in Java, Python, C#, etc. - Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc. - Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis). - Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift). - Monitor and manage deployment and support as an DevSecOps Team - Handle all critical security incidents, advisories ad resolutions as per SLA. - Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness. - Improve the accessibility of security through automation, continuous integration pipelines, and other means. - Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team. - Point of contact for product teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps. Soft skills (Minimum): - Capable of managing project tasks individually and as a team - Ability to document and explain technical details in a concise & understandable manner - Good Oral and written communication skills - Good Presentation & Public speaking skills Education Requirements: - Engineering graduate with certification in OSWE, OSCP, Azure DevSecOps, Aws DevSecops etc - Project Management Certification such as PMI a plus. Work Experience Requirements: - 11-12 yrs - 8-10 years' experience in Application Security - 3-4 years' experience in Implementing & Managing DevSecOps Annexure: - Acknowledgement (acknowledge that the information contained in this document is factual and complete) (ref:hirist.tech)

Location: Noida, IN

Posted Date: 4/24/2024