Application Security Lead

Position Overview:

The Lead - Application Security will be responsible for leading the application security program at Company, ensuring the development and deployment of secure software applications. This role will involve collaborating with development teams to integrate security into the software development lifecycle (SDLC) and implementing best practices for secure coding. The ideal candidate will have a strong background in application security, along with experience in leading and mentoring teams.

Role & responsibilities:

1. Lead the development and implementation of the application security program, including policies, standards, and procedures for secure application development.

2. Collaborate with development teams to integrate security into the SDLC, including requirements analysis, design, development, testing, and deployment phases.

3. Conduct security assessments and code reviews of applications to identify and remediate security vulnerabilities, ensuring compliance with security standards and industry best practices.

4. Define and implement security controls and mechanisms to protect against common application security threats, such as OWASP Top 10.

5. Must have hands on testing knowledge and skillset to test web, APIs, CICD, Thick application etc.

6. Provide guidance and support to development teams on secure coding practices, security frameworks, and security-related tools and technologies.

7. Lead the resolution of security incidents and vulnerabilities identified in applications, coordinating with development teams to implement timely and effective remediation.

8. Stay current with emerging threats, vulnerabilities, and security trends in application security, and make recommendations for enhancing the security posture of Axis Securities applications.

9. Collaborate with cross-functional teams, including IT, infrastructure, and compliance, to ensure alignment of application security initiatives with overall security objectives.

10. Lead and mentor a team of application security professionals, providing guidance, training, and support to enhance their skills and capabilities.

11. Periodically demonstrate progress status to CISO and Senior Management.

12. Liaison with parent company to publish Application security dashboard and related stuff.

13. Responsible to Manage, Oversight and Coordination on Application security domain related projects.

Preferred candidate profile:

• Bachelors degree in Computer Science, Information Security, or a related field; Masters degree preferred.
• At least 4- 5 years of core experience in application security roles and expected overall 7-9 years within the IS domain and team management, with a focus on secure software development practices.
• Experience conducting security assessments and code reviews using manual and automated testing tools (e.g., SAST, DAST, IAST).
• Strong understanding of web application security concepts such as including authentication, authorization, encryption, and input validation.
• Knowledge of secure coding standards and frameworks, such as OWASP, SANS etc.
• Relevant certifications such as CEH, OSCP, Certified Application Security Engineer (CASE), Certified Secure Software Lifecycle Professional (CSSLP), or equivalent, are desirable.
• Strong leadership and interpersonal skills, with the ability to effectively communicate and collaborate with technical and non-technical stakeholders.
• Excellent analytical and problem-solving skills, with a keen attention to detail.