Security Architect - Application Security (8-12 yrs)

Job Description :

- Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer.

- At least 8 - 12 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm.

- Strong background of Application Security, Secure Software Development Lifecycle (SSDLC).

- Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST.

- Exposure of security tools integration in DevOps architecture.

- Exposure of Microservices security and API security.

- Exposure implementation of evaluation and implementation of Application Security & Testing tools.

- Troubleshooting and problem-solving ability including analytical thinking and strong attention to details.

- Good understanding of Application Security Standards like OWASP, SANS, NIST etc.

- Good understanding of Security by Design and Privacy by Design.

- Good understanding of compliance requirements for payment and nonpayment applications.

- Product & platform security assessment exposure is desirable.

- Understanding of Load Balancer, WAF, CDN, API Gateway,Secrets Management etc. is desired.

- Exposure of cloud application (SaaS) security solutions is desirable.

- Good understanding of encryption tools and technologies; SSL,Keys Management, HSM and PKI infrastructure and secrets management.

- Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks.

Responsibilities :

- Subject Matter Expert for Application and Product Security.

- Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cybersecurity.

- Driving SSDLC for projects from initial stage to development and implementation.

- Planning, resource allocation and tracking of SSDLC service delivery.

- Conducting Threat Modelling, Application Architecture Review,SCA, SAST, DAST & IAST- Implementation of SCA, SAST, DAST & IAST tools for application security testing.

- Continual learning and enhancement of skills and processes for service delivery.

- Provide advice on Secure coding best practices.

- Conduct Application Security related trainings for team and developers.

- Managing small team of Application Security & SSDLC.

- Provide inputs for product and platform security.

- Assess application, product and platform security as per scope of the engagement.

- Prepare application risk summary & register and trace foreclosure.

- Prepare weekly/monthly service delivery reports and review with BU Lead and VH.

- Provide service delivery inputs to PMO & other relevant systems.

- Develop Microservices & API security architecture.

- Work on DevSecOps integration and automation with DevOps team.

- Face internal and external audits for the scope of servicedelivery.

- Participate in security risk assessments and audits.

- Build-up and transfer interdisciplinary knowledge.

- Provide SME advice on security tool capabilities and configuration adjustments when needed to contain security incidents or block future security attacks.

- Troubleshooting experience with Data security and application troubleshooting.

- Coordinating with business and understanding their requirements regarding enhancements .

- Review of effectiveness of controls and preparing Risk dashboards.

- Participate in continual improvement and benchmarking activities.

- Contribute to CoE initiatives and other activities delegated by Reporting Manager or Vertical Head.

- Collaborate with internal and external stakeholders for timely delivery of the assigned engagements/projects.

- Reviewing the status of the project s and taking corrective/preventive measures as approved.

Certifications : ISO 27001, CISSP, CISA, CSSLP, CEH, C|ASE, CSSD, GWEB, CMWPT, GPEN, API Security Architect

Location : Navi Mumbai

Employment Type : All positions are on fixed term contract on a full -time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent