Application Security Engineer - Vulnerability Management (8-12 yrs)

Required Experience: 8-12 Yrs

Job Location: Bangalore

Role and Responsibilities:

- Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices.

- Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC).

- Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives.

- Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations.

- Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process.

- Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels.

- Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests

- Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture.

- Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders.

Requirements:

- Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM).

- Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development.

- Strong understanding of cloud and application security concepts, vulnerabilities, and attack vectors.

- Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues.

- Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics.

- Proven track record in information security vulnerability assessment, remediation, and security governance.

- Familiarity with Security Policies, Procedures, Audit, and Compliance requirements.

- Expert understanding of code syntax and semantics of at least one object-oriented programming language.

- Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests.

- Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives.

Should be very strong in:

- SAST, DAST, VAPT..