Manager - VAPT & AppSec - Ahmedabad

Position Summary

The Head of Application Security (AppSec) & Vulnerability Management will be responsible for conducting security assessments and penetration testing of IT, cloud, and OT infrastructure, performing application security assessments for hosted applications, and providing DevSecOps support for new applications throughout their lifecycle. This role involves identifying potential vulnerabilities, suggesting mitigation strategies, and assisting customers and partners in implementing these strategies. Additionally, the role includes project management, service delivery, quality assurance, customer management, and maintaining relationships with vendors and technology partners.

Key General Responsibilities:

• Lead and drive the AppSec and Vulnerability Management functions, ensuring effective service delivery through project acquisition, execution, and operational support.
• Demonstrate strong leadership skills by managing departmental and functional teams, including hiring, developing, and growing team competency.
• Provide expert technical guidance to delivery teams, partners, and customers, ensuring the successful implementation of security solutions.
• Be results-oriented with the ability to think strategically and align efforts with customer needs, working backward from those needs to achieve goals.
• Oversee project management, service management, and quality assurance processes to ensure successful delivery and client satisfaction.
• Exhibit strong communication skills, with a proven ability to work cross-functionally, deliver results, and demonstrate ownership in various projects.
• Manage all aspects of people development, including hiring, talent development, performance management, succession planning, and team engagement.
• Possess excellent interpersonal skills, with the ability to influence and engage stakeholders at all levels within the organization and with external customers, partners, and vendors.
• Support sales strategies to meet revenue targets by providing pre-sales support and delivering appropriate security solutions.
• Identify and cultivate new opportunities with existing customers, ensuring high levels of customer satisfaction and retention.

Key Technical Responsibilities:

• As a technical leader, drive the future strategy for threat intelligence, security architecture reviews, vulnerability management, security configuration, DevSecOps, and application security.
• Conduct both manual and automated internal and external vulnerability assessments across IT, cloud, and OT environments.
• Perform security control and vulnerability assessments specifically within OT environments.
• Execute Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications.
• Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, Android applications, and APIs. Perform Gray Box and/or penetration testing on web, API, and mobile devices (Android).
• Complete project tasks with high quality and within deadlines. Analyze findings, draw comprehensive conclusions, and provide detailed recommendations and mitigation plans.
• Clearly communicate technical impacts and business risks to non-technical audiences after project completion.
• Provide expert advice on selecting and implementing appropriate security assessment and testing software and tools.
• Implement and manage DevSecOps practices using the Software Assurance Maturity Model (SAMM) to evaluate and enhance the security of software development processes.
• Adhere to security standards and frameworks, implementing best practices and methodologies.
• Work closely with product development teams to ensure adherence to secure coding practices.
• Educate customers, technical teams, and application developers about emerging threats, vulnerabilities, and application security, promoting a Security Champion program to raise awareness.

Qualifications

• Education:

oBachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. A master's degree or relevant certifications (e.g., CISSP, CEH, OSCP) are preferred.

• Experience:

oOver 10 years of experience in leading and managing threat and vulnerability functions, projects, and customer engagements.

o6-8 years of direct, hands-on experience in cybersecurity, including familiarity with security standards and best practices, vulnerability assessments, web application testing, network and mobile application assessments, and penetration testing.

o1-2 years of experience in enterprise security management, including security product/solution integration and security operations, with a solid understanding of network and system security concepts, standards, and best practices.

oProven track record in building, leading, and managing security teams, with experience in cybersecurity practices, application security (AppSec), threat intelligence, vulnerability management, penetration testing, and infrastructure security assessment.

oDemonstrated excellence in project management, service management, and customer relations.

oExceptional written, presentation, and verbal communication skills, essential for effective team coordination, partner support, and service discussions.

oStrong analytical abilities with a creative approach to solving complex technical problems.

oCapable of working effectively with clients, management, staff, vendors, and consultants, and interacting and collaborating with senior management, including IT, Network, Security, and C-level executives.

oAbility to remain calm and patient in high-pressure situations within a dynamic environment.

Skills and Competencies

oStrong background in network and infrastructure vulnerability assessment and penetration testing.

oComprehensive understanding of security vulnerabilities, including OWASP Top 10, enterprise security architecture, relevant standards, best practices, and frameworks.

oExtensive experience in securing web applications, APIs, Android mobile apps, and cloud environments (AWS/Azure).

oProficient in software penetration testing, architectural risk assessment, threat modeling, static code analysis, and secure code review for web applications, APIs, and Android mobile applications.

oStrong expertise in assessing web applications for security vulnerabilities using tools such as Burp Suite, OWASP ZAP, or similar.

oSkilled in evaluating the security of Android mobile applications, including reverse engineering and code analysis.

oIn-depth knowledge of cloud security best practices, with hands-on experience in AWS and Azure cloud platforms, including configuring security controls and monitoring for cloud-based threats.

oExpertise in evaluating API security, focusing on authentication, authorization, and data protection.

oExperience in web and mobile app security assessment according to OWASP standards.

oProficient in analyzing vulnerabilities in various applications using both manual and automated tools.

oFamiliarity with security practices in DevOps and CI/CD pipelines.

oExperience with Windows and Linux operating systems, with a good understanding of operating system internals and mobile OS (Android), especially in the context of app development.

oFamiliarity with common compliance requirements such as GDPR, PCI-DSS, and ISO 27001.

oExperience with OWASP Mobile Security Testing Guide and associated checklists.

oAbility to configure and utilize automated scanners for tasks such as login sequence, policy customization, and scan throttling, while effectively analyzing and managing false positives.

oSkilled in identifying vulnerabilities not detected by automated scanners through manual testing, including authentication, session management, CSRF, and business logic testing.

oUnderstanding of application workflows to identify entry points and potential vulnerabilities.

oHands-on experience with popular security tools, including NMAP, Nessus, Burp Suite, Netsparker, Metasploit, and OWASP ZAP.

oFamiliarity with Agile processes and development tools such as Jira, Confluence, Bitbucket, Git, Maven, and Jenkins.

Why Tribastion?

• Strategic Leadership: Play a pivotal role in shaping Tribastions growth strategy in one of the most competitive markets in the world.
• Career Advancement: Opportunities for professional growth within a dynamic and rapidly expanding organization.
• Innovative Environment: Contribute to a company that prioritizes excellence, innovation, and leadership in the cybersecurity industry.