Address
Form of work Work locations: Hyderabad/ Bangalore/ Mumbai/ Pune/ Gurgaon/ Kolkata/ Chennai
Job Role:
1) Diagram design & review design before hosting in client environment.
2) Understanding the cloud & on-prem technologies
3) Involved with development team & someone who can review the architecture diagram & design phase and help in embedding security from designing phase.
4) Multiple architecture meeting to understand the business function of application & come up with security recommendation.
5) Thread modelling tools evaluate the thread & identifying the threat
6) Report & recommendation, review architecture diagram & come up with security requirement in the design
7) Knowledge of application hosted in AWS or any cloud solution for proper leverage them.
8) Potential security risk & vulnerability understanding.
9) Leverage thread modelling tool- Any tool is ok
10) Deep understanding of security principle & practice & standards & framework
11) Experience 4 to 9 years for all Security Architecture.
12) Understanding Data flow diagram & access control & encryption mechanism (How data is stored, how is the flow of data etc.
13) Not Mandatory but might have to work with designing team (Application architect)
Required:
1. Minimum of 3-9 years experience in application security testing, deployment, and security management phases.
2. A strong foundation in security principles and concepts, including confidentiality, integrity, availability, authentication, authorization, encryption, and secure coding practices.
3. Proficiency in Threat Modeling methodologies and tools to identify and assess potential security threats and vulnerabilities in software and systems.
4. Deep interest in application specific vulnerabilities, infrastructure knowledge.
5. Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)
6. In-depth knowledge of Security Architecture design and best practices, including secure design patterns, access control, and data protection
7. Knowledge of cloud security frameworks (e.g., AWS Well-Architected Framework, Azure Security Benchmark) to assess and improve security measures.
8. Familiarity with security standards and frameworks, such as OWASP Top Ten, NIST Cybersecurity Framework, ISO 27001, and CIS Controls.
9. Ability to conduct risk assessments to evaluate the potential impact and likelihood of security risks and provide risk mitigation strategies.
10. Familiarity with security testing tools like vulnerability scanners, penetration testing tools, and code analysis tools.
11. Understanding of network and system architecture, protocols, and configurations to assess security at the infrastructure level.
12. Understanding of industry-specific regulations, compliance requirements, and security challenges relevant to the organization's sector (e.g., healthcare, finance, or government).
13. Awareness of the current threat landscape, emerging security threats, and attack vectors.
14. Familiarity with software development methodologies (e.g., Agile, DevOps) to integrate security into the development process.
15. Experience with performing application Threat Modeling using tools and manual techniques
16. Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk.
17. Knowledge of cloud environments and deployment solutions such as server less computing.
18. Possession of excellent oral and written communication skill.
Preferred:
1. Bachelors in computer science or other technical fields;
2. Experience in conducting security Architecture reviews and thread modeling on cloud and onprem solutions.
3. Understanding of security essentials including networking concepts, defense strategies, and current security technologies
4. Ability to research and characterize security threats to include identification and classification of application related threat indicators;
5. Must have cloud security specialization in Security any relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or Certified Information Systems Auditor (CISA), are a plus
