Senior Manager - Applications Security

Senior Manager - Application Security - DevSecOps
Job Description, Position Title, Responsibility Level:
- Senior Manager - Application Security & DevSecOPS Function
- Information Security, Data Privacy and Business Continuity Reports to AVP
- Permanent/ Temporary Permanent Span of Control
- NA Location Noida
Basic Function:
- Primarily responsible for Managing the Threats / Vulnerability posture for the organization
- Performing Web Application Penetration Testing.
- Performing API Application Penetration Testing.
- Performing Mobile Application Penetration Testing.
- Performing Thick Client Application Penetration Testing.
- Implementing, Managing & Troubleshooting Aws & Azure DevSecOps.
- Performing Code review Using fortify SCA
Essential Functions:
- To Perform Web, Mobile, Thick client, API Penetration Testing and releasing reports to stakeholders.
- To test and research for new vulnerabilities
- Risk analysis and manual assessment of vulnerabilities, Execution of internal and external penetration tests.
- Tracking Closure of Vulnerabilities.
- Performing Code Review Using fortify SCA
- Coordinate with team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS.
- Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.
- Manage new projects and initiatives related to application security as needs arise.
Primary Internal Interactions:
- Technology Function (Network, Systems, Applications, WAF etc)
- SOC / NOC
- SISRA
- Business Teams
- Enabling Functions - HR / Legal / Finance / Facilities
- Business Units
Primary External Interactions:
- Clients
- Auditors
- Security Suppliers
Organizational Relationships:
- Reports To : AVP
Supervises :
- Skills
Technical Skills
- Familiar with Fortify SCA, Web Inspect, Burp Suite, Fortify SSC and DevSecOps (Jenkins, Jira, Github enterprise, Gitlab, Fortify SCA )
- Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage.
- Process Specific Skills - Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies.
- Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile.
- Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall firm strategy.
- Passion for Security, Agile, and DevOps.
- Experience in management and definition of security in the software development lifecycle (SDLC).
- Experience in software development and SDLC in Java, Python, C#, etc.
- Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc.
- Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis).
- Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift).
- Monitor and manage deployment and support as an DevSecOps Team
- Handle all critical security incidents, advisories ad resolutions as per SLA.
- Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness.
- Improve the accessibility of security through automation, continuous integration pipelines, and other means.
- Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team.
- Point of contact for product teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps.
Soft skills (Minimum):
- Capable of managing project tasks individually and as a team
- Ability to document and explain technical details in a concise & understandable manner
- Good Oral and written communication skills
- Good Presentation & Public speaking skills
Education Requirements:
- Engineering graduate with certification in OSWE, OSCP, Azure DevSecOps, Aws DevSecops etc
- Project Management Certification such as PMI a plus.
Work Experience Requirements:
- 11-12 yrs
- 8-10 years' experience in Application Security
- 3-4 years' experience in Implementing & Managing DevSecOps
Annexure:
- Acknowledgement (acknowledge that the information contained in this document is factual and complete)