Application Security Manager

Job Description

Seeking a skilled Vendor Assessment and Penetration Tester to join our Cyber Security team. The individual in this role will be responsible for evaluating the overall security posture of third-party vendors, conducting penetration tests on external systems, applications, and services, and ensuring compliance with security standards KEY RESPONSIBILITIES 1. Representative from Security across the organization for performing Risk Assessments for any new projects from IT/Infrastructure/Security point of view. 2. Work with the AppSec team for the Vulnerability Assessment and Penetration Testing on Web Applications, APIs, Mobile Apps and Cloud Environment. Also ensure Application Source Code is scanned as per Security Best Practices. 3. Work along with the Server & Application team for Vulnerability & Configuration Assessment, Firewall Rule Review and Baseline Standards review. 4. Work Along with endpoint and server team for Freeware and License Softwares/applications assessment and installation. 5. Collaborate with the Development Team, IT and Business Stakeholders for tracking, remediation of the open issues and bring to closure. 6. Ensure adherence to Compliance Standards such as ISO 27001, NIST, OWASP, etc. 7. Provide technical guidance and mentor ship to VAPT team. 8. Review the Security Assessment Reports, escalate and follow up with stakeholders for mitigation. 9. Understand the organizations infrastructure and perform deep dive analysis of the processes, tools & technologies and identify the associated risks. 10. Document the risks and associated controls in place (risk register). 11. Knowledge on Attack Surface Management, Breach Attack Simulation & Bitsight Monitoring. 12. Knowledge of WAF with OWASP Top 10 vulnerabilities and Virtual Patching for reducing the Risk Exposure. 13. Hands on experience on Security Tools such as Tenable Security SC, Nessus, Qualys VMDR etc. 14. Assist in other BAU activities based on the feasibility. 15. Manage Vendor Relationship and security assessments for third party applications. 16. Stay updated with emergency cybersecurity threats, exploits and security trends to enhance the security posture. MANDATORY SKILLS REQUIRED 1. Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience). 2. Proven experience in performing penetration tests and security assessments, with a strong understanding of common attack vectors. 3. Strong knowledge of web application security, network security, and common vulnerabilities (e.g., OWASP Top 10). 4. Hands-on experience with penetration testing tools (e.g., Burp Suite, Kali Linux, Metasploit, Nmap, etc.). 5. Familiarity with risk management frameworks (e.g., NIST, ISO 27001, CIS). 6. Familiar with Web Application Firewall, Incident troubleshooting and Virtual Patching. 7. Knowledge of vendor risk management processes and frameworks. 8. Understanding of cloud security, network infrastructure, and security compliance regulations. 9. Ability to analyze complex security issues and clearly communicate them to non-technical stakeholders. 10. Certifications such as OSCP, CEH, CISSP, or similar are a plus.