Job Description

We are looking for someone with 10+ years of experience with Mobile app and Web development and Security engineering experience Role and Responsibilities: As the Senior Information Security for subsidiary , this role would report into the Group CISO. The primary focus of this role is to secure the mobile application and other software assets of subsidary. Work with existing engineering teams on securing the architecture of new features/capabilities and provide design guidance Working knowledge of mobile app security controls such as RASP (Runtime Application Self Protection). Provide Information security requirements as part of the sprint cycle. Develop technical solutions to help mitigate security vulnerabilities. Analyze vulnerabilities reported to exist on NBSL assets and Android/IOS Platform. Perform security code analysis and design reviews. Provide security and secure coding practices training to development team. Conduct research to identify new attack vectors against Android and IOS application. Security architecture review and design guidance. Qualifications: Bachelor's or master's degree in computer science, Information Security, or a related field. Skills: Strong mobile application security engineering background Must have general programming expertise and software or web development experience Proficient in Engineering custom-built Android and iOS apps Experience in authentication and encryption methods, including OAuth and Public Key Infrastructure (PKI) Ability to perform Threat modelling and risk assessment of mobile and web apps 5+ years of Web and Mobile Application Security testing Experience 2+ years of hand-on experience in DevSecOps workflows and CI/CD pipelines Deep familiarity with the OWASP Top 10 and other security concerns for web/mobile applications Good understanding of SAST, DAST, SCA Scanning practices. Scripting and Programming skills (E.g: Python, Perl, Bash, Ruby, PowerShell, react native, etc.) Hands on experience in security tools like, Burp suite, OWASP ZAP, MobSF, Frida, Checkmarx, SonarQube etc. Certifications (any two): CSSLP, eMAPT, CEH, OSWA, OSCP, CPTS, eWPTX, KCSA, GMOB, GWEB (Good to Have: OSWE, CWEE, CISSP, CKS)