Application Security - SAST

Role Purpose

The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats

• This role is responsible for providing strong security and remediation services to meet project requirements.
• Good experience in Java/ .Net and secure code review.
• Apply security best practices while designing and proposing solutions to enterprise customers.
• Solid competencies in information security processes, framework, and technologies, such as: Application Vulnerability Assessment, Penetration Testing, Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
• Good understanding of supported frameworks and cleansers functions
• Good understanding on core security mechanisms, crypto libraries, and server-side security
• Ability to understand vulnerabilities, interact and explain security risks/ impact to teams.
• Document vulnerabilities and collaborate with application team to help provide detail remediation along with code snippet.
• Experience in tools lie Fortify, Veracode
• Adopt risk-based approach to translate technology risk into actual business impacts and prioritized actions.
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact.
• Any security / technology related (Java/ .Net/ Python) certifications are a plus.
• Exposure to banking/ financial services domain is a plus.

i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives

ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture

iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs

iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology

v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions

vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps

vii. Evaluate and recommend solutions to integrate with overall technology ecosystem

viii. Tracks industry and application trends and relates these to planning current and future IT needs

2. Stakeholder coordination & audit assistance

a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations

b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security

c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements

d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers

e. Provide training to employees on issues such as spam and unwanted or malicious emails