Architect - Application Security (SSDLC)

Job Description

Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH.