Architect/Sr. Architect - Application Security

Job Description

Security Architect Application Security – SSDLC Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Responsibilities Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH. Provide service delivery inputs to PMO & other relevant systems. Develop Microservices & API security architecture. Work on DevSecOps integration and automation with DevOps team. Face internal and external audits for the scope of service delivery. Participate in security risk assessments and audits. Build-up and transfer interdisciplinary knowledge. Provide SME advice on security tool capabilities and configuration adjustments when needed to contain security incidents or block future security attacks. Troubleshooting experience with Data security and application troubleshooting. Coordinating with business and understanding their requirements regarding enhancements. Review of effectiveness of controls and preparing Risk dashboards. Participate in continual improvement and benchmarking activities. Contribute to CoE initiatives and other activities delegated by Reporting Manager or Vertical Head. Collaborate with internal and external stakeholders for timely delivery of the assigned engagements/projects. Reviewing the status of the projects and taking corrective/preventive measures as approved. Certifications ISO 27001, CISSP, CISA, CSSLP, CEH, C|ASE, CSSD, GWEB, CMWPT, GPEN, API Security Architect Location Navi Mumbai Employment Type All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent