Job
Description
Summary The role is part of Security Operations in Vulnerability Services team. The person will focus on reducing risk exposure from security vulnerabilities with major focus on solution design, architecture, and VulnSvcs products management. About the Role Job Title : Assoc. Dir. DDIT ISC VulnSvcs Location : Hyderabad The role is part of Security Operations in Vulnerability Services team. The person will focus on reducing risk exposure from security vulnerabilities with major focus on solution design, architecture, and VulnSvcs products management. Your Responsibilities Include but are not limited to: Act as a lead for security design review and threat modeling solution: o Own the design, implementation, roadmap, and operational oversight for Threat modeling solution such as IriusRisk. o Accountable for managing quality of threat modeling and architecture review performed by assessors on Novartis applications. o Continuous improvement and adoption of security by design o Lead product vendor/CSM connects to address Novartis requirements/issues. o Engineer components, templates, configurations in TM tool to enable centralized and automation of solution security design review in different SDLC methodologies. Act as a lead for managing security products owned by VulnSvcs team: o Ownership of translating VulnSvcs business requirements technically and working with cross functional teams to manage implementation. o Proactively monitor and govern engineering and support operations of the VulnSvcs solutions such as ServiceNow (SecOps), API security, Code security, IriusRisk, etc with required external/internal teams. o Drive identification of root causes to prevention recurrence of issues. Influence and drive VulnSvcs products roadmap and maturity through active engagement Collaborate with various stakeholders from security operations, architecture, cyber, and application teams to achieve goals and remediation advisory on secure design controls. Develop and maintain documentation of related process and best practices. Provide security awareness and training to teams on security practices and VulnSvcs solutions. Implement security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of solutions from technical vulnerabilities. Role Requirements 8+ years of overall working experience in information security preferably in Application Security, Secure SDLC and Security Architecture domain. At least 4+ years performing threat modeling, secure architecture review of applications. Expertise with automated or centralized threat modeling solutions such as IriusRisk Strong knowledge of OWASP, SAMM, security frameworks, application architecture principles, security risk management, API security, centralizing threat/vulnerability management, and relevant domain areas. Knowledge of secure system development, product management, and governance models for Agile/DevSecOps methods. Strong knowledge of cloud services and technologies such as AWS, Azure, SaaS applications, web services, mobile applications, SAP landscape, etc
