Home
Jobs

AVP / Senior Manager Application Security (SAST & SCA)

9 - 14 years

25 - 40 Lacs

Posted:1 day ago| Platform: Naukri logo

Apply

Work Mode

Hybrid

Job Type

Full Time

Job Description

Role Overview

The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively.

Key Responsibilities

1. SAST & SCA Strategy and Implementation

  • Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications.
  • Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, Black Duck) into CI/CD pipelines.
  • Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities.

2. Vulnerability Management & Risk Mitigation

  • Oversee the assessment, triage, and remediation of vulnerabilities identified through SAST & SCA scans.
  • Establish risk-based prioritization for vulnerabilities, collaborating with development teams for timely fixes.
  • Ensure compliance with industry standards (OWASP, NIST, ISO 27001, PCI-DSS) and internal security policies.

3. Collaboration & Stakeholder Management

  • Work closely with development, DevOps, and security teams to promote secure coding practices
  • Collaborate with third-party vendors for security tool management and support
  • Present vulnerability trends, remediation progress, and risk insights to senior leadership and risk committees.

4. Governance, Training & Awareness

  • Develop and enhance secure coding guidelines and best practices for development teams.
  • Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices.
  • Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs.

Qualifications & Experience

  • 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security**, with a strong focus on SAST and SCA.
  • Deep understanding of secure SDLC, DevSecOps, and CI/CD integration.
  • Hands-on experience with **SAST & SCA tools** (Fortify, Veracode, Checkmarx, Snyk, Black Duck, SonarQube, etc.)
  • Strong knowledge of **secure coding practices**, vulnerability remediation, and risk management
  • Comprehensive Experience with **programming languages** (Java, .NET, Python, JavaScript) and their security implications
  • Able to write secure code
  • Experience in **regulatory compliance** frameworks (OWASP Top 10, NIST, ISO 27001, PCI-DSS, RBI Guidelines)
  • Strong leadership and stakeholder management skills
  • Certifications preferred:** CISSP, OSWE, OSCP, CSSLP or any relevant security certification

Mock Interview

Practice Video Interview with JobPe AI

Start Job-Specific Interview
cta

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

coding practice

Enhance Your Skills

Practice coding challenges to boost your skills

Start Practicing Now
Riverforest Connections
Riverforest Connections

Technology Consulting

Chicago

RecommendedJobs for You

Mumbai Suburban, Navi Mumbai, Mumbai (All Areas)