Job
Description
Job Purpose
Information security team member (with skip level reporting to CISO) who is proficient in maintaining & managing Source Code Security and SBoM (Software Bill of Material).
Information Security tool management & governance.
Understanding of regulatory requirements.
Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Software Security.
Duties and Responsibilities
‚Minimum required Accountabilities for this role1. Secure Code Review and Vulnerability Remediation
Perform and drive regular secure code reviews for web, Android, and iOS applications to proactively identify security weaknesses.Provide actionable remediation guidance and ensure timely tracking and closure of identified code vulnerabilities.
2.
SBOM Compliance and Regulatory Alignment
Ensure the organizations Software Bill of Materials (SBOM) is accurate and compliant with industry and government regulatory standards.Support audits and compliance efforts by maintaining evidence of SBOM integrity and traceability.
3.
Cross-Functional Engagement
Work closely with technology teams, business units, and external partners to drive resolution of security issues within defined SLAs.Facilitate communication of security findings and timelines to non-technical stakeholders.
4.
Security Dashboards and Reporting
Design and maintain security scorecards and dashboards that provide clear visibility into vulnerability status, remediation progress, and risk trends.Present findings and metrics to leadership to support informed decision-making.
5.
Enterprise Threat and Vulnerability Management
Continuously track, prioritize, and communicate security threats and vulnerabilities affecting the organization.Stay updated on emerging threats and coordinate with relevant teams for timely mitigation.
‚Additional Accountabilities pertaining to the roleDevelop and maintain secure coding standards and policies.
Collaborate with developers and IT teams to ensure adherence of secure coding practices.
Discover and Mitigate Cyber Risks and exploitable vulnerabilities in the internet facing apps/assets
Work with partners in carrying out comprehensive VAPT assessment
Ethical Hacking and performing VAPT activity
Latest technology security €“ API, Microservices, RPA, IOT etc.
Maintain compliance as per organization compliance policy
Highlight risk & mitigation plan
Responsible for Reports & Technical documentation.
Should be capable to guide the team/individual on requirement basis.
Communicate effectively with stakeholders & cross function teams
Strong troubleshooting, analytical, and communication skills
Good attitude towards corporate environment.
Team player & Mentor to the team.
Key Decisions / Dimensions
Identification of right mitigation for secure code.
Review the observation and suggest alternate code fixes if primary fix is not feasible.
Discuss observation response as applicable & improve security controls.
Face applicable audits.
Major Challenges
Handling multiple stakeholders at a time
Reviewing and validating issues identified in SAST
Coordination with third party consultants who assist in auditing and compliance initiatives
Required Qualifications and Experience
a)QualificationsEngineering Graduate with 3€“5 years of total experience in DevSecOps or related application security roles.
b)Work Experience‚Hands-on experience as a Security Champion or in a similar cross-functional role, actively performing source code reviews. Strong expertise in Software Bill of Materials (SBOM) management and good understanding of third-party dependency risks are essential.
‚Familiarity with security tools such as GHAS (GitHub Advanced Security), Checkmarx, Burp Suite, OWASP ZAP, etc.
‚Strong understanding of OWASP Top 10, secure coding practices, and security testing methods.
‚Solid programming knowledge in languages such as Java, Python, Flutter, JavaScript, C#, or Go.
‚Experience with CI/CD environments and integrating security tools into pipelines.
‚Sound knowledge on IT infrastructure, Information Security concept, regulatory guidelines related to IT and cyber for NBFCs
‚Positive attitude, Hard Worker and team player ‚Excellent Communication and Leadership Skills ‚Certifications like CEH (Ethical Hacking), Azure/AWS Security, application penetration testing would be an added advantage
