Senior Security Architect

About Narayana Health: Narayana Health is headquartered in Bengaluru, India, and operates a network of hospitals in India and Overseas. The mission of Narayana Health is to deliver high-quality, affordable healthcare services to the broader population. The Narayana Health Group is India's leading healthcare provider and one of the largest hospital groups in the country with a network of 21 hospitals, 5 heart centers, and 19 primary care facilities. Annually, the NH group treats over 2.6 Million patients from over 78 countries covering 30+ medical specialties. The Centers of Excellence at Narayana Health help in treating Adult & Pediatric patients, with one of the largest transplant centers in India. The presence of Narayana Health spans across 17 locations in India and includes an overseas hospital in the Cayman Islands, USA. Additionally, two hospitals have international accreditation from the Joint Commission International (JCI), and 19 hospitals have domestic accreditation from the National Accreditation Board for Hospitals (NABH). About Athma: Athma is the Software Development Centre of Narayana Health, dedicated to building next-generation products for healthcare with the aim of making healthcare safe and affordable for patients. Athma's products handle over 10M transactions daily and assist 7M patients in navigating their health journeys. Athma SDC is focused on transforming healthcare through technology, making it more personalized, accessible, and effective for Indian users. Role: Senior Security Architect As a vital member of the team, the Application Security Architect at Athma will play a crucial role in fortifying the organization's application security. Responsibilities include implementing and enhancing security measures, ensuring compliance, and collaborating with cross-functional teams to safeguard products. Key Responsibilities: - Develop and integrate security measures throughout the software development life cycle. - Conduct security testing for mobile/web applications. - Work with Cybersecurity solutions, including Web and Mobile application security, and API Management. - Oversee and ensure compliance with regulatory standards and security best practices. - Provide guidance in code reviews, emphasizing secure coding practices. - Collaborate with cross-functional teams for security risk assessments, incident response, and remediation efforts. - Communicate security concepts effectively to both internal and external stakeholders. - Understand and apply knowledge of enterprise architecture, operations, and security controls. - Possess relevant certifications in application security and cybersecurity. Experience: 8 to 13 Years Required Skills: - Java-based Technologies & Spring Security: - Hands-on experience in securing applications developed using Java, focusing on frameworks like Spring, Spring Boot, and Spring Security. - In-depth knowledge of authentication, authorization, and other security functionalities provided by Spring Security. - Ability to identify and mitigate Java-specific security vulnerabilities. - Secure SDLC and Threat Modeling: - Proven experience in implementing security throughout the software development life cycle. - Ability to apply threat modeling methodologies for designing secure applications. - Security Testing: - Proficiency in conducting security testing for mobile applications and APIs. - Experience with SCA, SAST, DAST, and other relevant security testing tools. - Cyber Security Solutions: - Familiarity with Cyber Security solutions, including Web/Mobile Application Security and API Management. - Knowledge of Assessment frameworks and compliance obligations. - Compliance and Standards: - Experience in overseeing and ensuring compliance with security standards. - Implementation and maintenance of security controls to meet compliance requirements. - Code Reviews and Communication: - Ability to provide guidance in code reviews, emphasizing security best practices. - Strong communication skills to articulate complex security concepts to diverse stakeholders. - Cross-functional Collaboration: - Proven collaboration skills with cross-functional teams for security risk assessments and incident response. - Enterprise Knowledge: - Strong understanding of enterprise architecture, operations, and security controls.,