Software Composition Analysis (SCA) Specialist

Essential Services : Role & Location fungibility

One Bank, One Team

About the role

As a Software Composition Analysis Specialist, you will play a crucial role in ensuring the integrity, security, and compliance of software components used in our projects. Your responsibilities will include identifying and mitigating vulnerabilities, ensuring adherence to licensing requirements, and promoting best practices for secure software development.

Key Responsibilities

• Component Analysis:

  Conduct thorough analysis of software components to identify vulnerabilities and potential security risks. Evaluate open source and third-party libraries for their impact on overall system security.

• License Compliance:

  Assess software components for compliance with licensing agreements. Provide guidance on licensing implications and ensure adherence to legal requirements.

• Tool Utilization:

  Utilize industry-standard Software Composition Analysis tools to identify, track, and manage software components. Stay updated on the latest SCA tools and technologies to enhance analysis capabilities.

• Collaboration:

  Work closely with development teams to communicate analysis findings and collaborate on remediation strategies. Provide guidance to ensure secure coding practices and prevent future vulnerabilities.

• Support:

  Maintain comprehensive documentation of software components, vulnerabilities, and remediation efforts. Create reports for stakeholders, including executive summaries and technical details.

Qualifications & Skills

• Educational Qualification:

  Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent.

• Certifications:

  Certified Ethical Hacker (CEH)

• Compliance:

  Knowledge of security best practices and methodologies. Familiarity with open source software and licenses.

• Technical Skills:

  Experience with Software Composition Analysis tools (e.g., WhiteSource, Kiuwan, Black Duck, Snyk, etc). Proven experience in software development and a strong understanding of various programming languages.

• Communication skills:

  Strong communication and collaboration skills. Ability to prioritize and manage multiple tasks in a dynamic environment.

About the Business Group

ICICI Banks Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.