Role Summary Responsible to ensure the implementation of security standards and compliance practices in various SDLC phases.Lead and mentor the team, collaborate with onsite and offshore teams to implement and ensure application security standards and practices.Perform various application security audits, tests and assessments to ensure security complaince within SLA.Role DescriptionReview the application features and enhancement design, perform code review and provide security specific recommendations and best practises in each SDLC phase.Perform penetration test on web applications, identify the vulnerabilities, report security issues, suggest remediation measures and guide the development team to resolve the issue.Execute automated scan on web applications using various SAST and DAST tools, triage the issues, identify true positives and work with the development team for resolution.Collaborate with development team to review, recommend and consult on security concerns and set secure architecture standards.Perform security controls assessments, recommend and update application security policies and procedures to keep up with the security trends and changing internal and external requirements.Perform domain audits with help of OSNIT tools.Collaborate with clients and third parties, provide technical support for penetration tests and audit of the products.Review, evaluate and recommend security best practices for AWS cloud specific implementations of SDLC.Analyse, review and suggest new application installations, test various features and fuctionalities and collaborate with IT helpdesk team through the process of application whitelisting.Design and implement application and web-based security trainings across the organization.Develop tools to automate security testing, design and implement strategies to enhance the efficiency of secuity bug discovery and resolution.Lead and mentor the team, provide technical and non-technical guidance for their overall development.Lead the vulnerabiility management by collaborating with development leads, managers to ensure vulnerabalities are remediated within SLA.
Exposure and Experience
Minimum 8 years experience in web application security.Expert knowledge in Software Development Life Cycle.Experience in Security Controls Assessment, Vulnerbility Management, Penetration Testing and Application Whitelisting.Domain knowledge on Investment Banking/Wealth Management would be an added advantage.Education: BTech/ MCA