Senior Security Engineer

Job Title: Senior Security EngineerDepartment: Information Security and ComplianceStatus of role: Permanent Full-time RoleSalary Range- 25 - 30 LPA MAX100% RemoteImmediate Joiners!!!!Overview of the Department/Section:The organization’s Information Security and Compliance department is responsible for building, implementing, operating, and maintaining the technology controls associated with information security.Main purpose of the role:In order to comply with various organizational policies and regulatory mandates related to Information Security/Privacy, Our client Information Security and Compliance department is in the process of implementing a new Information Security Program and Risk Management framework based on various well know information security standards and frameworks such as ISO/NIST, which includes requirements for a Secure Systems Development Lifecycle (S-SDLC). In order to effectively imbed an S-SDLC into the Satschel’s development processes, the Information Security and Compliance department requires a dedicated Application Security Risk Analyst to work hands-on with the development teams to develop, roll-out and provide oversight for a comprehensive S-SDLC program, including secure coding guidelines, architectural design reviews, static code analysis, dynamic testing, and penetration testing.As a senior security engineer , you will be expected to contribute both on an individual basis as well as a member of the Information Security and Compliance department to raise the application security posture across the organization, by developing an application security framework, including S-SDLC development, standards and guidelines for application developers, helping the development teams identify application security vulnerabilities through a combination of security assessment techniques, and disseminate specialist application security knowledge to the development communities.Key Responsibilities :• Work with various senior IT leaders and application development areas to develop and implement SSDLC Program according to the organization’s unique information security risk management, governance, risk, and compliance processes;• Provides oversight/governance of the S-SDLC Program and communicates progress and issues to the CISO, Senior Business / IT Leadership and Application Development teams;• Serves as a consultant to disseminate specialist application security knowledge to the development communities;• Researches and evaluates solutions and recommends the most efficient and cost-effective solutions for ensuring that security is built-in to all phases of the S-SDLC;• Research and assess the latest BlockChain security vulnerabilities and events• Leads demonstrations of application security tools to business and application development teams;• Responsible to integrate & manage feeds from application security tools, vulnerability scans & penetration testing tools into organization’s GRC platform;• Responsible for the implementation and maintenance of Static, Dynamic, Interactive, and API application security testing tools (such as Veracode, Checkmarx, Synopsys, and Netsparker), scanning policies, user provisioning and security strategy documents, and any other related documentation;• Initiates and develops innovative concepts to solve complex challenges in the Code Analysis Tools environment with little or no precedent; creates new opportunities to enable the use of new solutions. Provides conceptual guidance to other senior and high-level technical experts;• Hands-on experience with Static, Dynamic, Interactive, and API application security testing tools such as Veracode, IBM AppScan, Fortify, Web Inspect, Checkmarx, Synopsys, and Netsparker• Experience in testing and assessing the security of mobile applications• Experience with web services (API) architecture, security reviews, and testing.• Experience in integrating application security tools and processes in CI/CD pipelines• Coding experience with at least one of .NET, J2E, Python, C++ etc.• Knowledge of cryptographic tools and security APIs• Knowledge of microservice architecture• Knowledge of BlockChain, Smart Contracts, DApps etc.• Solid understanding of networking concepts• Solid understanding of operating system security concepts• Solid understanding of Encryption, Certificate & Key Management Services (CM, KMS, HSM etc.)• Understanding of malware, emerging threats, attacks, and vulnerability management• Experience assisting in the development and maintenance of tools, procedures, and documentationPersonal Requirements :• Required: Bachelor’s Degree from a four-year college or university in Engineering, Business Administration, Computer Science, Management Information Systems, Information Security.• Certifications Required: CPT, CEH• Certifications Optional: CISSP, AWS Certified Solutions Architect, AWS Certified Security Specialist, Google Cloud Architect, Google Cloud Security Engineer, CCSP (Certified Cloud Security Professional)

Apply Now