Head of Application Security

Key Skills & Experience:Candidates with 15+ years of experience:Demonstrable experience with Vulnerability management for on prem as well as cloud infra, application security and penetration testingShould have familiarity with a variety of development and testing tools, including: BurpSuite, Kali, Nessus, Tenable, Qualys, Appsec testing tools, DevSecOps tools etcAble to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniquesFamiliarity with industry standards and regulations including PCI-DSS, IT Act, Cert-In regulations, and ISO-27001 is desired.Strong analytical & problem-solving skills with ability to translate ideas into practical implementationAbility to manage stakeholder relationships including team members, vendors and partnersExcellent communication skills with ability to present and communicate effectively with both technical and non-technical audienceJob Description:MSSP Governance & SLA ManagementPerformance Oversight: Monitor and hold the MSSP accountable for Vulnerability Management KPIs, success rate for P1/P2 incident resolution and the timely delivery of monthly remediation status reports.RACI Coordination: Act as the point of contact (Accountable/Consulted) for all vulnerability scanning, re-validation, and remediation plan development.Continuous Improvement: Review quarterly service improvement plans to reduce the /"Mean Time to Identify Vulnerabilities/" and improve /"Asset Coverage/" across the enterprise.Platform engineeringInfrastructure Ownership: Accountable for the installation, configuration, and lifecycle management (patching, upgrades, and capacity planning) of the hardware and software required for VM, AppSec, and Security Assurance programs.Vulnerability Management Engineering: Ensure the Tenable console and on-premises scanners maintain >99.9% availability.Vulnerability Management Platform updates: Synchronize platforms with OEM databases to keep vulnerability libraries and compliance frameworks (ISO, NIST, PCI-DSS, CIS) current.AppSec Tooling: Oversee the deployment and integration of Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools to provide 100% coverage of ASL’s application landscape, including containerized workloads and IaC security.Assurance Tooling: Manage and optimize automated testing tools and scripts used for Firewall Assurance (e.g., AlgoSec), Network Assurance, and AD security baselining.Security Integration: Lead the technical integration of EVM platforms with the ITSM (ManageEngine), PAM (CyberArk), SIEM (QRadar), and GRC tools to automate remediation workflows.Vulnerability Management LifecycleScanning Operations: Oversee continuous tool-based scanning for all IPs / URLs and internal / external VAPT cycles.Cloud & Hybrid Security: Lead security assessments for Cloud Platforms, including Cloud Armor, GKE clusters, and microservices.Remediation Advocacy: Work with internal IT and Application teams to prioritize and fix critical vulnerabilities, ensuring that new releases are rolled out without P0/P1 flaws.Application Security & DevSecOpsSecure SDLC: Maintain and enforce secure coding policies, standards, and checkpoints within the Software Development Life Cycle (SDLC).AppSec Testing: Oversee SAST, DAST, and Software Composition Analysis (SCA) for homegrown applications (e.g., MeraASL, ASLLink) and critical business applications like SAP.Compliance: Map all findings to industry standards such as OWASP Top 10, CWE, and CIS Benchmarks.Security Assurance & HardeningStandardization: Develop and maintain Minimum Baseline Security Standards (MBSS) for all IT assets, including Linux/Windows servers, network devices, and SaaS products like Google Workspace.Access Reviews: Monitor the effectiveness of Privilege Identity Management (CyberArk) and conduct monthly Segregation of Duties (SOD) reviews.

Apply Now