Lead Engineer - Product Security

Description

Role Summary

• Responsible to ensure the implementation of security standards and compliance         practices in various SDLC phases.
• Lead and mentor the team, collaborate with onsite and offshore teams to implement       and ensure application security standards and practices.
• Perform various application security audits, tests and assessments to ensure security       compliance within SLA.

Role Description

• Review the application features and enhancement design, perform code review and provide security specific recommendations and best practices in each SDLC phase.
• Perform penetration test on web applications, identify the vulnerabilities, report security issues, suggest remediation measures and guide the development team to resolve the issue.
• Execute automated scan on web applications using various SAST and DAST tools, triage the issues, identify true positives and work with the development team for resolution.
• Collaborate with development team to review, recommend and consult on security concerns and set secure architecture standards.
• Perform security controls assessments, recommend and update application security policies and procedures to keep up with the security trends and changing internal and external requirements.
• Perform domain audits with help of OSNIT tools.
• Collaborate with clients and third parties, provide technical support for penetration tests and audit of the products.
• Review, evaluate and recommend security best practices for AWS cloud specific implementations of SDLC.
• Analyse, review and suggest new application installations, test various features and fuctionalities and collaborate with IT helpdesk team through the process of application whitelisting.
• Design and implement application and web-based security trainings across the organization.
• Develop tools to automate security testing, design and implement strategies to enhance the efficiency of security bug discovery and resolution.
• Lead and mentor the team, provide technical and non-technical guidance for their overall development.
• Lead the vulnerability management by collaborating with development leads, managers to ensure vulnerabilities are remediated within SLA.

YOE : 05 to 08