Lead Engineer - Product Security

Description

• Responsible to ensure the implementation of security standards and compliance practices in various SDLC phases.
• Lead and mentor the team, collaborate with onsite and offshore teams to implement and ensure application security standards and practices.
• Perform various application security audits, tests and assessments to ensure security complaince within SLA.

• Review the application features and enhancement design, perform code review and provide security specific recommendations and best practises in each SDLC phase.
• Perform penetration test on web applications, identify the vulnerabilities, report security issues, suggest remediation measures and guide the development team to resolve the issue.
• Execute automated scan on web applications using various SAST and DAST tools, triage the issues, identify true positives and work with the development team for resolution.
• Collaborate with development team to review, recommend and consult on security concerns and set secure architecture standards.
• Perform security controls assessments, recommend and update application security policies and procedures to keep up with the security trends and changing internal and external requirements.
• Perform domain audits with help of OSNIT tools.
• Collaborate with clients and third parties, provide technical support for penetration tests and audit of the products.
• Review, evaluate and recommend security best practices for AWS cloud specific implementations of SDLC.
• Analyse, review and suggest new application installations, test various features and fuctionalities and collaborate with IT helpdesk team through the process of application whitelisting.
• Design and implement application and web-based security trainings across the organization.
• Develop tools to automate security testing, design and implement strategies to enhance the efficiency of secuity bug discovery and resolution.
• Lead and mentor the team, provide technical and non-technical guidance for their overall development.
• Lead the vulnerabiility management by collaborating with development leads, managers to ensure vulnerabalities are remediated within SLA.

Exposure and Experience  

• Minimum 8 years experience in web application security.
• Expert knowledge in Software Development Life Cycle.
• Experience in Security Controls Assessment, Vulnerbility Management, Penetration Testing and Application   Whitelisting.
• Domain knowledge on Investment Banking/Wealth Management would be an added advantage.
• Education: BTech/ MCA