- Work with IT project community and advise on application security standard controls and best practices.
- Work closely with other IT operation groups for identifying and remediation of systems with security issues.
- Should have practical implementation knowledge to advise IT development and implementation teams on how to fix potential vulnerabilities.
- Advise senior management including business sponsors on Security risks and should be able to translate security risks to business impact.
- Review application, database and network architecture and highlight risks.
- Onboard applications into the existing Security frameworks and participate in an advisory capacity until project deployment.
- Position Qualifications:
- 1-3 years professional experience as an Application Developer.
- 8-10 years of professional experience in an information security function for a financial, insurance, pharmaceutical, or similar commercial industry preferred.
- Bachelor’s Degree in Computer Science or related field preferred.
- Perform Risk assessments for applications and underlying systems and recommend security requirements based on upstream Business requirements.
- Should have knowledge on Network and Infrastructure architecture.
- Ability to review and understand organizational security policies and incorporate into standard processes in a project.
- Expert understanding of HTTP, HTTPS, and other application layer protocols.
- Expert understanding of network layer protocols & industry best practices.
- Demonstrated proficiency in developing secure solutions developed using common development frameworks (J2EE, .NET, Spring, Struts, Hibernate, etc) and languages (Java, C#, C++, etc)
- Actively contributes to strategic security departmental planning in alignment with architectural goals.
- Strong analytical and problem solving skills.
- Excellent written, verbal communication & presentation skills.
- Should be able to work as a team player.
- CISSP Certified.
- CISM/CISA Certified
- Experience with the following:
- Web application proxies.
- Architecture Reviews.
- DB vulnerability management.
- Web Application vulnerability management.