Principal Information Security Consultant
Location
Hyderabad | India
Job description
Responsibilities will include:
- Evangelize security best practices within the development teams and build security expertise across the organization.
- Manage regular security reviews with the product development teams and present summary level reports to Infrastructure leadership team.
- Provide selected support to the internal Legal and Sales Proposals teams as well as occasional best practice security support to external customers in the infrastructure markets.
- Leading company efforts to gain additional security certifications.
- Research new security trend and provide recommendation to support increased security protection for our environment.
- Willing to work during Europe timings.
QUALIFICATIONS AND EXPERIENCE REQUIRED
- A completed bachelor’s degree in Computer Science, Software Engineering or related technical field is required.
- 5+ years of progressively more complex AppSec experience at a medium to large size software company.
- In-depth experience with common security tools across SAST, DAST, IAST, and Pentest vendors.
- Working knowledge of cloud security frameworks and regulations such as GDPR, NIST, ISO, CSF, and Security Breach Notification.
- Expert knowledge of OWASP Top 10 and CWE/SANS Top 25 listings as well as practical, hands-on experience with the development, testing, and remediation of software security issues a plus.
- Familiarity with agile development processes and experience integrating secure development best practices into an agile model, Microsoft SDL experience a plus.
- Software engineering experience with Microsoft and/or Java web applications, specific experience with ASP.NET, and Angular a plus.
- Should have independently managed large-scale cloud-based services deployment (including SaaS, PaaS, IaaS) and understand security challenges involved in deploying Cloud Applications and server virtualization/container orchestration technologies.
- Experience in building security reference architecture for cloud deployments and hybrid environment.
- Security Certifications such as CCSK, CCSP, CISSP, CISA, CISM or CIPP.
- Familiarity with industry standards and regulations including but not limited to ISO27034, ISO27001 and Privacy by Design/Privacy by Default.
- Strong personal ethics and understanding of ethics in Application and Information security.
- Experience with IT security vulnerabilities and IT security audit procedures.
- Excellent communication skills, both written and verbal.
The Cloud Architect will provide technical leadership for our Security Development Lifecycle of the Infrastructure Product Portfolio by establishing clear direction, a dynamic security culture, and measurable goals to continually improve our application security strategy.
This individual will integrate security processes and tools across the development organization for Surface Area, Static Code Analysis, Dynamic Code Analysis, and Penetration testing as well as execute security training programs for developers. Candidates must be able to approach application security with a pragmatic perspective of risk management and avoid purely academic thinking about software security.
In addition, this role implies a leading role in consultancy of software deployment in the cloud. The individual will be responsible to design, manage and secure data, applications, and infrastructure in the cloud.
Job tags
Salary