Winfort services
Location
Noida | India
Job description
Senior Manager - Application Security - DevSecOpsJob Description, Position Title, Responsibility Level:- Senior Manager - Application Security & DevSecOPS Function- Information Security, Data Privacy and Business Continuity Reports to AVP- Permanent/ Temporary Permanent Span of Control- NA Location NoidaBasic Function:- Primarily responsible for Managing the Threats / Vulnerability posture for the organization- Performing Web Application Penetration Testing.- Performing API Application Penetration Testing.- Performing Mobile Application Penetration Testing.- Performing Thick Client Application Penetration Testing.- Implementing, Managing & Troubleshooting Aws & Azure DevSecOps.- Performing Code review Using fortify SCAEssential Functions:- To Perform Web, Mobile, Thick client, API Penetration Testing and releasing reports to stakeholders. - To test and research for new vulnerabilities- Risk analysis and manual assessment of vulnerabilities, Execution of internal and external penetration tests.- Tracking Closure of Vulnerabilities.- Performing Code Review Using fortify SCA- Coordinate with team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS.- Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.- Manage new projects and initiatives related to application security as needs arise.Primary Internal Interactions:- Technology Function (Network, Systems, Applications, WAF etc)- SOC / NOC- SISRA- Business Teams- Enabling Functions - HR / Legal / Finance / Facilities- Business UnitsPrimary External Interactions:- Clients- Auditors- Security SuppliersOrganizational Relationships:- Reports To : AVPSupervises : - SkillsTechnical Skills - Familiar with Fortify SCA, Web Inspect, Burp Suite, Fortify SSC and DevSecOps (Jenkins, Jira, Github enterprise, Gitlab, Fortify SCA )- Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage.- Process Specific Skills - Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies.- Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile.- Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall firm strategy.- Passion for Security, Agile, and DevOps.- Experience in management and definition of security in the software development lifecycle (SDLC).- Experience in software development and SDLC in Java, Python, C#, etc.- Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc.- Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis).- Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift).- Monitor and manage deployment and support as an DevSecOps Team- Handle all critical security incidents, advisories ad resolutions as per SLA.- Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness.- Improve the accessibility of security through automation, continuous integration pipelines, and other means.- Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team.- Point of contact for product teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps.Soft skills (Minimum):- Capable of managing project tasks individually and as a team- Ability to document and explain technical details in a concise & understandable manner- Good Oral and written communication skills- Good Presentation & Public speaking skills Education Requirements:- Engineering graduate with certification in OSWE, OSCP, Azure DevSecOps, Aws DevSecops etc- Project Management Certification such as PMI a plus.Work Experience Requirements:- 11-12 yrs- 8-10 years' experience in Application Security- 3-4 years' experience in Implementing & Managing DevSecOps Annexure: - Acknowledgement (acknowledge that the information contained in this document is factual and complete) (ref:hirist.tech)
Job tags
Salary
