Job Location: Chennai
Introduction:
We are seeking adynamic and forward thinking individual who is accountable for leading a
team of security professionals that are focused on Secure SDLC and Application Security engineering practices.
This individual will beaccountable for providing governance in Secure SDLC that are in alignment withthe control requirements and policies defined by the Corporate Security
team and industry best practices. This individual is required tohave broad and deep experience in defining secure design and architecture for applications globally distributed On-prem and cloud-based acrossSaaS, Web, Mobile, and API platforms.
Responsibilities:
Proficient in performing security design reviews for App development projects & providing remediation advisory to IT teams to fix design flaws.
Expert knowledge in Application Threat Modeling, and threat mitigation strategies.
Provide guidance to IT teams by reviewing application design / architecture (conceptual, logical, and physical) that document the technology components, data flows, integration, encryption, tokenization, and other key security requirements that support the Secure SDLC stage gates andcheckpoints.
Review application architectures withthe Enterprise Architecture teams and attest that the application design/architecture meets the defined security requirements and security design principles.
Develop securearchitecture/design solutions/patterns in accordance with Cognizant Corporate Security standards that can be embedded and re-used across the applicationlandscape.
Work across the project portfolioto define the application design/architectures required to achieve the securityrequirements, policies and best practices defined by the Corporate Securityteam.
Experience in implementing DevSecOps CI/CD pipeline and working with agile development projects in ensuring Secure SDLC activities are completed with rigor and effectiveness.
Expert in designing and/or reviewing security solutions for applications using Microservices architecture.
Perform risk assessments prior to application deployment to production environments in uncovering residual risks and recommending implementation of suitable compensating controls to reduce risk exposure.
Application development experience with full Software Development Lifecycle exposure
o Comprehensive knowledge in programming languages ASP.NET, C#, Javascript etc.
o Application security/software security
o Creating and delivering creative solutions to complex problems
Must have sound knowledge in application security weaknesses and vulnerabilities, remediation and mitigation techniques, and secure coding practices.
Create and maintain technical security standards, processes & policies.
Acts as a leader and advocate of securitymanagement, including coaching, training, and career development to staff.
Requirements:
Overall Experience-
3 to 10 years
Mandatory Experience-
2-3+ years of managing a team of security experts focused on
Secure SDLC and Application Security engineering practices
.
3-5+ years of increasing responsibility in performing core Secure SDLC activities, namely, secure design reviews, app architecture analysis, threat modelling, risk assessments, secure deployment reviews, etc.
2-3+ years of design & development experience of enterprise grade applications using Microsoft technology stack (.NET, SQL server, MicroServices, etc.)
Knowledgeable about the tools and strategy used to build DevSecOps CI/CD pipeline to support Secure SDLC activities for agile development projects.
Desirable Experience-
Certificationin Certified SCADA Security Architect (CSSA),Cloud Security Alliance (CSA) or Certified Secure Software LifecycleProfessional (CSSLP); Certified Information Systems Security Professional (CISSP) or CertifiedInformation Security Manager (CISM)
Experiencein designing and reviewing secure architectures, frameworks, application design patterns, and security bestpractices.
Abilityto create constructive relationships, influence, and communicate security objectives and action plans to projectteams, IT management, and senior leadership.
Experiencein researching emerging technologies and trends, standards, and products.
Abilityto lead complex, cross-functional projects and problem-solving initiatives.
Candidates who are ready to join in 30-45 days are highly preferred.
Benefits:
Exposure to new processes and technologies.
Competitive salary at par with the best in the industry.
Flexible and employee friendly environment.
What other companies call this role?
Secure SDLC Manager
Source link
