Application Security Engineer

<div><br></div><div><strong>About the client</strong>: &nbsp;Our Client is a global technology company, home to more than 220,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services.</div><div><br></div><div><strong>Mode of working:</strong> Hybrid (3 Days from Office)</div><div><br></div><div><strong>Experience</strong>: 6 - 12 years</div><div><br></div><div><strong>Location:</strong> Noida /Bengaluru/ Pune</div><div><br></div><div><br></div><div><strong>Roles and Responsibilities:</strong></div><div><br></div><ul><li>Lead and Manage Secure Design review and Thread modelling for Applications (On premise and SaaS based Applications)</li><li>Develop and implement comprehensive security strategies to safeguard application systems.</li><li>Define security best practices and standards and Lead Secure Software Development Lifecycle best practices and standards.</li><li>Oversee security incident response and mitigation efforts, ensuring quick and efficient handling of security breaches or threats.</li><li>Conduct regular penetration testing, Red team exercise, security assessments and audits to identify vulnerabilities and implement corrective measures.</li><li>Collaborate with application stakeholders to develop security roadmaps and participate in daily standups to align security initiatives with organizational goals.</li><li>Foster a culture of continuous improvement in Application security including Development,Supply chain security and AI/ML</li><li>Experience in managing Business Continuity and Crisis management</li><li>Staying up-to-date on the latest Application security technologies, trends, and best practices.</li><li>A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).</li><li>Knowledge of security frameworks such as SANS,OWASP, NIST and ISO Framework.</li><li>Certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Architect (CCA) are preferred.</li><li>Extensive knowledge and experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF and regulatory requirements such as HIPAA, HITrust and PCI or closely related.</li><li>Understanding of industry regulatory and compliance requirements (i.e., FedRAMP, PCI-DSS, NIST, HIPAA) and skilled at interpreting the compliance and security requirements into implementable and repeatable controls.</li></ul><div><br></div><div><br></div><div>&nbsp;<strong>&nbsp;Skills and Qualification:</strong></div><div><br></div><ul><li>Threat Modelling - STRIDE</li><li>Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies including but not limited to - C#,.Net,.Net Core, Python,NodeJS,Javascript,VueJS.</li><li>Experience with OWASP Top10 or SANS Top 25</li><li>Knowledge of OAuth 2.0/OpenID Connect/ Cryptography</li><li>Knowledge of Responsible AI and ML Security.</li><li>Knowledge of Supply chain, Secure build and Container platform security.</li><li>Knowledge of Pen Testing and Vulnerability assessment platform</li><li>Knowledge of SAST/DAST/Open Source/Code quality/Code Smell management tools</li><li>AWS,Azure and GCP Native Security service awareness</li></ul>