Job Title Senior Manager - ISG
Experience 8-10 years
Location: Kanjur Marg, Mumbai
Mandatory:
- 8-10 years of hands-on experience in Source Code Review & application security
- BSc-IT/Computers, Bachelors in Engineering or MCA.
- Certification any two of the certificate from the list such as CEH, LPT, OSCP, OSCE, CISM.
Job Description:
- Complete understanding of source code review programs and application security understanding
- Candidate should be good in understanding of application security, mobile security, api security testing and detailing, articulation of vulnerability and should be able to review and recommend on the assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
- Lead and manage the secure code review team, ensuring high standards of code security across all applications.
- Collaborate with cross-functional teams to ensure security best practices are integrated into the software development lifecycle.
- Develop and enforce policies, standards, and procedures to ensure compliance with regulatory requirements such as RBI, DPSC etc.
- Coordinate and manage internal and external audits, ensuring timely and thorough responses to audit queries and their findings.
- Knowledge of the OWASP Top 10, SANS top 25 and different security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, IDOR, clickjacking, buffer overflows, etc.
- Responsible for ensuring Appsec activities like SAST, SCA/OSA are getting completed within the defined SLAs.
- Hands on experience in SAST and SCA/OSA tools like fortify, Checkmarx, etc.
- Provide technical assistance to clarify the reported issues to the relevant teams and provide required support to resolve the issues. Explain the issues in layman language to the business teams.
- Hands on experience in SAST and SCA/OSA tools like fortify, Checkmarx, etc.
- Good to have have experience in automation of vulnerability and web scanners ( AppScan, Web inspect, Accunetix, Burp suite Pro, etc) using industry automation softwares.
- Technical knowledge of Windows and UNIX operating systems, networking, security & network devices.
- Strong knowledge of security vulnerability, risk, threat, exploitation, technical & business impact
- Experience in automation of vulnerability work to reduce manual efforts and simplify the process
- Should have knowledge to implement a risk based approach to Vulnerability Management. Good to know TVM products like Kenna Security, RiskSense etc.
- Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
- Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization.
- Should have knowledge in preparing policy, procedure, standard and guidelines for application security
- Coaching/ mentoring team members on technical/functional/ operational/ aspects and expertise relevant to security testing
- Stakeholder management Need to interact and communicate with IT, Application, Development, Business teams for VAPT work
- Should have relevant experience in a mid- large size organisation and should be leading the VM practice.
Skills required/Expertise:
- 8-10 years of proven experience in SCR management & application security
- Tools Checkmarx, Fortify,
- Proficient in written and oral English communication skills.
- Strong organizational, team-work, multi-tasking and time-management skills.
- Manage a team during project execution as needed for the smooth execution of the project.
- Experience in banking domain will be added advantage.
