Application Security
2 months ago
JOB DESCRIPTION
Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month.
The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe.
The Cyber Security Team provides the security services that underpin Conde Nast’s security posture and enhance the organisation's security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams.
Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely.
We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years.
The candidate will ideally come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies.
The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle.
They will use their expertise to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. Additionally they will support with recommendations to shift security left such as to support us to operate in a truly dedicated DevSecOps manner.
The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these.
The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle.
Duties:
- Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities at the design stage.
- Engage regularly with development teams to discuss any security concerns relating to products or applications.
- Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation.
- Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required.
- Administer and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised.
- Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities.
- Drive security improvements and enhancements within the products and applications Conde Nast develops.
- Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security.
- Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential.
- Support with arranging third party penetration testing against key applications or services.
- Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI’s across our application portfolio.
- Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general.
- Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference.
Required Skills:
To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude;
- Minimum 5 years experience in Application Security and Engineering.
- Minimum 5 years experience in Secure Development Lifecycle
- Thorough knowledge of CI/CD and DevSecOps principles.
- Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25)
- Understanding of STRIDE, or other Threat modelling or applicable methodologies
- Experience of working in a geographically dispersed organisation with varied stakeholders.
- Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security.
- Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS)
- Experience of having worked with GitHub and GitHub actions is essential.
- Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial)
- Awareness and experience of the NIST framework and PCI-DSS Standard.
- Experience of container vulnerability scanning or securing containers.
- Experience of programming / development technologies, (this will be tested at interview)
- Experience of AWS WAF implementation and AWS services in general.
- Good communication, presentation and written language skills.
- Knowledge of development methodologies e.g. Agile
Educational Qualifications:
- BS Computer Science or similar qualification
- Application Security certifications (CEH, CASE, CSSLP or similar)
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: Application Security SpecialistRSA Security is seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for ensuring the security of our applications and services.Key Responsibilities:Perform security assessments on web applications and servicesHelp application teams...
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: RSA - Application Security EngineerJob Summary:RSA is seeking an experienced Application Security Engineer to join our team. As a key member of our security team, you will be responsible for designing and implementing secure software development practices, identifying and mitigating security risks, and collaborating with cross-functional teams to...
-
RSA Security Application Security Specialist
3 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: Application Security SpecialistRSA Security is seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for assessing the security of our web applications and services, identifying vulnerabilities, and implementing security measures to protect our systems.Key...
-
RSA Security Engineer
3 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: RSA Security Engineer - Application Security ExpertJob Summary: We are seeking a highly skilled Application Security Engineer to join our team at RSA Security. As an Application Security Engineer, you will be responsible for designing and implementing secure software development lifecycle (SDLC) processes, identifying and mitigating security...
-
RSA - Application Security Engineer
2 months ago
Bengaluru, India RSA Security Full timeRSA - Application Security Engineer (Location: Hybrid/ Remote India) RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced...
-
Senior Cybersecurity Expert
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeJob Description:RSA Security is seeking a skilled Application Security Specialist to join our team. As a key member of our security team, you will be responsible for protecting our applications and services from cyber threats.Key Responsibilities:Perform security assessments on web applications and services to identify potential vulnerabilities and...
-
Application Security
5 months ago
Bengaluru, India Skillventory Full time**Application Security**: - From 3 to 8 year(s) of experience - ₹ Not Disclosed by Recruiter - Bangalore/Bengaluruor **Roles and Responsibilities** ROLE AND RESPONSIBILITIES: - Conduct Vulnerability Assessment and Penetration Testing (VAPT) on Web Applications, Mobile - Applications - iOS and Android apps, APIs. - Conduct Manual and Automated source...
-
Principal Security Engineer
2 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: Principal Security EngineerRSA Security is looking for a highly skilled Principal Security Engineer to join our team. As a key member of our cybersecurity team, you will be responsible for designing, developing, and maintaining our flagship product, NetWitness, in the SIEM domain.ResponsibilitiesDesign, develop, and maintain features for a...
-
Staff Security Researcher
5 months ago
Bengaluru, Karnataka, India Menlo Security Full timeMenlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense. Menlo is well-funded for growth and our investors...
-
Application Security Mobile Application
2 weeks ago
Bengaluru, India NETSACH GLOBAL Full timeGreetings from Netsach - A Cyber Security Company.We are looking for Mobile & Web Application security with minimum 4 years of experience in an information security function with good background in information technology, stakeholder management and people management Minimum 3 years of experience, as a Security Engineer especially in Cloud Native...
-
Application Security
5 months ago
Bengaluru, Karnataka, India iXceed Solutions Full time**Job title**: Java security Lead **Job Location**: Bangalore **Role Type**: Permanent **Work Mode**: Hybrid (2-3 days onsite in a week) - Java, Spring, Maven, REST, SOAP Web Services - OWASP Top 10, Secure Development - Knowledge of about Snyk tools - CI/CD tools and processes like Jenkins - Basics of cloud platforms and dockerization. - Good in Core...
-
Data and Security Specialist
2 weeks ago
Bengaluru, Karnataka, India Andromeda Security Full timeJob Title: Data and Security SpecialistOverview:Andromeda Security is an early stage, top-tier Silicon Valley VC-funded multinational startup building a team in Bengaluru, India. You will have the opportunity to grow with the company and help secure enterprises from cloud security breaches. Job Responsibilities:We're looking for dreamers, coders, and hackers...
-
Application Security
5 months ago
Bengaluru, Karnataka, India Saksoft Full time**Designation **:Senior Consultant/Lead Consultant **Job Description: - We are looking for an experienced security professional who can help us develop security assessment and evaluation plans for existing or new solutions within Colt and to lead and deliver cyber risk assessments. - Based on security best practices, this individual will be expected to...
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India Condé Nast Technology Lab Full timeJob Title: Application Security SpecialistCondé Nast Technology Lab is seeking an experienced Application Security Specialist to join our team. As a key member of our Cybersecurity team, you will be responsible for ensuring the security of our applications and systems.Key Responsibilities:Collaborate with development teams to identify and mitigate security...
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India Condé Nast Technology Lab Full timeJob DescriptionCondé Nast Technology Lab is seeking a highly skilled Application Security Specialist to join our team. As a key member of our Cybersecurity team, you will be responsible for ensuring the security of our applications and systems.The successful candidate will have a strong background in application security, with experience in Secure...
-
Application Security Consultant
2 weeks ago
Bengaluru, Karnataka, India NETSACH GLOBAL Full timeJob Title: Application Security ConsultantWe are seeking a highly skilled Application Security Consultant to join our team at Netsach Global. As a key member of our security team, you will be responsible for designing and implementing secure software development lifecycle (SDLC) processes and procedures to ensure the security and integrity of our...
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India Condé Nast Technology Lab Full timeJob Title: Application Security SpecialistCondé Nast Technology Lab is seeking an experienced Application Security Specialist to join our team. As a key member of our Cyber Security team, you will be responsible for ensuring the security of our applications and systems.Key Responsibilities:Collaborate with Product, Engineering, and Global Architecture teams...
-
Application Security Specialist
4 weeks ago
Bengaluru, Karnataka, India Credit Karma Full timeJob Title: Application Security EngineerAt Credit Karma, we're on a mission to champion financial progress for everyone. As an Application Security Engineer, you'll play a critical role in ensuring the security and integrity of our applications and services.Key Responsibilities:Provide security expertise for cloud, web, and mobile projects, ensuring...
-
Application Security Specialist
1 week ago
Bengaluru, India HCLSoftware Full timeJob Description - Application SecurityExp - 6-13 YrsLocation - Noida/Bangalore/Pune/Chennai/HyderabadResponsibilitiesLead and Manage Secure Design review and Thread modelling for Applications ( On premise and SaaS based Applications)Develop and implement comprehensive security strategies to safeguard application systems.Define security best practices and...
-
Application Security Specialist
6 days ago
Bengaluru, Karnataka, India ADCI - Karnataka Full timeJob SummaryAs a Sr. Security Engineer, Application Security, you will play a key role in ensuring the security of our applications and services. You will collaborate with software development teams to identify and mitigate security risks, and provide guidance on secure software development practices.The ideal candidate will have a strong background in...