Application Security
3 months ago
JOB DESCRIPTION
Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month.
The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe.
The Cyber Security Team provides the security services that underpin Conde Nast’s security posture and enhance the organisation's security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams.
Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely.
We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years.
The candidate will ideally come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies.
The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle.
They will use their expertise to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. Additionally they will support with recommendations to shift security left such as to support us to operate in a truly dedicated DevSecOps manner.
The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these.
The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle.
Duties:
- Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities at the design stage.
- Engage regularly with development teams to discuss any security concerns relating to products or applications.
- Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation.
- Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required.
- Administer and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised.
- Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities.
- Drive security improvements and enhancements within the products and applications Conde Nast develops.
- Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security.
- Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential.
- Support with arranging third party penetration testing against key applications or services.
- Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI’s across our application portfolio.
- Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general.
- Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference.
Required Skills:
To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude;
- Minimum 5 years experience in Application Security and Engineering.
- Minimum 5 years experience in Secure Development Lifecycle
- Thorough knowledge of CI/CD and DevSecOps principles.
- Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25)
- Understanding of STRIDE, or other Threat modelling or applicable methodologies
- Experience of working in a geographically dispersed organisation with varied stakeholders.
- Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security.
- Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS)
- Experience of having worked with GitHub and GitHub actions is essential.
- Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial)
- Awareness and experience of the NIST framework and PCI-DSS Standard.
- Experience of container vulnerability scanning or securing containers.
- Experience of programming / development technologies, (this will be tested at interview)
- Experience of AWS WAF implementation and AWS services in general.
- Good communication, presentation and written language skills.
- Knowledge of development methodologies e.g. Agile
Educational Qualifications:
- BS Computer Science or similar qualification
- Application Security certifications (CEH, CASE, CSSLP or similar)
-
bangalore, India System Two Security Full timeDescriptionAs a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications. Additionally,...
-
bangalore, India System Two Security Full timeDescription As a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications....
-
bangalore, India System Two Security Full timeDescription As a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications....
-
bangalore, India System Two Security Full timeJob DescriptionSystem Two Security is looking to hire a Principal LLM Application Engineer where you will focus on leveraging and optimizing Large Language Models (LLMs) along with the implementation of advanced AI technologies. You will be working on cutting edge projects, and will utilize skills in GenAI, LLM and ML Ops to bring a better experience to...
-
bangalore, India System Two Security Full timeJob Description System Two Security is looking to hire a Principal LLM Application Engineer where you will focus on leveraging and optimizing Large Language Models (LLMs) along with the implementation of advanced AI technologies. You will be working on cutting edge projects, and will utilize skills in GenAI, LLM and ML Ops to bring a better experience to...
-
bangalore, India System Two Security Full timeJob DescriptionSystem Two Security is looking to hire a Principal LLM Application Engineer where you will focus on leveraging and optimizing Large Language Models (LLMs) along with the implementation of advanced AI technologies. You will be working on cutting edge projects, and will utilize skills in GenAI, LLM and ML Ops to bring a better experience to...
-
Application Security Specialist
2 months ago
bangalore, India HCLSoftware Full timeJob Description - Application SecurityExp - 6-13 YrsLocation - Noida/Bangalore/Pune/Chennai/HyderabadResponsibilitiesLead and Manage Secure Design review and Thread modelling for Applications ( On premise and SaaS based Applications)Develop and implement comprehensive security strategies to safeguard application systems.Define security best practices and...
-
Application Security Engineer
2 months ago
bangalore, India Wenger & Watson Full timeApplication Security EngineerWork experience - 2 to 4 yearsLocation - BangaloreSkills - API Security, API security and penetration testing.• Proven experience working with multiple customers to define scope and execute API pen testing.• Strong background in mentoring and leading teams.• In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security...
-
Application Security Specialist
2 months ago
bangalore, India HCLSoftware Full timeJob Description - Application Security Exp - 6-13 Yrs Location - Noida/Bangalore/Pune/Chennai/Hyderabad Responsibilities Lead and Manage Secure Design review and Thread modelling for Applications ( On premise and SaaS based Applications) Develop and implement comprehensive security strategies to safeguard application systems. Define security best...
-
Application Security Specialist
2 months ago
bangalore, India HCLSoftware Full timeJob Description - Application Security Exp - 6-13 YrsLocation - Noida/Bangalore/Pune/Chennai/HyderabadResponsibilities Lead and Manage Secure Design review and Thread modelling for Applications ( On premise and SaaS based Applications) Develop and implement comprehensive security strategies to safeguard application systems. Define security best practices and...
-
Application Security Engineer
2 months ago
bangalore, India Wenger & Watson Full timeApplication Security EngineerWork experience - 2 to 4 yearsLocation - BangaloreSkills - API Security, API security and penetration testing.• Proven experience working with multiple customers to define scope and execute API pen testing.• Strong background in mentoring and leading teams.• In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security...
-
Application Security Engineer
2 months ago
bangalore, India Wenger & Watson Full timeApplication Security Engineer Work experience - 2 to 4 years Location - Bangalore Skills - API Security, API security and penetration testing. • Proven experience working with multiple customers to define scope and execute API pen testing. • Strong background in mentoring and leading teams. • In-depth knowledge of OWASP Top 10 and OWASP API Top 10...
-
Application security engineer
1 month ago
Bangalore, India Zepto Full timeAbout Zepto Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative...
-
Application security analyst
2 months ago
Bangalore, India Live Connections Full timeRole - Application Security Analyst Experience - 7 + years Relevant Experience - 4+ years Work Location - Hyderabad Work Mode - Work Form Office Notice Period - Immediate to 30 days Applicants can share CV's to or Call / Whats App on 7995691110 Must Have 4+ years in Application Security SAST, DAST, Application Security, PWSAP ...
-
Application Security Analyst
2 months ago
bangalore, India Live Connections Full timeRole - Application Security AnalystExperience - 7 + yearsRelevant Experience - 4+ yearsWork Location - HyderabadWork Mode - Work Form OfficeNotice Period - Immediate to 30 daysApplicants can share CV's to or Call / WhatsApp on 7995691110Must Have4+ years in Application SecuritySAST, DAST, Application Security, PWSAPCreating CI / CD Pipelines
-
bangalore, India Ambient Security Full timeAmbient Security is an exciting new startup, looking to reduce the risk of privileged account takeovers and cyber attacks for large enterprises. The founder and CEO is a 7x cyber security entrepreneur with a track record of successful exits. Ws seeking software engineers at all levels to lead the design and implementation of innovative technologies. We are...
-
bangalore, India Elytra Security Private Limited Full timeJob Title: Security AnalystLocation: Bangalore, IndiaCompany: Elytra Security Private LimitedAbout Elytra Security Private Limited:Elytra Security Private Limited is a leading provider of innovative cybersecurity solutions, dedicated to safeguarding organizations against evolving threats in the digital landscape. We specialize in implementing robust security...
-
Application Security Analyst
2 months ago
Bangalore, India Live Connections Full timeRole - Application Security Analyst Experience - 6 + years Relevant Experience - 4+ years Work Location - Hyderabad Work Mode - Work Form Office Notice Period - Immediate to 30 days Applicants can share CV's to or Call / WhatsApp on 7995691110 Must Have 4+ years in Application Security SAST, DAST, Application Security, PWSAP ...
-
Cyber Security Analyst
2 weeks ago
Bangalore, India Elytra Security Private Limited Full timeJob Title: Security Analyst Location: Bangalore, India Company: Elytra Security Private Limited About Elytra Security Private Limited: Elytra Security Private Limited is a leading provider of innovative cybersecurity solutions, dedicated to safeguarding organizations against evolving threats in the digital landscape. We specialize in...
-
bangalore, India Andromeda Security Full timeDistributed Systems Development Engineer Summary: We are a stealth startup, top-tier silicon valley VC-funded multinational startup building a team in Bengaluru, India. You will have the opportunity to grow with the company and help secure enterprises from cloud security breaches. Job Description: Looking for dreamers, coders, hackers who want to...
