Sr. Application Security Risk Analyst
2 weeks ago
ob Title: Sr. Application Security Risk AnalystDepartment: Information Security and ComplianceJob Types: Full-time, PermanentLocation: India
Key Responsibilities: Work with various senior IT leaders and application development areas to develop and implement S-SDLC Program according to the organizations unique information security risk management, governance, risk, and compliance processes;
Provides oversight / governance of the S-SDLC Program and communicates progress and issues to the CISO, Senior Business / IT Leadership and Application Development teams;
Serves as a consultant to disseminate specialist application security knowledge to the development communities;
Researches and evaluates solutions and recommends the most efficient and cost effective solutions for ensuring that security is built-in to all phases of the S-SDLC;
Research and assess latest BlockChain security vulnerabilities and events
Leads demonstrations of application security tools to business and application development teams;
Responsible to integrate & manage feeds from application security tools, vulnerability scans & penetration testing tools into organizations GRC platform;
Responsible for the implementation and maintenance of Static, Dynamic, Interactive, and API application security testing tools (such as Veracode, Checkmarx, Synopsys, and Netsparker), scanning policies, user provisioning and security strategy documents, and any other related documentation;
Initiates and develops innovative concepts to solve complex challenges in the Code Analysis Tools environment with little or no precedent; creates new opportunities to enable the use of new solutions. Provides conceptual guidance to other senior and high-level technical experts;
Engages Veracode, Checkmarx, Synopsys, and Netsparker and/or other third-party suppliers of application security software on system defects, support issues;
Lead and manage organizations bug bounty program;
Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks; Identify vulnerabilities or weaknesses in systems;
Develop an externally-focused view of the evolving threats facing organization;
Report to management on IT system vulnerability and protection against malware and hackers;
Examine systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct;
Evaluate security policy, processes and procedures for completeness;
Assist in identifying breaches in organizations security or tracking the source of an unauthorized intrusion;
Monitor and advise on information security issues related to the systems to ensure the security controls are appropriate and operating as intended; Ensure that controls are adequate to protect sensitive information systems;
Develop and maintain security operating procedures and associated documentation;
Identify inefficiencies and make suggestions for process improvements;
Develop and implement process for regular user recertification;
Validate the removal process for application access for terminated employees;
Perform semi-annual user access and entitlement reviews across the organization;
Perform quarterly reviews and recertifications of privileged accounts;
Identify and document the various functions and processes within each application;
Develop and maintain SOD matrices for each application used within the organization along with identification of toxic combinations;
Identify any conflicting duties based on the SOD Matrix and toxic combinations and perform remediation;
Develop roles and access profiles based on the SOD in collaboration with the business users;
Identify and document list of users and mapping to various functions and processes;
Assist with internal/external audits and regulatory examinations (such as SOC, IAA (IT General Control Audits), DFS etc.) as they relate to Identity Access Management and Application Security controls and remediation of issues discovered during the control testings;
Track open audit issues to closure and reporting on status completion and progress;
Review access controls processes to identify vulnerabilities and the appropriate solutions to eliminate or minimize their potential effects;
Skills and Experience: Minimum 7-8 years of experience in application architecture and design reviews
Minimum 7-8 years of experience in application security assessment/testing experience (white box, black box, code review and forensic testing)
Knowledge of application security processes and standards including OWASP (ASVS etc.), CVSS rating, factors impacting risk rating etc.
Experience in threat modelling and application risk analysis
Experience in application privacy impact analysis
Experience in performing application decomposition and analysing security issues
Strong knowledge of designing, deploying, and maintaining security architecture in critical business applications
Experience in performing evaluation and assessment of SDLC processes and security controls
Experience in evaluating app sec processes to identify improvements and envision/develop automation within CI/CD pipelines
Experience in developing Security testing scripts and procedures
Hands on experience with Static, Dynamic, Interactive, and API application security testing tools such as Veracode, IBM AppScan, Fortify, Web Inspect, Checkmarx, Synopsys, and Netsparker
Experience in testing and assessing security of mobile applications
Experience with web services (API) architecture, security reviews and testing.
Experience in integrating application security tools and processes in CI/CD pipelines
Coding experience with at least .NET, J2E, Python, C++ etc.
Knowledge of cryptographic tools and security APIs
Knowledge of micro service architecture
Knowledge of BlockChain, Smart Contracts, DApps etc.
Solid understanding of networking concepts
Solid understanding of operating system security concepts
Solid understanding of Encryption, Certificate & Key Management Services (CM, KMS, HSM etc.)
Understanding of malware, emerging threats, attacks, and vulnerability management
Experience assisting the development and maintenance of tools, procedure, and documentation
Personal Requirements :Required Certifications Required: CPT, CEH
Certifications Optional: CISSP, AWS Certified Solutions Architect, AWS Certified Security Specialist, Google Cloud Architect, Google Cloud Security Engineer, CCSP (Certified Cloud Security Professional)
-
Sr. Application Security Risk Analyst
2 weeks ago
Delhi, Delhi, India Qlotech Full timeob Title: Sr. Application Security Risk AnalystDepartment: Information Security and ComplianceJob Types: Full-time, PermanentLocation: IndiaKey Responsibilities: Work with various senior IT leaders and application development areas to develop and implement S-SDLC Program according to the organizations unique information security risk management, governance,...
-
Junior Geo-Political Risk Analyst
3 weeks ago
Delhi, Delhi, India MAX Security Full timeCompany Profile:Max is Global Risk Management organization based out in Tel Aviv, Israel and its APAC HQ is based out of Mumbai. Led by veterans from Israeli Military Special Forces, Intelligence, Cyber and Secret Services we operate in 160 countries across the globe. We have capabilities in every continent across the world and carry the experience of 25 +...
-
Application Security Manager
3 weeks ago
Delhi, Delhi, India TAC Security Full timeWe are seeking a highly skilled Application Security Manager to spearhead our application security initiatives. This individual will be responsible for implementing and maintaining security measures across the software development lifecycle, ensuring that our applications are resilient against emerging threats. Key Responsibilities: Lead and mentor the...
-
Security Analyst
3 weeks ago
Delhi, Delhi, India SourceHOV Full timeAbout Exela:-Exela Technologies, Inc. ("Exela") is a global business process automation ("BPA") leader combining industry-leading enterprise software and services with decades of experience. Our BPA suite of solutions are deployed across banking, healthcare, insurance and other industries to support mission critical environments. Exela is a leader in...
-
Risk Analyst
2 weeks ago
Delhi, Delhi, India Wizard Analytics Full timeAbout Wizard AnalyticsAt Wizard Analytics, we specialize in developing cutting-edge tools and solutions to help organizations make smarter decisions through data. Our platforms streamline complex workflows, empower businesses with insights, and enhance operational efficiency. Join us as aRisk Analystand be part of a team that's revolutionizing the analytics...
-
Analyst/ Sr Analyst
2 weeks ago
Delhi, Delhi, India Hero Vired Full timeAbout Us:Are you ready to be part of an exhilarating journey with an innovative, high-growth startup backed by the prestigious Hero Group, one of the nation's largest and most esteemed business conglomerates?Hero Vired is your opportunity to join a premium learning experience that offers cutting-edge industry programs and world-class partnerships, shaping...
-
Analyst/ Sr Analyst
1 week ago
Delhi, Delhi, India Hero Vired Full timeAbout Us:Are you ready to be part of an exhilarating journey with an innovative, high-growth startup backed by the prestigious Hero Group, one of the nation's largest and most esteemed business conglomerates?Hero Vired is your opportunity to join a premium learning experience that offers cutting-edge industry programs and world-class partnerships, shaping...
-
Analyst/ Sr Analyst
1 week ago
Delhi, Delhi, India Hero Vired Full timeAbout Us:Are you ready to be part of an exhilarating journey with an innovative, high-growth startup backed by the prestigious Hero Group, one of the nation's largest and most esteemed business conglomerates?Hero Vired is your opportunity to join a premium learning experience that offers cutting-edge industry programs and world-class partnerships, shaping...
-
Security Engineer
1 week ago
Delhi, Delhi, India TAC Security Full timeAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and networks. This...
-
Security Engineer
1 day ago
Delhi, Delhi, India TAC Security Full timeAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and networks. This...
-
Analyst/ Sr Analyst
2 weeks ago
Delhi, Delhi, India Hero Vired Full timeAbout Us:Are you ready to be part of an exhilarating journey with an innovative, high-growth startup backed by the prestigious Hero Group, one of the nation's largest and most esteemed business conglomerates? Hero Vired is your opportunity to join a premium learning experience that offers cutting-edge industry programs and world-class partnerships, shaping...
-
Analyst/ Sr Analyst
2 weeks ago
Delhi, Delhi, India Hero Vired Full timeAbout Us:Are you ready to be part of an exhilarating journey with an innovative, high-growth startup backed by the prestigious Hero Group, one of the nation's largest and most esteemed business conglomerates? Hero Vired is your opportunity to join a premium learning experience that offers cutting-edge industry programs and world-class partnerships, shaping...
-
Cyber Security Analyst
2 weeks ago
Delhi, Delhi, India East 57th Street Partners Full timeJob Title : Cybersecurity Analyst. Location : 100% Remote with Monthly Travel to Company HQ. Compensation : Based on Experience and Qualifications, Subject to Base Salary and Bonus. About East 57th Street Partners International : East 57th Street Partners International partners with companies undergoing rapid growth, providing them with the cybersecurity...
-
Cyber Security Analyst
2 weeks ago
Delhi, Delhi, India East 57th Street Partners Full timeJob Title : Cybersecurity Analyst. Location : 100% Remote with Monthly Travel to Company HQ. Compensation : Based on Experience and Qualifications, Subject to Base Salary and Bonus. About East 57th Street Partners International : East 57th Street Partners International partners with companies undergoing rapid growth, providing them with the cybersecurity...
-
Sr. Business Analyst
21 hours ago
Delhi, Delhi, India Snaphunt Full timeThe OfferJoin a global consulting firm, and work alongside top industry experts on enterprise-wide digital initiativesWork on a high-impact transformation projects for leading Oil & Gas enterprises, leveraging cutting-edge technology to drive business excellenceThe JobAs a Sr. Business Analyst, you will be working with major players in the Oil & Gas industry...
-
Application Security Engineer
3 weeks ago
Delhi, Delhi, India KMM Technologies, Inc. Full timeSenior Application Security Engineer Work Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST) Remaining hours can be worked during India daytime, but 40 hours/week had to be put in. The Senior Application Security Engineer will be responsible for identifying potential threats to the application and product infrastructure, recommending enhancements accordingly,...
-
Application Security Engineer
4 weeks ago
Delhi, Delhi, India KMM Technologies, Inc. Full timeSenior Application Security EngineerWork Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST)Remaining hours can be worked during India daytime, but 40 hours/week had to be put in.The Senior Application Security Engineer will be responsible for identifying potential threats to the application and product infrastructure, recommending enhancements accordingly, and...
-
Cyber Security Analyst
1 week ago
Delhi, Delhi, India Publicis Re:Sources Full timeRe:Sources is the backbone ofPublicis Groupe , the world's third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 5,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions...
-
Security Analyst
4 weeks ago
Delhi, Delhi, India Birlasoft Full timeJOB TITLE - Security AnalystPositions : 4 Positions.Location – Bangalore 5 days Work From OfficeShift time- WFO 5 days; Rotational shift (7.30AM to 4.30PM / 12.30PM to 9.30PM / 6.30PM to 3.30AM) ISTInterview Mode – 1st Round Face to Face interview + 2nd Round VirtualNotice Period- Immediate joiner and preferably 15 days of notice period.Gap - not beyond...
-
Sr. Analyst
1 week ago
Delhi, Delhi, India Deluxe Full timeAbout the CompanyAs the world's leading multidisciplinary service provider, Deluxe underpins the media and entertainment industry, servicing content creators and distributors including Netflix, WarnerMedia, The Walt Disney Company, Amazon, Apple, Viacom, NBCU, Google, AT&T and many others, by providing Global Content Distribution, Localization, Accessibility...
