Application Security
1 month ago
JOB DESCRIPTION
Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month.
The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe.
The Cyber Security Team provides the security services that underpin Conde Nast’s security posture and enhance the organisation's security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams.
Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely.
We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years.
The candidate will ideally come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies.
The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle.
They will use their expertise to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. Additionally they will support with recommendations to shift security left such as to support us to operate in a truly dedicated DevSecOps manner.
The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these.
The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle.
Duties:
Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities at the design stage.
Engage regularly with development teams to discuss any security concerns relating to products or applications.
Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation.
Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required.
Administer and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised.
Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities.
Drive security improvements and enhancements within the products and applications Conde Nast develops.
Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security.
Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential.
Support with arranging third party penetration testing against key applications or services.
Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI’s across our application portfolio.
Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general.
Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference.
Required Skills:
To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude;
Minimum 5 years experience in Application Security and Engineering.
Minimum 5 years experience in Secure Development Lifecycle
Thorough knowledge of CI/CD and DevSecOps principles.
Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25)
Understanding of STRIDE, or other Threat modelling or applicable methodologies
Experience of working in a geographically dispersed organisation with varied stakeholders.
Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security.
Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS)
Experience of having worked with GitHub and GitHub actions is essential.
Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial)
Awareness and experience of the NIST framework and PCI-DSS Standard.
Experience of container vulnerability scanning or securing containers.
Experience of programming / development technologies, (this will be tested at interview)
Experience of AWS WAF implementation and AWS services in general.
Good communication, presentation and written language skills.
Knowledge of development methodologies e.g. Agile
Educational Qualifications:
BS Computer Science or similar qualification
Application Security certifications (CEH, CASE, CSSLP or similar)
-
Application Security Expert
6 days ago
Bangalore, India Justdial Full timeJob Description:As a seasoned Application Security Specialist, you will play a pivotal role in ensuring the security of web and mobile projects. With a strong focus on compliance and best practices, you will collaborate with engineering teams to maintain secure architecture and develop runtime analysis capabilities to identify security...
-
Application Security Expert
2 weeks ago
Bangalore, India Justdial Full timeJob DescriptionJob Title: Application Security SpecialistLocation: BangaloreJob Summary:We are seeking an experienced Application Security Specialist to join our team. The successful candidate will provide security expertise for web and mobile projects, ensuring compliance with enterprise and IT security policies, industry regulations, and best practices.Key...
-
Application Security Engineer
1 week ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new digital...
-
Application Security Engineer
1 week ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new...
-
Application Security
1 month ago
Bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views...
-
Application Security
2 weeks ago
Bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views...
-
Senior Security Data Engineer
1 month ago
bangalore, India System Two Security Full timeSystem Two Security is looking to hire a Senior Security Data Engineer who is highly skilled and experienced. This role is pivotal in ensuring the integrity and usability of our data. The ideal candidate will have a strong background in data engineering and cyber security, with the ability to work autonomously on critical projects.ResponsibilitiesGenerate...
-
Senior analyst application security
2 weeks ago
Bangalore, India Tyson Foods India Full timeJob Summary Join our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing...
-
Senior Analyst Application Security
2 weeks ago
Bangalore, India Tyson Foods India Full timeJob Summary Join our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing...
-
Application Security
2 weeks ago
bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each...
-
Senior Analyst Application Security
2 weeks ago
bangalore, India Tyson Foods India Full timeJob SummaryJoin our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and...
-
Application security
2 weeks ago
Bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views...
-
Application Security
1 month ago
bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTIONCondé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each...
-
Senior Analyst Application Security
5 months ago
bangalore, India Tyson Foods India Full timeJob Summary Join our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and...
-
Senior Analyst Application Security
2 weeks ago
Bangalore, India Tyson Foods India Full timeJob Summary Join our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing...
-
Senior Analyst Application Security
3 weeks ago
bangalore, India Tyson Foods India Full timeJob SummaryJoin our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and...
-
Senior Analyst Application Security
1 week ago
bangalore, India Tyson Foods India Full timeJob Summary Join our team as Senior Application Security Engineer, where you'll be integral in protecting our applications from security threats and vulnerabilities. In collaboration with our development and testing teams, you'll conduct security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and...
-
Application Security
1 month ago
bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each...
-
Application Security
1 month ago
bangalore, India Condé Nast Technology Lab Full timeJOB DESCRIPTION Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each...
-
Capability Leader – Application Security
15 hours ago
bangalore, India TechTheory India Full timeJob Summary:We seek an experienced Application Security capability leader to lead our application security practice, driving business growth, practice development, and thought leadership. The ideal candidate will have a strong background in building and managing application security practice, and go-to-market strategies.Salary Bracket : OpenExperience : 18+...