Chief Information Security Officer

YOUR IMPACT

As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principles, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modeling the applications. You should be familiar with industry best practices for information security policies and product security standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support.

What The Role Offers

• Strategic Planning: Align application security initiatives with business goals; refine Product Security processes and tools.
• Technical Leadership: Stay updated on the latest trends and advancements in application security and apply them to continually improve the organization's security program.
• Recommend mitigations for vulnerabilities; manage third-party and open-source software risk.
• Architecture and Design: Review application designs for security best practices.
• Design, enhance, and advocate for the threat modeling process. Conduct threat modeling and advise product teams on implementing appropriate security controls.
• Security Reviews: Conduct security assessments throughout the development lifecycle.
• Collaborate with development teams to remediate security vulnerabilities.
• Code Review and Analysis: Conduct code reviews and implement automated code analysis tools.
• Secure Development Practices: Enforce secure coding practices, train developers in secure coding.
• Incident Response/Customer Escalations: Lead incident response efforts related to application security incidents.
• Work with cross-functional teams to investigate and remediate security breaches.
• Policy and Standards: Develop and enforce application security policies; ensure compliance with industry standards.
• Security Testing: Oversee the implementation of security testing methodologies
• Conduct Penetration Testing activity for applications/systems
• Security Awareness: Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Collaboration: Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity.
• Documentation and Reporting: Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management.
• Generate reports and conduct peer reviews.
• Research and Innovation: Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions.
• Vendor and Tool Evaluation: Evaluate and recommend security tools/technologies; Manage vendor relationships

What You Need To Succeed

• Industry standard best practices on application security controls, requirements, features, and specifications
• Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation
• Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.)
• Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers)
• Strong experience in manual vulnerability assessment and penetration testing
• Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc.
• Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices
• A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality)
• Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.)
• Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.)
• Should have excellent team playing and collaborative skills, to work with multiple stakeholders.
• Strong analytical, troubleshooting, writing, communication, and consultancy skills
• Possess a commitment to quality and a thorough approach to work

Education and Experience:

• Bachelor's/Master's degree in Computer Science or equivalent

8-12 years of relevant experience,
6+ years of relevant experience,
Back End Developer,
IT Services & Consulting,
Engineering - Software & QA,
Full Time, Permanent,
Software Development,
UG: Bachelor's degree in Any Specialization,
PG: Master's degree in Any Specialization