Application Security with a Leading Fintech

**Application Security with a leading Fintech**:

- From 6 to 11 year(s) of experience
- ₹ Not Disclosed by Recruiter
- Gurgaon/Gurugramor

**Roles and Responsibilities**

Roles and Responsibilities:

- Application Security Assurance Ops
- Collaborate closely in a hands-on environment with architecture, product
- management, product engineering, program management and GRC teams to design,
- build, and operate products (Web/API/Mobile) securely.
- Assess and adopt culture of DevSecOps & partner with CICD team to integrate
- security tool gates as part of development lifecycle.
- Play a pivotal role in making opinionated tools decisions.
- Build security automation with high developer empathy & self -serviceablity as first
- principles.
- Build methodical DAST & VAPT ops with automation first approach in both inhouse
- /outsources model of ops.
- Design & operate remediation ops in an actively engaged model with product
- engineering teams.
- Automate tracking & dashboarding to measure org vulnerability density & report
- effectiveness of appsec program. which are self-serviceable to engineering managers
- and engineers.
- Partner with GRC to ensure risks are accurately assessed, managed, and
- remediation planning is effective- on reduction of technical debt and curiosity to solve security bugs.
- Act as a security advisor to ensure security is embedded into the product /- intervention.
- Ensure security and privacy by design, including design process improvements,
- assessment of controls, data models, the use of cryptography, and compliance and
- regulatory needs
- Ensure third-party software and services are evaluated for requisite controls
- Author RFC style technical documents & implementation guides for adoption by
- product / infrastructure engineering / ops team.
- Design & operationalise Bug Bounty program in partnership with bug bounty
- platforms.
- Champion secure coding practises & bar raise awareness on SW security.
- Ops Management:

- Cost Management : Keep a handle on approved budget, run rate etc and
- efficiently
- manage unit economics of operations.
- Partner Management : Have an active engagement with managed services
- partners on
- quality of services, SLA adherence & overall delivery of services.
- Automation:

- Lead automation initiatives within Security & GRC to simplify reporting,
- dashboarding &
- reduce audit fatigue.
- Lead automation initiatives to reduce manual effort around vulnerability
- management
- Steer adoption of automated configuration verification for AWS & Azure through
- integration of verification tools to IAC tools like AWS cloud formation, Terraform or
- Azure
- Blueprints.
- Culture:

- Champion adoption of Agile practices with the Security team.
- Build product mindset within all members of the security team.
- Mentor & coach security engineers on Architecture mindset and help them in
- career
- progression.
- Build an active engagement with Product engineering to promote culture of
- Security &
- Privacy By Design - Shift Left Philosophy
- Lead developer awareness program on secure coding practices.
- Customer Engagement:

- Lead all customer engagement calls on matters pertaining to security maturity &
- tools
- adoption.
- Lead security capabilities walk throughs during internal / external audits e.g. ISO
- 27001,
- SOC, PCIDSS etc. and customer assessment calls.- Role:_Application Security Engineer
- Salary:_ Not Disclosed by Recruiter
- Industry:_IT Services & Consulting
- Department:_IT & Information Security
- Role Category:_IT Security
- Employment Type:_Full Time, Permanent
- Key Skills- Product ManagementProgram ManagementWeb ApiFintechApplication SecurityWeb TechnologiesDevsecopsProduct EngineeringEducation
- UG:_Any Graduate

**Company Profile**:
SKILLVENTORY
- Leading RPO- Recruiter Name:_anamika
- Contact Company:_SKILLVENTORY
- Telephone:_9039230888