Job Position : Senior Manager - Technology - Application Security
Job Description :
Designing Application Security Framework and Secure Development Lifecycle for web based, non-web based, Mobile and Robotics platforms .
Define security guidelines and controls to enforce security on web based application using Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Facilitate external VA/PT audits, Application Security Audits, customer audits, and actively project-manage the remediation of audit findings.
Respond to Client RFPs and Questionnaires on Security and manage key client audits.
Maturity of Secure Development of Application(SDLC process)
Secure Software Requirements - capturing security requirements in the requirements gathering phase
Secure Software Design - translating security requirements into application design element
Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
Secure Software Testing - integrated QA testing for security functionality and resiliency to attack
Software Acceptance - security implication in the software acceptance phase
Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
Compliance to Information Security policies, standards and processes
Client relationship management(facilitate external audits, PCIDSS, ISO 27001, customer audits)
Performing security testing of web applications, networks and source code reviews using Risk based approach
Conducting VAPT, Source code audits, Infrastructure reviews
Conducting security assessments on a wide variety of business applications in the areas of Ecommerce Finance, Insurance, Utilities, Transportation etc..
Performing Application Threat Modeling and Threat profiling based on Hackers Interest areas.
Performing source code reviews of multiple critical applications on different platforms and technologies.
Knowledgeable in Platforms
Secure J2EE Programming
Secure .NET Programming
Secure PHP Programming
Programming languages: Java, Perl, SQL, C and C++
Conducting a configuration audit of multiple platforms including Windows, Linux, AIX, Solaris, Oracle and MSSQL databases, Apache and IIS web servers, IIS, Cisco IOS, Cisco Pix Firewall, DHCP Server, Microsoft Exchange Server etc
Analyzing security of the network & wireless Infrastructure.
Performing external as well as Internal penetration testing of Internet-facing servers using tools like Burp suite,Nmap,Nessus,Metasploit and performed black box and grey box testing on internally hosted Web applications.
Performing Vulnerability on Windows 2003,2008 R2,Domain Controllers,Linux,Oracle,SQL database servers.
Auditing the Firewall Rule base of multiple firewalls including but not limited to Fortigate, Checkpoint, Cisco Juniper, Microsoft ASA, Microsoft TMG etc .
Conducting trainings and awareness sessions in the domain of web application security and secure coding practices.
One or more of the following certifications are desirable: CSSLP, CISSP, CEH, SANS(GWEB), OSCP
Total Experience: 8-10 years
Strong domain understanding of offshore technology sectors and / or business operations
Capable of managing project tasks individually and as a team
Ability to document and explain technical details in a concise & understandable manner
Excellent client relationship management skills
Excellent oral and written communication skills
Excellent Presentation & Public speaking skills
Other duties as assigned