Senior Manager - Information Security Job in Larsen & Toubro Infotech Ltd

Job Description:

The Application & Cloud Security Architect will play an integral role in defining and assessing the application development and cloud security strategy, architecture and practices. A successful person in this role will effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The application & cloud security architect will be responsible for the following activities and functions:

• Develop and maintain an applications development security strategic plan, roadmap, architecture processes, minimum security baselines in alignment with enterprise policies and standards.
• Develop and implement security solutions and capabilities for applications teams that are clearly aligned with business, technology and threat drivers.
• Develop and maintain security architecture artifacts (models, templates, controls, testing checklists, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Develop and expand API framework to interconnect Security Tools.
• Conduct security assessments of existing and prospective vendors, internal & third party applications, workloads, services and other items.
• Guide internal teams and third-party vendors on appropriate remediation measures and mitigation controls
• Apply adept understanding and experience on security tools/services with systems automation platforms and technologies.
• Interprets requirements to determine the best solutions and approaches.
• Conducts threat modelling and security gap assessment exercises in coordination with concerned stakeholders.
• Provide enterprise level visibility on security threat / risk exposure and compliance to leadership
• Conduct or participate in incident response exercises, forensic analysis, penetration testing, disaster recovery planning and business continuity management.
• Advocate and enforce cybersecurity best practices and share insights throughout the organization.

Essential Duties & Responsibilities:

• Have extensive experience using cloud platforms such as AWS, Azure, and Google Cloud as well as private cloud
• Have a solid understanding of both software security fundamentals and what it takes to build internet-scale applications.
• Have found & helped fix security defects in someone else's code, yet you remain friends
• Are capable of evaluating & improving security posture throughout the SDLC
• Enjoy teaching others about application security, secure coding, and privacy
• Are educated in computer science/engineering degree, or have gained equivalent knowledge through work experience & self-study
• Have certifications in information security, application security, and/or cloud security
• Advise senior client management on security risks.
• Translate security risks to business impact.
• Architect, prioritize, coordinate and communicate the choice of security technologies necessary to ensure a highly secure yet usable computing environment
• Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects.
• Coordinate with various project teams to communicate the necessity of security requirements and design constraints.
• Perform code analysis, application security reviews, and develop an application security training program.
• Stay current with security technologies and make recommendations for use based on business value.
• Maintain an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.

Qualifications

• Bachelor's degree preferred.
• Minimum of 10 years application development experience ideally within the Microsoft development stack.
• 4+ years of advanced security experience.
• Applicable certification as an added advantage - CISSP, CISSP - ISSAP, CEH etc
• Solid history of designing, developing, or customizing application authentication and authorization systems.
• Understanding of theOWASP Top 10 applicationsecurity risks and how to address them.
• Working knowledge of theSecurity Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM), CWE, Agile DevSecOps.
• Strong working knowledge of enterprise software technologies, application security, and infrastructure.
• Working knowledge of public & private cloud computing platform offerings and security related services.
• Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
• Core understanding of web application security scanning software and related penetration testing tools
• General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls, WAF etc.
• Solid understanding of cloud architecture as well as on premise IT landscape.
• General understanding of regulatory compliance (GDPR, PCI, HIPAA, etc) and how it relates to application security and privacy.
• Strong communication skills, both written and verbal.
• Good presentation skills.
• Ability to articulate technically advanced issues to all audiences.
• Highly seasoned in organizational, time management, decision making and problem solving skills
• Ability to mentor and train internal and client teams.
• Ability to work under pressure, establish priorities and respond with urgency.