Information Security Specialist Job in Amdocs

Job ID: 193409
Required Travel :Minimal
Managerial - No
Location:India- Pune (Amdocs Site)

Who are we?

Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our approximately 30,000 employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $4.89 billion in fiscal 2023.

In one sentence

The Information Security Specialist will lead the efforts to secure the Amdocs ecosystem by guiding and monitoring the different IT/ Product/ Business teams to ensure organizational security, by designing a secure architecture of software products/ conducting risk and threat analysis/ analyzing and managing a secure solution in the domain of infrastructure/ application while responding to specific stakeholders questions.

What will your job look like?

Today's cyber security threats are realistic, causing major financial losses and reputational damage. Leading organizations to invest more controls and manage their risks to ensure optimal protection against potential data breach.

Amdocs, as enterprise leader providing solution for telecommunication organization, is required to protect firstly its IP, reputation and ensuring required protection for their customers, aligned with contractual requirements.

Having the proper Secure Software Development is becoming essential for projects development and solutions deployment, allowing both Amdocs and customers to have the certainty of proper security safeguards, proper communication and understanding of potential risks and required mitigations.

All you need is...

BS in Computer Science, or equivalent
Working in Agile/Scrum team
Total experience 5-12 years
Extensive expertise in SAST, DAST ,FOSS ,IAC stack area.
5+ years of relevant experience in information Security (code reviews and Pen Testing )
5+ years experience in setting up continuous integration and continuous delivery systems
1-4 years basic understanding of Cloud Platforms
3-4 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase,Github actions
Hands on experience in tools like Checkmarx, Wiz ,twistlock Appscan ,Burpsuite etc.
Expertise in Security code reviews and onboarding process for managing false positives
Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh) -- Required
Knowledge in distributed systems, software and network security preferred.
Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
automated FUZZ Testing Tools & concepts - Working Knowledge
Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
Great Communication skills (Ability to communicate with a Developer to a Manager or Director level).
Tools mandatory

Good to have
2-4 years experience with configuration management and automation tools like Chef, Puppet, Openstack or something similar.
2-4 years experience with cloud deployment (Azure, AWS, GCP)- advantage
Project Management Skills.
Travel: Ability to travel 1-2 times a year

Why you will love this job:

The role of the Information Security Specialist

Information Security Specialist (DevSecOps) will work closely with all Amdocs development teams to build and integrate Security Tools into CI/CD pipeline. Administration & Management of the environment of the security tools, creation of automation scripts, test cases, develop dashboards, etc.
And will need to have the ability to keep up to date on all new security challenges and work with our teams to develop protection mechanism.

Perform application security assessments including secure code review, threat modeling. Assist and enable R&D teams to adopt secure development practices. Provide software security advice and issues to resolution to cross-functional teams including product, engineering, and services.

Information Security Specialist Roles & Responsibilities
Build and ensure secure development compliance with our development process.
Follow up with staff members to ensure completion of security-related tasks, finding security design flaws and implementation bugs consistently by performing different secure S-SDLC activities.
Closely work with the Lead to maintain Security health check of the integrated automation
Integrate multiple security tools in the DevOps pipeline to support SAST, DAST, FOSS, IAST, VA scanning activities by learning the integration features of different tools and suggest accordingly.
Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.
Participate in the planning, design, and implementation efforts
Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation
Execute test procedures and/ or scripts either manually or by automated tools.
Gather and document the outcome of test executions and all information needed to support ongoing measurements and reporting on risks, defects, tests, and coverage.
Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
Liaise with development and infra teams to get the defect resolutions
Work with different entities in the enterprise to ensure S-SDLC compliance with corporate rules and industry standards.
Work with multiple stakeholders in IT, account and IS teams to understand the present DevOps implementation model in project and suggest suitable model of integration for security tools to create DevSecOps model.

Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce