Senior Manager - Information Security Job in Larsen & Toubro Infotech Ltd
Senior Manager - Information Security
- Pune, Pune Division, Maharashtra
- Not Disclosed
- Full-time
- Permanent
Job Description:
The Application & Cloud Security Architect will play an integral role in defining and assessing the application development and cloud security strategy, architecture and practices. A successful person in this role will effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The application & cloud security architect will be responsible for the following activities and functions:
- Develop and maintain an applications development security strategic plan, roadmap, architecture processes, minimum security baselines in alignment with enterprise policies and standards.
- Develop and implement security solutions and capabilities for applications teams that are clearly aligned with business, technology and threat drivers.
- Develop and maintain security architecture artifacts (models, templates, controls, testing checklists, standards and procedures) that can be used to leverage security capabilities in projects and operations.
- Develop and expand API framework to interconnect Security Tools.
- Conduct security assessments of existing and prospective vendors, internal & third party applications, workloads, services and other items.
- Guide internal teams and third-party vendors on appropriate remediation measures and mitigation controls
- Apply adept understanding and experience on security tools/services with systems automation platforms and technologies.
- Interprets requirements to determine the best solutions and approaches.
- Conducts threat modelling and security gap assessment exercises in coordination with concerned stakeholders.
- Provide enterprise level visibility on security threat / risk exposure and compliance to leadership
- Conduct or participate in incident response exercises, forensic analysis, penetration testing, disaster recovery planning and business continuity management.
- Advocate and enforce cybersecurity best practices and share insights throughout the organization.
Essential Duties & Responsibilities:
- Have extensive experience using cloud platforms such as AWS, Azure, and Google Cloud as well as private cloud
- Have a solid understanding of both software security fundamentals and what it takes to build internet-scale applications.
- Have found & helped fix security defects in someone else's code, yet you remain friends
- Are capable of evaluating & improving security posture throughout the SDLC
- Enjoy teaching others about application security, secure coding, and privacy
- Are educated in computer science/engineering degree, or have gained equivalent knowledge through work experience & self-study
- Have certifications in information security, application security, and/or cloud security
- Advise senior client management on security risks.
- Translate security risks to business impact.
- Architect, prioritize, coordinate and communicate the choice of security technologies necessary to ensure a highly secure yet usable computing environment
- Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects.
- Coordinate with various project teams to communicate the necessity of security requirements and design constraints.
- Perform code analysis, application security reviews, and develop an application security training program.
- Stay current with security technologies and make recommendations for use based on business value.
- Maintain an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.
Qualifications
- Bachelor's degree preferred.
- Minimum of 10 years application development experience ideally within the Microsoft development stack.
- 4+ years of advanced security experience.
- Applicable certification as an added advantage - CISSP, CISSP - ISSAP, CEH etc
- Solid history of designing, developing, or customizing application authentication and authorization systems.
- Understanding of theOWASP Top 10 applicationsecurity risks and how to address them.
- Working knowledge of theSecurity Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM), CWE, Agile DevSecOps.
- Strong working knowledge of enterprise software technologies, application security, and infrastructure.
- Working knowledge of public & private cloud computing platform offerings and security related services.
- Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
- Core understanding of web application security scanning software and related penetration testing tools
- General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls, WAF etc.
- Solid understanding of cloud architecture as well as on premise IT landscape.
- General understanding of regulatory compliance (GDPR, PCI, HIPAA, etc) and how it relates to application security and privacy.
- Strong communication skills, both written and verbal.
- Good presentation skills.
- Ability to articulate technically advanced issues to all audiences.
- Highly seasoned in organizational, time management, decision making and problem solving skills
- Ability to mentor and train internal and client teams.
- Ability to work under pressure, establish priorities and respond with urgency.
Job Segment: Information Security, Information Technology, IT Manager, Engineer, Developer, Technology, Engineering
0 to 1 Years
2 - 4 Hires