Senior Manager - Information Security Job in Larsen & Toubro Infotech Ltd

Senior Manager - Information Security

Apply Now
Job Summary

Job Description:

The Application & Cloud Security Architect will play an integral role in defining and assessing the application development and cloud security strategy, architecture and practices. A successful person in this role will effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The application & cloud security architect will be responsible for the following activities and functions:

  • Develop and maintain an applications development security strategic plan, roadmap, architecture processes, minimum security baselines in alignment with enterprise policies and standards.
  • Develop and implement security solutions and capabilities for applications teams that are clearly aligned with business, technology and threat drivers.
  • Develop and maintain security architecture artifacts (models, templates, controls, testing checklists, standards and procedures) that can be used to leverage security capabilities in projects and operations.
  • Develop and expand API framework to interconnect Security Tools.
  • Conduct security assessments of existing and prospective vendors, internal & third party applications, workloads, services and other items.
  • Guide internal teams and third-party vendors on appropriate remediation measures and mitigation controls
  • Apply adept understanding and experience on security tools/services with systems automation platforms and technologies.
  • Interprets requirements to determine the best solutions and approaches.
  • Conducts threat modelling and security gap assessment exercises in coordination with concerned stakeholders.
  • Provide enterprise level visibility on security threat / risk exposure and compliance to leadership
  • Conduct or participate in incident response exercises, forensic analysis, penetration testing, disaster recovery planning and business continuity management.
  • Advocate and enforce cybersecurity best practices and share insights throughout the organization.

Essential Duties & Responsibilities:

  • Have extensive experience using cloud platforms such as AWS, Azure, and Google Cloud as well as private cloud
  • Have a solid understanding of both software security fundamentals and what it takes to build internet-scale applications.
  • Have found & helped fix security defects in someone else's code, yet you remain friends
  • Are capable of evaluating & improving security posture throughout the SDLC
  • Enjoy teaching others about application security, secure coding, and privacy
  • Are educated in computer science/engineering degree, or have gained equivalent knowledge through work experience & self-study
  • Have certifications in information security, application security, and/or cloud security
  • Advise senior client management on security risks.
  • Translate security risks to business impact.
  • Architect, prioritize, coordinate and communicate the choice of security technologies necessary to ensure a highly secure yet usable computing environment
  • Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects.
  • Coordinate with various project teams to communicate the necessity of security requirements and design constraints.
  • Perform code analysis, application security reviews, and develop an application security training program.
  • Stay current with security technologies and make recommendations for use based on business value.
  • Maintain an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.

Qualifications

  • Bachelor's degree preferred.
  • Minimum of 10 years application development experience ideally within the Microsoft development stack.
  • 4+ years of advanced security experience.
  • Applicable certification as an added advantage - CISSP, CISSP - ISSAP, CEH etc
  • Solid history of designing, developing, or customizing application authentication and authorization systems.
  • Understanding of theOWASP Top 10 applicationsecurity risks and how to address them.
  • Working knowledge of theSecurity Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM), CWE, Agile DevSecOps.
  • Strong working knowledge of enterprise software technologies, application security, and infrastructure.
  • Working knowledge of public & private cloud computing platform offerings and security related services.
  • Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
  • Core understanding of web application security scanning software and related penetration testing tools
  • General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls, WAF etc.
  • Solid understanding of cloud architecture as well as on premise IT landscape.
  • General understanding of regulatory compliance (GDPR, PCI, HIPAA, etc) and how it relates to application security and privacy.
  • Strong communication skills, both written and verbal.
  • Good presentation skills.
  • Ability to articulate technically advanced issues to all audiences.
  • Highly seasoned in organizational, time management, decision making and problem solving skills
  • Ability to mentor and train internal and client teams.
  • Ability to work under pressure, establish priorities and respond with urgency.


Job Segment: Information Security, Information Technology, IT Manager, Engineer, Developer, Technology, Engineering

Experience Required :

0 to 1 Years

Vacancy :

2 - 4 Hires

Similar Jobs for you

See more recommended jobs