IT Security Senior Lead - Strategic Threat & Intelligence Center
IT Security Senior Lead– Strategic Threat & Intelligence Center
Hyderabad
Hybrid Model [ 3 Days Onsite and 2 Days remote in a week]
As a Lead Security Specialist, you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.
We are looking for a talented and trustworthy application security specialist to cover all aspects of application security and vulnerability management. The primary responsibilities include manual secure code review, penetration testing(web/API/network), threat modeling, design review, vulnerability scanning, remediation coordination and tracking.
Responsibilities:
- Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
- Consult DevSecOps Team of Application Security requirements to adhere to secure SDLC industry best practices.
- Perform penetration testing to align with Agile sprints against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
- Report vulnerabilities to stakeholders and track remediation progress.
- Thorough understanding of cloud technologies and environments (AWS, Azure, GCP).
- AppSec and vulnerability management for all aspects of DevSecOps/Cloud, Agile, CI/CD pipelines.
- Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.
- Identify, research and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.
- Serve as an infrastructure and application security subject matter expert for projects.
- Conduct Threat Modeling exercises to identify objectives and vulnerabilities, and define countermeasures to prevent, or mitigate the effects of, threats to the system.
- Hiring and manage, establishing goals team growth, conducting performance reviews, and one on one meeting, scheduling resources for projects, managing multiple projects from kickoff to completion
- Performs ASVS assessments using industry best practices on various environments, including web applications, APIs, and on-prem/cloud infrastructure
- Manage penetration testing metrics to ensure issues are remediated within proper timelines
- Build and improve Application Security Pentest Standard Operating Procedures
- Lead and provide support to team in coordinating with Pentest scoping requirements, participating in Pentest projects from kickoff through completion
- Provide feedback and coaching, and grow their technical and Pentest skills adhere to common security guidelines such as OWASP
- Lead and contribute to the development of tooling and automation to improve team productivity
- Ability to communicate business impact of findings across technical and nontechnical audiences-Effectively communicate vulnerability details, risks and potential impacts to, application/infrastructure owners, stakeholders, and both onshore and offshore partners.
- Design, implement, and support security-focused tools and services.
- Assist with internal investigations, incident response, and other special requests or events.
- Competent to work independently at a high technical level.
- In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
- Inherent passion for information security and service excellence.
- Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
- Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives..
- Define and document internal, technical, and service processes and procedures
- Researching the company's systems, applications, network structure, and possible penetration sites.
- Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
- IDS/IPS, honeypot, and firewall evasion.
- Conducting penetration tests once new security features have been implemented.
- Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)
Education:
BS in Computer Science or equivalent required, MS preferred.
“Quest is a very patient centric company; we’re looking to raise the quality of healthcare through diagnostic and digital insights. You will get lots of exposure to different people and geographies.”
- Megha Kandagal, Analyst, Data Quality
Submit your resume
Submit your updated resume to us via email at HTASIndiaCareers@questdiagnostics.com. Our team will process your request and contact you about appropriate vacancies.
- Manager Software Engineering Hyderabad, India 05/17/2024
- Devsecops Engineer Hyderabad, India 05/02/2024
- Procurement Associate Hyderabad, India 04/29/2024
No jobs have been viewed recently.
No jobs have been saved.