IT Security Senior Lead - Strategic Threat & Intelligence Center

IT Security Senior Lead– Strategic Threat & Intelligence Center

Hyderabad

Hybrid Model [ 3 Days Onsite and 2 Days remote in a week]

As a Lead Security Specialist, you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.

We are looking for a talented and trustworthy application security specialist to cover all aspects of application security and vulnerability management. The primary responsibilities include manual secure code review, penetration testing(web/API/network), threat modeling, design review, vulnerability scanning, remediation coordination and tracking.

Responsibilities:

• Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
• Consult DevSecOps Team of Application Security requirements to adhere to secure SDLC industry best practices.
• Perform penetration testing to align with Agile sprints against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
• Report vulnerabilities to stakeholders and track remediation progress.
• Thorough understanding of cloud technologies and environments (AWS, Azure, GCP).
• AppSec and vulnerability management for all aspects of DevSecOps/Cloud, Agile, CI/CD pipelines.
• Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.
• Identify, research and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.
• Serve as an infrastructure and application security subject matter expert for projects.
• Conduct Threat Modeling exercises to identify objectives and vulnerabilities, and define countermeasures to prevent, or mitigate the effects of, threats to the system.
• Hiring and manage, establishing goals team growth, conducting performance reviews, and one on one meeting, scheduling resources for projects, managing multiple projects from kickoff to completion
• Performs ASVS assessments using industry best practices on various environments, including web applications, APIs, and on-prem/cloud infrastructure
• Manage penetration testing metrics to ensure issues are remediated within proper timelines
• Build and improve Application Security Pentest Standard Operating Procedures
• Lead and provide support to team in coordinating with Pentest scoping requirements, participating in Pentest projects from kickoff through completion
• Provide feedback and coaching, and grow their technical and Pentest skills adhere to common security guidelines such as OWASP
• Lead and contribute to the development of tooling and automation to improve team productivity
• Ability to communicate business impact of findings across technical and nontechnical audiences-Effectively communicate vulnerability details, risks and potential impacts to, application/infrastructure owners, stakeholders, and both onshore and offshore partners.
• Design, implement, and support security-focused tools and services.
• Assist with internal investigations, incident response, and other special requests or events.
• Competent to work independently at a high technical level.
• In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
• Inherent passion for information security and service excellence.
• Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
• Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives..
• Define and document internal, technical, and service processes and procedures
• Researching the company's systems, applications, network structure, and possible penetration sites.
• Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
• IDS/IPS, honeypot, and firewall evasion.
• Conducting penetration tests once new security features have been implemented.
• Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)

Education:

BS in Computer Science or equivalent required, MS preferred.