Providing guidance to the Technology Risk team, the application development teams, the DevOps team, the cloud engineering team, and to other internal engineers and developers.
Roles & Responsibilities:
● An application security architect's responsibilities include reviewing architecture and design, designing and planning application security controls, as well as designing and assessing cloud security architectures.
● Manual Secure Code Review Consultant is responsible for the Manual secure code review and assessment of in-house developed source code of Web/Non-web and cloud apps, API’s using manual approach primarily, develop and leverage custom scripts and tools as required.
● Interaction with developers (Application Development) to gather application source code details, conduct code review and provide technical assistance in remediating application security issues will be part of the responsibilities.
● Document vulnerabilities and work with developers on vulnerability mitigation.
● Perform re-reviews to validate the fixes on the reported vulnerabilities.
● Provide excellent coordination with local teams (which includes vendor consultants), onsite team and various other support teams in organization.
● Provides regular status updates on all assigned tasks and deliverables.
● Bachelor's degree in computer science or related discipline preferred.
● Experience required: 4-5 Years.
● Proficiency in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.
● The individual should possess strong knowledge of Secure coding principles across widely used programming languages (Java, Angular/Node JS, Java Script, Python, Ruby etc.) along with excellent communication, analysis and organizational skills.
● Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks.
● Experience with common web stack technologies (e.g., HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g., Tomcat, .Net, MS SQL, etc.).
● Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.).
● Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, Java Script, Python.
● Should have a solid understanding of security controls and how they apply to different designs and systems.
● Understand, highlight and articulate risk to product owners in an understandable language.
● Knowledge of DevSecOps and development pipeline integration and automation.
● Knowledge in Cloud and Containers infrastructure.
● At least 4 years of progressive development experience with 3+ years in Secure Code review and Application Security.
● Proficiency with Application Security best practices with more focus secure coding guidelines.
● Demonstrated proficiency of troubleshooting techniques and detail-oriented problem-solving mindset.
● Ability to conduct research into technical issues, standards, and products.
● Good written and verbal communication skills and the ability to interact well with different levels within the organization.
● Have one or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).