Principal Lead-Software Engineering (Information Security)
In this role the person will be the responsible for enabling secure applications of a very large scale suite of banking & related applications. In this role the person will be fully responsible for ensuring secure applications are created by developers & security measures are built in CICD pipeline to speed time to market of applications maintaining security aspects alongside. For this role we are looking for a highly motivated Individual who is technically strong to work closely with application teams, information security teams & cyber-security teams across geographical regions. Responsibilities
• Guide engineering team to reduce/ minimize application vulnerabilities and make them stronger/ stable to prevent cyber attacks from within and outside the organization.
• Should be able to act as ethical hacker and find ways of first exposing and then make up for vulnerabilities.
• In-depth knowledge of parameter manipulation, session hijacking, and cross-site scripting. Required Qualifications
• Bachelors/Master degree in Computer Science/Information Systems or equivalent.
• Total IT experience should be 10+ years
• Person should have experience of around 5+ years in the area of Info security:
• Should be able to take a step up role of security champion for wider organization base.
• Exceptional problem solving skills with strong programming fundamentals & algorithms (strong analytical skills).
• Good knowledge of operating systems internals including UNIX and windows (scripting knowledge such as powershell and bash).
• Should have excellent communication skills.
• Should have certifications such as CEH (Certified Ethical Hacker).
• Certified Information Systems Security Professional (CISSP)
• Should know tools such as veracode/ blackduck and be well versed with "Secure Coding" principles.
• Should be able to help setup application pipeline scans in tools such as Jenkins. Preferred Qualifications
Candidates who have used following tools (or have familiarity with below) will have added advantage:
The person should have knowledge of the different methods malicious hackers use in order to break into a network or system.
• Certified Cloud Security Professional (CCSP)
• AWS Certified Security
• AWS Certified Cloud Practitioner