Lead Software Engineer ( Security )
- Opentext
- 5 - 9 years
- Bengaluru
- 3 months ago
- Email to a friend
- Report this job
Job Description
YOUR IMPACT
As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support
What The Role Offers
- Strategic Planning:
- Collaborate with senior leadership to align application security initiatives with overall business goals.
- Periodic review and refinement of Product Security processes and tools.
- Technical Leadership:
- Provide technical leadership, guidance and support to the Product security team.Stay updated on the latest trends and advancements in application security and apply them to continually improve the organization??s security program.
- Recommend mitigations for vulnerabilities; manage third-party and open-source software risk.
- Architecture and Design:
- Review and influence application designs for security best practices.
- Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls.
- Security Reviews:
- Conduct security assessments throughout the development lifecycle.
- Collaborate with development teams to remediate security vulnerabilities.
- Code Review and Analysis:
- Conduct code reviews and implement automated code analysis tools.
- Secure Development Practices:
- Enforce secure coding practices, train developers in secure coding.
- Incident Response/Customer Escalations:
- Lead incident response efforts related to application security incidents.
- Work with cross-functional teams to investigate and remediate security breaches.
- Policy and Standards:
- Develop and enforce application security policies; ensure compliance with industry standards.
- Security Testing:
- Oversee the implementation of security testing methodologies
- Conduct Penetration Testing activity for applications/systems
- Security Awareness:
- Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
- Collaboration:
- Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity.
- Documentation and Reporting:
- Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management.
- Generate reports and conduct peer reviews.
- Research and Innovation:
- Stay informed on emerging threats & vulnerabilities and proactively implement innovative security solutions by leveraging AI & Automation, wherever possible.
- Vendor and Tool Evaluation:
- Evaluate and recommend security tools/technologies; Manage vendor relationships
What You Need To Succeed
- Industry standard best practices on application security controls, requirements, features, and specifications
- Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation
- Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.)
- Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers)
- Strong experience in manual vulnerability assessment and penetration testing
- Hands-on experience with Application Security tools including Fortify, WebInspect, and Burp Suite, along with experience in Artificial Intelligence adoption and integration.
- Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices
- A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality)
- Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.)
- Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.)
- Should have excellent team playing and collaborative skills, to work with multiple stake holders.
- Strong analytical, troubleshooting, writing, communication, and consultancy skills
- Possess a commitment to quality and a thorough approach to work.
Job Classification
Industry: Software ProductFunctional Area / Department: Engineering - Software & QARole Category: Quality Assurance and TestingRole: Security Testing EngineerEmployement Type: Full timeContact Details:
Company: OpentextLocation(s): Bengaluru
Keyskills: software engineer restful cloud security oscp ai advocate vulnerability assessment artificial intelligence incident response dast application security compliance json penetration testing sast application security testing architecture
Similar positions
Opentext
\n\nA Subsidiary of UAE Based Company dealing mainly in MEP design & installation activities with interest in various HVAC product sales like FCU\'s, AHU\'s, FAHU\'s, Chillers, VRF, Ducted Units, Package Units, Fans etc in Indian Market.
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in