Embibe - Lead - Information Security

Information Security Lead 

Job Purpose:

Applications Security engineer will be responsible for designing, building, testing and implementing application security solutions within the organization. He is expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems and authentication protocols, as well as best practice security products and tools.

Principal Responsibilities:

1. Manage and run vulnerability assessment program for Embibe IT infrastructure and penetration testing for internal applications and external facing IPs.

2. Provide security architecture and advice in support of IT infrastructure, application development, and enterprise technology projects to ensure the integrity of the Enterprise security architecture.

3. Work as the lead to design, implement and govern the security tools and technologies in order to secure Database and related IT infrastructure.

4. Develop and maintain security procedures and guidelines for the applications.

5. Define, document and implement the security portfolio and application security architecture landscape for the organization including but not limited to the following:

6. Identify architectural and other security risks associated with the solutions, and compensating controls where necessary.

8. Developing reusable security controls that can be leveraged for infrastructure & application development

9. Reviewing current system security measures and recommending and implementing enhancements

10. Architects, prioritizes, coordinates and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environment

11. Maintains an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.

12. Assists in the evaluation of overall application security risk (including data), accounting for the people, processes, and technologies that provide security controls

13. Translate security risks to business impact.

14. Stay with up to date industry trends in Application Security Architecture, and apply the knowledge to enhance/improve application architecture.

15. Govern the IT Security defined KPI of the Implemented Applications so as to ensure that applications are remain secure.

Desired Profile:

Desirable Security certifications are desirable, e.g. OSCP, Python, CEH etc.

Work Experience (No: 10 -12 years and areas of expertise required for the Job)

- Experience in information security with atleast tools like Websense DLP, Qualys Guard, SEP, and application security experience

- Practical experience in the Information Security Architecture field, with emphasis on application security architecture and authorization approaches.

- Good to have Code Review experience

- Technical Competencies (technical skills required to perform the role)

- Solid understanding of Network & System security, Security tools & architectures, protocols, cryptography, authentication, authorization and application security.

- Strong understanding of security architecture best practices, standards and frameworks.

- Exposure to software development technologies.

- Strong knowledge of core security networking concepts like DNS, Firewalls etc.

- Good understanding of cloud architecture as well as on premise IT landscape