HCL Infosystems - Application Security Architect

Application Security Architect

Job Description:

a. Evaluate the business functionalities sought and site any security issues / threats being exposed due to such functionalities.

b. Perform threat modeling, design reviews and code reviews as part of the development lifecycle. Code reviews should also map the code to the functionalities sought and check if any undue or undesired functionality is being exposed thereby leading to severe threats

c. Perform proof-of-concept testing for integrating new 3rd party security products into the development and deployment processes. Leading the integration of security automation tools into the Continuous Integration and Continuous Delivery pipeline as desired.

d. Security considerations to take care include data breaches, broken authentication, hacking, account hijacking, encrypted or un-encrypted channel, broken functionalities causing leaking of data

e. Develop and maintain security procedures and guidelines for the products

f. Should help the organization to apply the security solutions to any application

g. Conduct regular application audits to find various vulnerabilities and provide solutions to the development team to close the vulnerabilities

h. Act as individual contributor to showcase how external facing applications / services and the hidden or 2nd tier services can be potentially attacked for search of data

Requirements:

a. Bachelor's Degree in Computer Science or related field. Equivalent work experience will be considered.

b. Software development background of more than 7 years. Java/J2EE, API/web services, Android, scripting languages and a relational database management system (RDBMS) such as my SQL. These are some of the technical elements needed to build security into an organization.

c. Security certifications are desirable, e.g. CISSP, CSSLP, CEH etc.

d. Architecture certifications such as TOGAF preferable

e. Knowledge in information security standards such as ISO27001, COBIT and OWASP

f. Advantage - experience with financial transaction processing software vulnerabilities.

g. Soft skills - effective communication (internal, customer), collaboration (internal, external), effective written skills (white papers, vulnerability specifications etc.).

h. Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat.

B.Tech/M.Tech/MCA is mandatory (Non-Negotiable)

Salary: 28 LPA

Naveen