IT Security Associate Banking

The purpose of this job role is to manage IT Security with strong hands-on capabilities across Application Security, Vulnerability Management, DevSecOps, and Red Teaming. The role requires end-to-end ownership from security design and troubleshooting to project execution, compliance monitoring, and continuous improvement of the security posture.

Application Security:

- Lead application security assessments including SAST, DAST, IAST, SCA, and manual code reviews.

- Identify, validate, and prioritize application security vulnerabilities and guide remediation with development teams.

- Ensure secure design and implementation aligned with OWASP Top 10, ASVS, and secure coding standards.

- Review application architecture and data flows from a security perspective.

Vulnerability Management:

- Own the end-to-end vulnerability management lifecycle across applications, infrastructure, cloud, and endpoints.

- Perform vulnerability validation, risk-based prioritization, exception handling, and closure tracking.

- Coordinate with multiple stakeholders to ensure timely remediation and SLA adherence.

- Provide management-level reporting on vulnerability trends, risk exposure, and remediation status.

DevSecOps:

- Integrate security controls into CI/CD pipelines (e.g., code scanning, dependency scanning, secrets management).

- Enable shift-left security by embedding security checkpoints in development and deployment processes.

- Work closely with DevOps teams to automate security testing and compliance checks.

- Define and enforce secure SDLC and DevSecOps governance.

Red Teaming & Security Testing:

- Coordinate and manage red team / penetration testing exercises (internal and external).

- Validate findings, assess business impact, and track remediation to closure.

- Support purple team activities to improve detection and response capabilities.

- Conduct root cause analysis and provide improvement recommendations.

Compliance & Governance Monitoring:

- Monitor and ensure compliance with internal security policies, standards, and regulatory requirements.

- Support audits, assessments, and regulatory reviews by providing evidence and technical clarifications.

- Track security issues, risk acceptances, and remediation plans across all security domains.

Troubleshooting & Project Ownership:

- Act as a senior escalation point for complex security issues and incidents.

- Lead security initiatives and projects from planning and execution to closure.

- Coordinate with cross-functional teams to resolve security gaps without impacting business timelines