Religare Health Insurance - Lead - Application Security

Care Insurance (formerly known as Religare Health Insurance) Information Security team is seeking a Leader for it's Security Architecture and AppSec team. This team owns all aspects of security for care insurance applications and services. You and your teams will be responsible for (a) integrating security requirements, (b) proactively performing security assessments to prevent security vulnerabilities, (c) performing security testing before release, and (d) partnering closely with our development and product management teams to produce innovative and secure solutions.

As a security leader, you will participate in the care insurance security strategy build out, road-map planning, project execution scheduling, building a team of security architects/engineers and fostering a strong team culture.

Key Responsibilities

- Drive the culture & initiative of secure-by-design in the area of application development

- Lead Appsec function across the entire software development practice

- Manage application security framework improvements

- Integrating security tools, standards, and processes into the product life cycle (PLC) & software development life cycle

- Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities

- Improving and supporting application security tool deployments including static analysis and runtime testing tools Improving and maintaining secure development standards

- Supporting the incident response and architecture review processes whenever application security expertise is needed

- Managing penetration testing services, including both expert consulting and managed services Providing manual penetration testing and standards gap analysis services to internal business and technology partners

- Managing application framework and perimeter security improvement projects

- Supporting Vendor Security activities to ensure 3rdparty software and development meets security standards

- Integrating threat modeling practices into the product life cycle

- Providing security requirements for test driven design

- Producing metrics reporting the state of application security programs and performance of development teams against requirements

- Ensuring the change & release management follows the defined processes & guidelines for application security

- Developing and managing the Dev Sec Ops for assurance of secure code practices across the organization

Job Requirements

- Successful candidate will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors. Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security. Demonstrable ability to influence decision making processes at all levels of a large organization will be critical to success.

- Candidate must have strong leadership skills and be effective managers of highly technical individuals.

- Candidate must have excellent verbal and written communication skills

- Candidate should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

- The ideal candidate has experience writing and testing web applications and web services in the following programming languages : Java, and JavaScript. The candidate should have familiarity with a variety of development and testing tools, including: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect

- Candidate must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.

- Strong exposure to OWASP top 10, TCv2 & MITRE

- Hands on experience in threat modeling, SAST, DAST and web application security

- Experience with API Eco System and API security

- Experience with cross-platform development (iOS, Android & Web)

- Candidate must have experience in planning multiyear roadmaps

- Familiarity with industry standards and regulations including PCI and ISO27001 is desired.

Qualification / Experience

- Excellent written and oral communication skills at all levels, strong communicator and ability to articulate and communicate complex IT-related business

- Bachelors degree in Computer Science, MIS, Engineering or related field preferred with 7+ years of work experience