Talent Aquisition at Zycus
Views:53 Applications:6 Rec. Actions:Recruiter Actions:0
Zycus - Application Security Architect (8-14 yrs)
Zycus is looking for hands-on security Architects with expertise and passion in solving/Consulting difficult security problems in distributed systems, multi-tenant services and large-scale infrastructures
- Work with infrastructure and development teams to define the strategy for and integrate, implement, and maintain security tools in the CICD pipeline leveraging automation to ensure SAST, DAST, etc. are part of the overall model
- Coordinate security testing of solutions including result analysis and driving of remediation (SAST, DAST, IAST, RASP, VM, and penetration testing)
- Work with the application and solution teams to secure SaaS and on-premise applications including assisting in the overall architecture and design of the solution and supporting components
- Ensure that applications developed meet our client's security policies and requirements, contractual obligations, and legal and regulatory requirements.
- Day-to-day work with client delivery teams and ensure that they adhere to our client's corporate information and application security architecture, policies, procedures, baselines and guidelines.
- This is role requires a mix of technical capabilities as well as the know-how to provide security governance over complex applications and projects while also having the ability to articulate complex security concepts to business personnel and non-security personnel
- Engage with resources across governance, compliance, and technical architects during the lifecycle of a project, supporting the sales cycle, to interacting with prospective clients and client teams to usher in, and provide security assurance, guidance, and advisory
- Serve as a Cybersecurity resource and SME for a Product and Platform centric organization ensuring that secure coding practices, security architecture, and governance are integrated with solutions during development while also ensuring that security is designed into actual services from the inception of the project to production and client delivery
- Interface with Digital business leaders, client architecture teams, corporate architecture and governance personnel
- Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
- Work with program managers to develop project plans, estimation documents, specifications, diagrams, and flowcharts
- Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
- Solid understanding as to how to mitigate risks with common controls such as WAF'S, IDPS's, MPS's, AWL, etc.
- Implement common principles and practices across cloud platforms and provide compliance with industry specific guidelines such as the Security Trust and Assurance Registry from the Cloud Security Alliance.Requirements
- Excellent communication skills (verbal and written)
- Bachelor's Degree in Computer Science, Systems Engineering or related fields
- 7+ years of security architecture responsibility and progressive information security experience across various information security/information technology risk management domains
- 7+ years of IT experience (including hands-on knowledge of network and distributed systems) and a sound understanding of networking concepts
- 5+ years performing risk assessments including experience with SAST/DAST tools, Vulnerability Remediation, Controls Mapping, Audit Protocols, Applications, Databases, Virtual Networks, Servers, Domains, SaaS, Cloud, Encryption, Firewalls, DLP, IAM Solutions, and security testing.
- Experience coordinating third-party penetration testing and working with development teams and product teams to drive remediation of findings.
- Experience implementing security testing tools (i.e. Fortify, BlackDuck, Accunetix, Burp, etc.) and integrating them with workflow and development platforms (i.e. Jira, Jenkins, etc.) - Experience implementing secure solutions in public cloud environments (AWS/Azure/GCP) in alignment with ISO 2700, CSA, ISF, and NIST compliance
- Strong experience in public cloud solutions, services and practices including PaaS, IaaS, and SaaS products and services
- Understanding of network design principles with and knowledge of virtualized environments and implementation of security controls in a virtual infrastructure
- Implement application security best practices according to industry-recognized standards and frameworks such as OWASP, SANS, CIS
- Understanding of current information security solutions market and vendor spaces across broad security domains
- Work with development teams to ensure that appropriate assessment of security risks is performed. This role requires a mix of technical capabilities as well as the know-how to provide security oversight for complex applications and articulate security concepts to developers
- Strong communication and presentation skills. Ability to present complex compliance issues in an easy to understand manner for executive management.
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
- Certification in one or more of the following is required: CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager, or GIAC (Global Information Assurance Certification)Bonus Points
- Experience with IAST and RASP tool
- Drive and champion security tool development (e.g. scanning tools)
- Consult software development teams in design and architecture of secure systems through Threat Modeling
- Champion and consult on secure development life-cycle practices
- 8-14 years related work experience
- Hands-on experience having the following skills
- Object Oriented Design, Domain Driven Design, UML
- JAVA, J2EE, Spring, Struts, Webservices, AngularJS
- ORM framewrk like Hibernate, JDBC
- Database (Oracle/DB2/SQL Server,MySQL)
- Security tools and audit: Fortify/Checkmarx/CAST / SonarQube etc
- Strong knowledge on secure coding, secure design, OWASP knowledge with implementation realized on projects.
- Experience with Cloud platforms such as Amazon Web Services (AWS)
- Ability to propose productivity implements and DevSecOps implementation
- Strong in reviewing technical design
- Excellent communication skills Attention to details
- 3+ years of experience in security engineering or related field or equivalent experience Good development experience in Core Java/J2EE
- Experience working in a large cloud or Internet software company preferred
- Strong application/product/software security background
- Experience in two of the following areas: (Defensive security/ Offensive security/ Architecture security solutions)
- Expert in web application vulnerabilities and mitigation beyond the OWASP Top 10
- Expert in web browser security
- Expertise in federation protocols (SAML, OAuth)
- Experience building network security architectures for complex global networks
- Expert in database security
- OWASP: 5 years (Preferred)
- Security Architecture: 5 years (Preferred)
- Networking : 5 years (Preferred)
- Risk Assessments : 5 years (Preferred)
- Penetration Testing: 5 years (Preferred)
- SAST and/or DAST: 5 years (Preferred)
Five Reasons Why You Should Join Zycus
- Cloud Product Company: We are a Cloud SaaS Company and our products are created by using the latest technologies like ML and AI. Our UI is in Angular JS and we are developing our mobile apps using React.
- A Market Leader: Zycus is recognized by Gartner (world's leading market research analyst) as a Leader in Procurement Software Suites.
- Move between Roles: We believe that change leads to growth and therefore we allow our employees to shift careers and move to different roles and functions within the organization
- Get a Global Exposure: You get to work and deal with our global customers.
- Create an Impact: Zycus gives you the environment to create an impact on the product and transform your ideas into reality. Even our junior engineers get the opportunity to work on different product features.
About Us :
Zycus is a leading global provider of A.I. powered Source-to-Pay suite for procurement, finance, and AP organizations. Our comprehensive product portfolio includes eProcurement, eInvoicing, Spend Analysis, eSourcing, Contract Management, Supplier Management, Financial Savings Management, Project Management, Request Management, Supplier Network, Insight Studio, and Merlin A.I. Suite with intelligent BOTs. Our spirit of innovation and passion to help organizations create greater business impact is reflected among the hundreds of procurement solution deployments that we have undertaken over the years.
The link provided below will redirect you to a website. Please apply there as well.