Application Security Engineer - Vulnerability Management

Required Experience: 8-12 Yrs Job Location: Bangalore Role and Responsibilities: - Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices. - Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC). - Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives. - Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations. - Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process. - Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels. - Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests - Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture. - Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders. Requirements: - Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM). - Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development. - Strong understanding of cloud and application security concepts, vulnerabilities, and attack vectors. - Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues. - Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics. - Proven track record in information security vulnerability assessment, remediation, and security governance. - Familiarity with Security Policies, Procedures, Audit, and Compliance requirements. - Expert understanding of code syntax and semantics of at least one object-oriented programming language. - Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests. - Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives. Should be very strong in: - SAST, DAST, VAPT (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 11/27/2024