Job Description

The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products & platforms.

Soft Skills:

Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective. Holistic thinking; must balance security & functionality using practical demonstrable examples. Must also contribute to & implement "good architecture principles" to lower technical debt. Assertive personality; should be able to hold her / his own in a project board or work group setting. Superlative written & verbal communication skills; should be able to explain technical observations in an easy-to-understand manner. Ability to work under pressure & meet tough/challenging deadlines. Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not. Strong understanding of Risk Management Framework & security controls implementation from an implementer standpoint. Has strong decision making, planning & time management skills. Can work independently. Has a positive and constructive attitude.

Key Requirements:

Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Essential) General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar General Cloud Security: CCSK /CCSP or similar Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Eligibility:

4+ years of experience in an information security function with good background in IT, stakeholder management & people management (Essential) 3+ years of experience as a Security Engineer especially in Cloud Native environments (Essential) Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation (Essential) Expert at the technology & frameworks in his/her area of expertise, coach other architects on development standards & best practices Good understanding of Microservices based architecture Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection, end-point protection, API / Micro services Security Experience working in a DevOps environment with knowledge of CI/CD, Containers, DAST/SAST tools & building Evil Stories (Essential) Follow design principles & apply design patterns to enforce maintainable & reusable patterns in the form of code or otherwise Can understand & interpret potential issues found in source or compiled code Has automation skills/capability in the form of scripting or similar Can attack application & infrastructure assets, interpret threats and suggest mitigating measures Ability to interpret Security Requirements mandated by oversight functions & ensure comprehensive coverage of those requirements via documentation within high level design and/or during agile ceremonies via Evil Stories Can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Knowledge of Agile methodologies/principles such as Scrum or Kanban Key Skills - Web & Mobile Application Security, Security Code review, API security, Platform Security, IAST, SAST, DAST Expertise in Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift & good knowledge about microservice architecture & pipeline driven security. Knowledge of Mobile App testing (Android & iOS), Web Application Security, Security Code Review, Container Review, Infrastructure Review, WAF rules review Responsibilities: Eligibilities: