Manager – Application and Database security

Mumbai India

Reporting Structure

Reports to AVP – Security Engineering

Education

University degree in the field of computer science or IT.

Experience/ Qualification

  • A minimum of 6-8 years of IT experience with at least 4 years developing and implementing Applications (Client, Web and Mobile) and having complementary knowledge of databases

  • Good project management skills and excellent oral and written communication skills

  • Excellent knowledge of application and mobile development languages, databases MS SQL, DB2, Oracle and Sybase and security best practices related to the same.

  • Knowledge of banking applications like NEFT, RTGS, Core Banking and related security

Industry

Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

  • Define application related security policies, guidelines, strategy

  • Define security guidelines for application development (secure SDLC, Secure coding practises etc.)

  • Define database related security policies, guidelines, strategy

  • Define security guidelines for database hardening

  • Experience in working on Database activity monitoring (DAM) solutions would be added advantage

  • Create Application security life cycle (ASLC) framework

  • Define approach & conduct vulnerability assessment and penetration testing's.

  • Should have experience developing on programing languages such as C / C++, Java, .Net, VB etc.

  • Having knowledge of scripting languages like Perl, Python would be an advantage

  • Should have experience in working with Middleware (IBM MQ preferable)

  • Create hardening documents for the application

  • Work with SoC team to define event correlation rules related to application threats and vulnerabilities, ensure all events related to application threats are tracked to closure

  • Assist in Incident management

  • Handle Business Continuity Management for applications

  • Represent security group during external and internal IT Security and IS audits related to application security

  • Lead security solution evaluation, purchase and implementation

  • Gap assessment for new technology

  • Connect with sources who help update on current industry trends and security challenges

Certifications (Any one)

  • CEH

  • IACRB – Certified Application Security Specialist

  • CSSLP - Certified Secure Software Lifecycle Professional (ISC2)

  • Database Activity Monitoring solution