Manager – Application and Database security
Navi mumbai ,India
This position is closed as on 2019-11-14
Reporting Structure
Reports to AVP – Security Engineering
Education
University degree in the field of computer science or IT.
Experience/ Qualification
-
A minimum of 6-8 years of IT experience with at least 4 years developing and implementing Applications (Client, Web and Mobile) and having complementary knowledge of databases
-
Good project management skills and excellent oral and written communication skills
-
Excellent knowledge of application and mobile development languages, databases MS SQL, DB2, Oracle and Sybase and security best practices related to the same.
-
Knowledge of banking applications like NEFT, RTGS, Core Banking and related security
Industry
Financial Domain (Banking / NBFC experience is desirable)
Responsibilities
-
Define application related security policies, guidelines, strategy
-
Define security guidelines for application development (secure SDLC, Secure coding practises etc.)
-
Define database related security policies, guidelines, strategy
-
Define security guidelines for database hardening
-
Experience in working on Database activity monitoring (DAM) solutions would be added advantage
-
Create Application security life cycle (ASLC) framework
-
Define approach & conduct vulnerability assessment and penetration testing's.
-
Should have experience developing on programing languages such as C / C++, Java, .Net, VB etc.
-
Having knowledge of scripting languages like Perl, Python would be an advantage
-
Should have experience in working with Middleware (IBM MQ preferable)
-
Create hardening documents for the application
-
Work with SoC team to define event correlation rules related to application threats and vulnerabilities, ensure all events related to application threats are tracked to closure
-
Assist in Incident management
-
Handle Business Continuity Management for applications
-
Represent security group during external and internal IT Security and IS audits related to application security
-
Lead security solution evaluation, purchase and implementation
-
Gap assessment for new technology
-
Connect with sources who help update on current industry trends and security challenges
Certifications (Any one)
-
CEH
-
IACRB – Certified Application Security Specialist
-
CSSLP - Certified Secure Software Lifecycle Professional (ISC2)
-
Database Activity Monitoring solution