Manager – Application and Database security

Mumbai

This position is closed as on 2020-08-12

 

Reporting Structure

Reports to AVP – Security Engineering

Education

University degree in the field of computer science or IT.

Experience / Qualifications
  • A minimum of 6-8 years of IT experience with at least 4 years developing and implementing Applications (Client, Web and Mobile) and having complementary knowledge of databases
  • Good project management skills and excellent oral and written communication skills
  • Excellent knowledge of application and mobile development languages, databases MS SQL, DB2, Oracle and Sybase and security best practices related to the same.
  • Knowledge of banking applications like NEFT, RTGS, Core Banking and related security

Industry

Financial Domain (Banking / NBFC experience is desirable)

Responsibilities
  • Define application related security policies, guidelines, strategy
  • Define security guidelines for application development (secure SDLC, Secure coding practises etc.)
  • Define database  related security policies, guidelines, strategy
  • Define security guidelines for database hardening
  • Experience in working on Database activity monitoring (DAM) solutions would be added advantage
  • Create Application security life cycle (ASLC) framework
  • Define approach & conduct vulnerability assessment and penetration testing's.
  • Should have experience developing on programing languages such as C / C++, Java, .Net, VB etc.
  • Having knowledge of scripting languages like Perl, Python would be an advantage
  • Should have experience in working with Middleware (IBM MQ preferable)
  • Create hardening documents for the application
  • Work with SoC team to define event correlation rules related to application threats and vulnerabilities, ensure all events related to application threats are tracked to closure
  • Assist in Incident management
  • Handle Business Continuity Management for applications
  • Represent security group during external and internal IT Security and IS audits related to application security
  • Lead security solution evaluation, purchase and implementation
  • Gap assessment for new technology
  • Connect with sources who help update on current industry trends and security challenges

Certifications (Any one)
  • CEH
  • IACRB – Certified Application Security Specialist
  • CSSLP - Certified Secure Software Lifecycle Professional (ISC2)
  • Database Activity Monitoring solution