Job Description
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.
Role and Responsibilities
• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Design review, Code Review, Penetration testing (Ethical Hacking), Vendor Risk Assessment.
• Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
• Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.
• Review design and development artefacts to ensure security quality in the products being developed.
• Evolve security review processes in accordance with Information Security Standards and market best practices.
• Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams.
• Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.
• Provide diligent and competent service to customers by delivering an impartial and accurate service with Integrity, honesty and in accordance with the Information Security Policy and Standards
• Foster security awareness and understanding.
Required Technical and Professional Expertise
• 3-5 years of conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.
• Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
• Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code
• Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements
• Knowledge of attack vectors from OWASP, WASC and mitigation of the same.
• Knowledge in various open source security tools such as proxies, fuzzers etc
• Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).
• Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols
• Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity
• Capable of understanding end user requirements from security perspective
• Sound business and technical acumen
Preferred Technical and Professional Expertise
• Integrate Security into DevOps and enable security automation in CI/CD pipeline
• Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.
• Focused and versatile team player that is comfortable under pressure
• Ability to remove barriers and enable teams to complete their objectives
• Excellent problem-solving and critical-thinking skills
• Understanding of emerging technologies and corresponding security threats
• Self-motivated, flexible, with a ‘can do’ attitude.
• Solid influencing skills
• Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation
💡 Quick Summary
Seeking a career-building opportunity? The Security Specialist| VAPT position is now open for candidates interested in the MIS Executive sector. This role in Mumbai offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in MIS Executive is a plus.
