This role will be responsible for partnering with Technology Units to embed security in every stage of the DevOps processes, introducing security in the full lifecycle of application and infrastructure development thus minimising vulnerabilities and bringing security closer to IT and business objectives. Using Application Security (AppSec) services and tooling and apply them in frictionless ways to Technology Units, allowing early detection of security issues in code as well as embedding security into DevOps processes. In addition, should be able to secure the underlying platforms used in DevOps / System Development frameworks to protect end-to-end Software Development Life-Cycles (SDLC).
Location – Pune (Hybrid)
Your Future Employer- One of the leading savings and investments business in the UK with over 170 years of experience of finding innovative solutions to help people improve their financial futures, has offices across 20 European countries, managing assets worth £352+ bn and serving around 5.5 million retail customers & over 800 institutional clients.
Responsibilities:
- Lead the engineering of AppSec service tooling so they integrate seamlessly with Technology Unit DevOps processes.
- Help remediate AppSec security findings in order to help M&G achieve risk appetite levels in regards to application security requirements.
- Help achieve AppSec minimum service maturity levels and support Technology Units achieving acceptable levels of AppSec service consumption maturity.
- Provide security advice and guidance to development teams during remediation processes.
- Deliver security awareness and training to technology units within the Application Security domain
- Supporting the implementation of the AppSec strategy and capability roadmap.
- Supporting AppSec colleagues and M&G development teams stay abreast of current and emerging security threats.
- Helping M&G apply best practice for application security and secure coding.
- Complying with industry regulations that involved AppSec controls.
- Supporting response to incidents effecting AppSec services and M&G critical applications.
- Answering to Internal Audit and GRC control compliance checks.
- Supporting management of local AppSec team resources.
Requirements :
- Graduate in any discipline.
- A recognised information security qualification (CISSP, CISM etc.) or equivalent.
- At least 10 years of experience in cyber security with 4 years delivering application security.
- Extensive experience of using and engineering application security test (AST) tooling.
- Extensive experience using and engineering DevOps and CI/CD tooling: code repos, pipelines / actions, artefacts storage and package managers.
- Experience interpreting / remediating penetration testing findings.
- Extensive experience using Web and API protection services.
- Good experienced in working with UK stakeholders.
- Using Confluence and Jira (or equivalent).
- Using and securing Azure DevOps code repos and pipelines (or equivalent).
- Using and securing JFrog Artifactory (or equivalent).
- One or more coding languages: JavaScript, C++, Python, Java.
- Using and securing Azure logic apps, function apps, storage tables and log analytics.
- Creating Power BI reports.
- Using Checkmarx One (or equivalent AST tools, must include: SAST, SCA, IaC and DAST scanner types).
- Using and securing APIGee.
- Using and securing Akamai Application and API protection services.
- Using / integrating services with Prisma Cloud Enterprise (PCE), specifically container CI and runtime scanning.
What is in for you
- Collaborative and supportive environment
- Opportunities for growth and development
- Hybrid working model
Reach us- If you feel that you are the right fit for the role please share your updated CV at Nancy.thakur@Crescendogroup.in
Disclaimer- Crescendo Global specializes in Senior to C-level niche recruitment. We are passionate about empowering job seekers and employers with an engaging memorable job search and leadership hiring experience. Crescendo Global does not discriminate on the basis of race, religion, color, origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Note: We receive numerous applications daily, making it challenging to respond to each candidate. If you do not hear back from us within a week, please assume your profile has not been shortlisted. Your patience is highly appreciated.
Profile Keywords- Enterprise Security, Application Security , Devops , CICD , Azure logic apps, Cyber Security