Technical Program Manager Information Security III

Must Have Skills
Skill 1 Should have good understanding of DevSecOps concepts/principles and cloud native services to enable secure development and deployment of applications in the Cloud
Skill 2 Work with Information Security and Information Technology teams to build & maintain controls to manage varied risks including application and cyber risks
Skill 3 Familiarity with the tools for various security activities: Static Code Analysis DAST Penetration Testing Intrusion Detection/Prevention etc
Skill 4 Experience working in semiconductor industry is a plus

Good To have Skills
Skill 1 Certification in any security area is a plus

Domain Experience (If any ) Information Security III

Key Responsibilities
Partner with various stake holder groups to promote and build a culture of security and ensure products are designed and built securely.
Partner with Product Engineering Legal and Information Security teams to ensure security & compliance objectives are identified and tracked to completion.
Partner with product teams across Applied to identify and implement security requirements into their respective product development activities.
Creating and driving the project schedule working with BU security champions and managing schedule progress; from large phases through to detailed tasks including understanding and managing dependencies within and across Product Groups
Work with a global team to help implement and monitor security controls to proactively identify product security issues
Ability to interpret security tools and penetration testing results to stakeholders and provide advice on vulnerability remediation and risk mitigation
Should have good understanding of DevSecOps concepts/principles and cloud native services to enable secure development and deployment of applications in the Cloud
Work with Information Security and Information Technology teams to build & maintain controls to manage varied risks including application and cyber risks
Work across teams to develop and define project/program information security metrics & dashboards.

Qualification
Bachelors degree or equivalent experience in Security
Minimum 6 to 8 years of experience in Application and/or product security
Knowledge of regulatory guidelines and standards such as ISO27001 SEMI Standards etc.
A thorough understanding of common application security tools code libraries and documentation.
Understanding of threat modeling security vulnerabilities attacker exploit techniques and methods for their remediation.
Familiarity with the tools for various security activities: Static Code Analysis DAST Penetration Testing Intrusion Detection/Prevention etc.
Experience in performing source code review
Working knowledge of one scripting language and or familiarity with at least one software programming language and a framework is a plus
Excellent written and verbal communication skills with the ability to adapt messaging to executive technical and nontechnical audiences.
Certification in any security area is a plus
Experience working with manufacturing equipment or industrial equipment is a plus

Experience working in semiconductor industry is a plus