Minimum of 9 years of experience in Enterprise Security and Cloud Security.
At least 3 years of experience in DevSecOps and Application Security for cloud security
technologies.
Lead application vulnerability scanning and penetration testing remediation discover
security exposures and develop mitigation plans.
Responsible for Driving Secure by design initiatives in the organization & mentor
delivery teams with right security controls to protect customer data.
Responsible for application security reviews including Threat modelling Code review
and manual Static & dynamic testing code reviews across all Platforms.
Automating the security controls during CI/CD Pipeline gaining visibility into security
threats applicable by scanning images / registries flag vulnerabilities identify /
prevent lateral movement in Container environment.
Shall be able to identify the drifts during container deployement.
Define data security controls for OnPrem / Cloud & Container deployments (on
Open source / Off the shelf). Have detailed experience of handling SSL PKI based
encryption of data at rest in motion and in use.
Experience in building cloud security controls in opensource Container Environment
(such as Kubernetes) either deployed in Onprem or public cloud. Strong knowledge
of CI/CD Pipeline deployments.
Responsible for development of automated security testing to validate that secure
coding best practices are being used.
Understand and implement best practices for baselining / hardening the
heterogeneous environment (such as servers / VM's / Microservices).
Manage integration with vulnerability check tools such as Static Code Analysis
Dynamic Code Analysis and Software Composition Analysis tools.
Monitor vendor SLAs perform regular review with vendor management and report to
GeM leadership.
Maintaining current knowledge and understanding of the threat landscape and
emerging security threats and vulnerabilities.