Role: Manager – Application SecurityDepartment: LegalStream: Global Information SecurityReports to: Head of Information SecurityJob Location : BangaloreWork Model: HybridSummary of essential job functions The overall responsibility is to lead the AppSec team, develop AppSec strategies, and conduct application security assessments for the selection, development and implementation of enterprise applications. This position will focus on designing strategies for assessing in-house and vendor developed applications through design review, threat modelling, secure code review, and collaborating with application owners to remediate risk. Education, Certification and Experience: Bachelor’s degree in computer science / information science or related discipline.CEH, E|CSA, L|PT, CHFI, C|PENT, OSCP or relevant cyber security certifications. CISA or CISM or CISSP certification would be a plus. 10+ years of Information Security experience, preferably with at least 5 years of experience in Application Security.Competency Requirements: Performs a combination of duties in accordance with departmental guidelines: Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house, vendor developed applications and various legacy and AI systems within data centers and public cloud.Lead and mentor a team of AppSec professionals across DevSecOps, SAST, DAST, SCA, and SDLC disciplines.Experienced in working on multiple standards like OWASP, ISO 27001, SSAE16/SOC 2, and PCI.Develop enterprise policy and technical standards with specific regard to application securitymanagement and secure development standards. Interacts with the developers, project managers, core team to explain the findings, and recommend preventive, mitigating and compensating controls to ensure appropriate level of protection and adherence to the goals of the overall information security strategy.Interact with InfoSec leadership to set strategic directions and planning for Information Security, including annual and long-term security and compliance goals.Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.Analyses gaps between current and target security architecture and develop and implement roadmaps to close gaps.Evaluates security products and recommend apt security products based on business requirements.Spearhead 3rd party penetration tests of critical applications and infrastructure.Recommend security controls for AI/LLM/GenAI models.Translate corporate, client, and regulatory compliance requirements to current and future capabilities, products, and projects.Ensures compliance with the changing laws and applicable regulations.Coordinate and track all information technology and security related audits including the scope of audits, units involved, timelines, auditing agencies, and outcomes.Evaluate suspected security breaches, work with subject matter experts, and recommend corrective actions.Participates in the planning, development and implementation of data and system security controls and practices.Monitor external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.Develop and improve KPIs for AppSec program.Support CISO with other duties as assigned.InfoSec Domain Expertise:Vulnerability Assessment and Penetration Testing of applications, network, cloud and mobileDevSecOpsSecurity Architecture reviewRed TeamingDigital ForensicsSecure Software Development Lifecycle ManagementSecure Code TrainingsTechnical Compliance and Client Audit managementRegulatory ComplianceManage Vendor Risk, Brand, Security IncidentsBreach ManagementSkills, Knowledge and AbilitiesProven track record of leading AppSec teams with competence in security concepts and strategies with the ability to successfully implement them.Expert knowledge of application vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in applications across multiple on-prem, hybrid and cloud platforms.High performance skillset which not only understands the threat landscape as it relates to risks, but also able to meet technical challenges.Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.Strong written and verbal communication skills in English with the ability to collaborate through all parts of the business.Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.Comfort in a diverse technology environment spanning multiple operating systems and architectures
Job Title
Application Security Manager