Senior application security engineer will be a senior member of the Application Security team and will lead key initiatives for the firm. In this role, the individual will use their deep experience with application securityand will contribute towards building the application security roadmap. In addition, they possess a solid understanding web application firewall (WAF) and other perimeter security controls such as Bot detection, DDoS et.The understanding of key application security concepts such as authentication, authorization, encryption, key management is highly desirable.
The individual will be responsible for managing the WAF product for the firm. This include administration, rules management and analysis of events.
The individual will also interact with businesses on a regular basis and will generate appropriate KPI/KRI’s to discuss the effectiveness and status of the program.
• Strong background in application security and well informed on key application security controls
• Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
• Extensive knowledge of web technologies and concepts including APIs, microservicesetc
• Expertise in advising tech teams on application security vulnerability remediation
• Strong understanding of networking concepts
• Proven ability to understand and analyze highly complex issues, then apply experience and judgment to develop sound recommendations related to application and security event identification and resolution
• Strong organization skills with high attention to detail.
• Able to work independently with minimal supervision
• Excellent communication skills – written, verbal, presentation and interpersonal
• Willing to learn new skills and implement new technologies
Essential Key Responsibilities % of Time
1. Administrator WAF product for the firm and onboard all key assets
2. Manage the WAF rules and interact with the business to identify any custom rule requirement 20%
3. Work with the other appsec members to validate the effectiveness of the control 10%
4. Work with the security operations and technology team to analyze the WAF events and to perform root cause analysis of security incidents
5. Manage application security projects to address continuous risk and threats and to reduce vulnerability exposure for the firm.
• This is not an exhaustive list of all functions or responsibilities the employee may be required to perform; the employee may be required to perform additional functions as necessary
• Dun & Bradstreet reserves the right to revise the job description at any time
• Employment with the Company is at will (where applicable)
Education/Experience and Competencies
List the knowledge, skills, abilities, physical abilities, experience, licenses, training, educational requirements, etc. required for the position. These are not functions but rather the attributes an individual must possess in order to be qualified for the position.
1. Bachelor’s degree
2. 10+ years of working experience in cyber security, preferably in application security, secure SDLC and application development
3. Solid experience on managing web application firewall, preferably Akamai
4. Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
5. Strong technical acumen, communication and influence skills to demonstrate effectiveness of different application security initiatives
6. Solid understanding of:OWASP Top 10, NVD, CVSS scoring, application assessments
6+ years of working experience in cyber security, preferably in application security, secure SDLC and application development, 2 years Solid experience on managing web application firewall, Solid understanding of:OWASP Top 10, NVD, CVSS scoring.
Assist in developing, implementing and managing cyber security initiatives, as well as assessing cyber risks on new and existing applications and systems.
________________________________________ Position Title: Security Engineer Department: Information Security Reports to: Director– Security & Compliance Location: Hyderabad ________________________________________
A Career at HARMAN As a technology leader that is rapidly on the move, HARMAN is filled with people who are focused on making life better. Innovation, inclusivity and teamwork are a part of our DNA. When you add that to the challenges we take on and
The successful candidate has a good IT background with good level knowledge of multiple relevant security practice areas (anti-malware solutions, patch and vulnerability management, network security; monitoring; endpoint, etc.).
Simple body text this will replace with orginal content