Security Consulting Lead

Educational Qualification : 15 years full time education

Your typical day will involve providing leadership and guidance to the security consulting team, collaborating with cross-functional teams, and driving the delivery of high-quality security solutions.

• Identify potential security gaps in the CI/CD and Application design and develop mitigation strategies to ensure both remain secure.
• Define security requirements and controls for CI/CD processes and API development.
• Collaborate closely with other subject matter experts (SMEs) provide assistance with testing, optimization, and calibration of CI/CD & API controls.
• Ensure that security measures align with industry best practices and standards.
• Conduct PoC (Proof of Concept) for new tools, providing recommendations to help the business finalize tools that align with business objectives.
• Acting as an escalation point for any issues and requests related to security, vulnerabilities, and non-compliances.

• Practical knowledge of CI/CD processes and familiarity with tools like Ansible, SonarQube, Azure DevOps, Jenkins, GitHub, Bitbucket.
• SAST, DAST, SCA issues and their practical implementation within CI/CD processes and issues related to authorization, authentication or session management (SAML, OAuth, SSO, etc.).
• Experience in addressing web application & API security issues (e.g., OWASP Top 10, secure coding best practices).
• Familiarity with authorization, authentication, or session management techniques (e.g., SAML, OAuth, SSO).
• Knowledge of common attack methods (XSS, CSRF, SQL injection) and familiarity with frameworks such as MITRE.
• Knowledge of the SSDLC process and its components; Rest API technology and the API Gateway concept.
• Being familiar with one of the following programming languages to a good degree: Java, .Net, C#, JavaScript, Go and scripting languages such as Python.
• Experience with one of the three leading clouds – AWS, Azure or GCP

• Relevant certifications in DevSecOps or Application Security.
• Knowledge of cryptographic best practices.
• Understanding of the API Gateway concept and Rest API technology.
• Experience conducting Proof of Concept (PoC) for new security tools.

• Identify security gaps in the CI/CD pipeline and application designs and develop mitigation strategies to secure them.
• Define security requirements and controls for both CI/CD processes and API development.
• Collaborate with SMEs to assist in testing, optimizing, and calibrating CI/CD and API controls.
• Ensure security measures align with industry best practices and standards.
• Act as an escalation point for security-related issues, vulnerabilities, and non-compliance incidents.
• Conduct PoC for new security tools and provide recommendations to ensure they align with business objectives.

• Hands-on experience with CI/CD tools (Ansible, SonarQube, Azure DevOps, Jenkins, GitHub, Bitbucket).
• SAST, DAST, SCA tools implementation and practical experience addressing security vulnerabilities in CI/CD pipelines.
• Practical knowledge of web application & API security, secure coding, and familiarity with the OWASP Top 10.
• Experience with authentication and authorization mechanisms (SAML, OAuth, SSO) and cryptographic best practices.
• Familiarity with popular attack methods (XSS, CSRF, SQL injection, etc.) and the MITRE framework.

• Proven ability to identify and resolve security vulnerabilities across applications and CI/CD pipelines.
• Experience in working closely with SMEs to optimize security controls and test solutions.
• Strong collaboration skills, with the ability to align security requirements with business objectives.
• Experience with cloud platforms (AWS, Azure, GCP) and ensuring security compliance within these environments.

• Must To Have Skills: Proficiency in Application Security.
• Good To Have Skills: Experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST).
• Strong understanding of security principles and best practices.
• Experience in conducting security assessments and vulnerability testing.
• Knowledge of secure coding practices and secure software development lifecycle (SDLC).
• Familiarity with security frameworks and standards such as OWASP, NIST, and ISO 27001.
• Ability to analyze and interpret security assessment findings and provide actionable recommendations.
• Excellent communication and presentation skills to effectively communicate security risks and recommendations to stakeholders.

• The candidate should have a minimum of 5 years of experience in Application Security.
• This position is based at our Bengaluru office.
• A 15 years full time education is required.