Associate Architect - Product Security
- Yodlee
- 10 - 15 years
- Thiruvananthapuram
- 7 days ago
- Email to a friend
- Report this job
Job Description
- Define and enforce secure coding standards and best practices.
- Perform threat modeling, security architecture reviews, and code analysis.
- Design and implement secure CI/CD pipelines with integrated security controls.
- Automate security testing (SAST, DAST, IAST, SCA, container scanning) in SDLC process.
- Evaluate and integrate security tools and platforms
- Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
- Build automation focused on efficiency (eg increase triaging efficiency, manage false positives etc)
- Leverage ASPM and build workflows and reports
- Evaluate and integrate security tools and platforms
- Implement Infrastructure as Code (IaC) security and cloud-native security controls.
- Monitor and respond to security incidents in development and production environments.
- Collaborate with development teams to remediate vulnerabilities and design secure applications.
- Develop and deliver secure coding training and awareness programs.
- Stay current with emerging threats, vulnerabilities, and security technologies.
- Ensure compliance with industry standards (eg, OWASP, NIST etc).
Requirements
- Overall 10+ years of experience in application security, software development, or related roles.
- 6+ years of work experience in Application security, preferably in a fintech or financial services domain
- Strong understanding of web, mobile, API and cloud application architectures.
- Experience of code reviewing or code contributing in Java, Java Script, .Net. C#, Python, or IaC scripting.
- Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc, with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
- Deep understanding of DevSecOps practices and experience in CI/CD automation for one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
- Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
- Perspective of supporting developer tools as a security professional (eg integrating security tools with IDE, PR checks etc)
- The experiences in building security controls for a system that follows NIST CSF and SSDF frameworks and performing the risk-based security reviews that meet the OWASP, SOC2, GDPR requirements.
- Ability to identify and summarize practical operational procedures, write standards or SOPs, and provide security scan reports.
- A good understanding of full stack software development and best practices for developing software (version control, branching, automation, IaC, documentation, testing, etc)
- Ability to collaborate cross-functionally and communicate effectively with highly technical teams and provide written assessment reports as needed.
- Certifications such as CSSLP, OSWE, or CEH.
Job Classification
Industry: Financial ServicesFunctional Area / Department: Engineering - Software & QARole Category: DevOpsRole: DevOps Consultant / ArchitectEmployement Type: Full timeContact Details:
Company: YodleeLocation(s): Thiruvananthapuram+ View Contact
Keyskills: Automation Version control Software development Coding Cloud Application security Operations Financial services SDLC Python
Fraud Alert to job seekers!
₹ Not Disclosed
Similar positions
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in