AVP, Security Assurance - Product Security.MGN Pak - Information Security Governance.Risk Management Group - PAKCOE

We are seeking an experienced Product Security Head to lead and enhance the security practices within our software development lifecycle. The ideal candidate will have a strong background in secure SDLC, embedding security champion programs, and automating security decisions. This role involves building secure automated pipelines, implementing security testing at every stage of development, and collaborating with development and security teams to ensure that security is seamlessly integrated into the entire product development process.

• Design, implement, and maintain secure automated pipelines within the software development lifecycle to ensure security is embedded from the start.
• Automate security tasks to ensure secure continuous integration and continuous delivery (CI/CD) processes.
• Work closely with development and operations teams to integrate security controls into the software development process from the earliest stages.
• Conduct intrusive penetration testing and vulnerability assessments on applications, APIs, infrastructure, and network systems.
• Perform security audits and code reviews to identify flaws and security risks within the development pipeline.
• Use advanced attack techniques, tools, and simulations to identify security gaps and recommend mitigation actions.
• Develop and implement risk management strategies to reduce vulnerabilities in development and operational environments.
• Provide actionable feedback and training to teams to improve secure coding practices and configuration practices.
• Work with various teams to ensure security integration throughout the product development lifecycle.
• Prepare detailed reports, including risk assessments and actionable remediation strategies for both technical and non-technical stakeholders.
• Keep up with new security threats and vulnerabilities and implement best practices for secure development processes

• Bachelor’s or master’s degree in computer science, Information Security, Cybersecurity, or a related field.
• 13 to 16 years of progressive experience in application security, secure coding practices, API security, and CI/CD security practices.
• Relevant certifications such as CSSLP, OSWP, CEH, and API Security certifications are highly desirable.
• Proven experience in secure SDLC, API security, and continuous integration/deployment (CI/CD) security practices.
• Proficiency in security testing tools like Burp Suite, SAST, DAST, IAST, and dynamic testing tools.
• Familiarity with OpenAPI Specifications, OAuth, SAML, and API Gateway security, including enforcing AAA (Authentication, Authorization, and Accounting).
• Strong programming and scripting skills in languages such as Python for automation and security integration.
• Familiarity with security-focused DevOps tools such as Jenkins, GitLab CI, Docker, and Kubernetes.