Assistant Vice President - Application Security Testing SME

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose 

Responsible for managing Application Security requirements and processes to reduce technical risks due to vulnerabilities in applications exposed to customer or third-parties, including identifying and assessing vulnerabilities specific to applications. This role also responsible for leveraging expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment.

Role Accountability 

1. Participate in and support application security reviews including Threat modeling, Code review and Static & dynamic testing; discover security exposures and develop mitigation plans, and also report and fix the technical debt
2. Facilitate and support the preparation of security releases
3. Assist in development of automated security testing to validate that secure coding best practices are being used
4. Provide expertise in security tools for vulnerability assessment, penetration testing & application security
5. Perform vulnerability risk profiling and prioritization of vulnerabilities
6. Uphold code reviews across all Platforms and manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools 
7. Manage bug intake and remediation process for the organization and application vulnerability scanning and penetration testing remediation
8. Monitor vendor SLAs, perform regular review with vendor management and report to SBI Card leadership
9. Assist with planning, providing input on capabilities and methods used for vulnerability management and security testing, and driving improvements
10. Support in development of vulnerability management framework, support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks
11. Conduct vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
12. Perform vulnerability risk profiling and prioritization of vulnerabilities
13. Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies
14. Develop and monitor patch deployment schedules for all Vulnerability assessments and penetration testing on an ongoing basis as well as auditing for completeness and coordinate patch management/Remediation activities for all IT assets (workstations, network, server, application, database etc.)
15. Monitor vendor SLAs, perform regular review with vendor management and report to SBI Card leadership
16. Ensure process documentation and compliance adherence

Measures of Success 

1. Reduction in security vulnerabilities in SBI Card IT platforms
2. Number of enhancement opportunities identified for the security posture to reduce overall risk to SBI Card
3. Reduction in information leakage and exploitation from vulnerabilities
4. Timely and accurate vulnerability testing and remediation
5. Process Adherence as per MOU

Technical Skills / Experience / Certifications

1. Strong knowledge of web development and programming languages e.g. Java, .NET, Python, etc.
2. Strong knowledge of web application technology, e.g. Application Servers, Web Servers, Databases
3. Strong java developers, with some understanding of application security testing and willing to switch into that role, would fit for this position
4. Knowledge of performing security testing on an app development project either using struts, spring much like java based frameworks
5. Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GWAPT, GPEN, GXPN, OSCP, and CISSP)
6. Exposure to methodologies, such as OWASP preferred, Penetration, Host, Applications (Ethical Hacking tools such as Nessus, Qualys, Nexpose), Vulnerability Assessments - Network, Host, Applications, Security in SDLC (Application Security), Secure code review - .NET and J2EE technologies
7. Experience in Software development/Application Security/Vulnerability Management

Competencies critical to the role

1. Analytical ability 
2. Innovation & Problem Solving
3. Continuous Learning
4. Teamwork and Collaboration

Qualification 

Bachelor of Engineering in Computer Science / Engineering, Masters in Computer Science or any other relevant discipline

Preferred Industry

BFSI / NBFC / IT & ITES / E-commerce/Telecom