Lead Engineer - Product Security
Trivandrum, Kerala, India
Envestnet
Explore our connected ecosystem of solutions, intelligence, and technologies that connect people’s daily lives with their long-term goals. See how we’re equipping advisors with the tools and resources needed to deliver the most impactful...Role Summary
• Responsible to ensure the implementation of security standards and compliance practices in various SDLC phases.
• Lead and mentor the team, collaborate with onsite and offshore teams to implement and ensure application security standards and practices.
• Perform various application security audits, tests and assessments to ensure security compliance within SLA.
Role Description
• Review the application features and enhancement design, perform code review and provide security specific recommendations and best practices in each SDLC phase.
• Perform penetration test on web applications, identify the vulnerabilities, report security issues, suggest remediation measures and guide the development team to resolve the issue.
• Execute automated scan on web applications using various SAST and DAST tools, triage the issues, identify true positives and work with the development team for resolution.
• Collaborate with development team to review, recommend and consult on security concerns and set secure architecture standards.
• Perform security controls assessments, recommend and update application security policies and procedures to keep up with the security trends and changing internal and external requirements.
• Perform domain audits with help of OSNIT tools.
• Collaborate with clients and third parties, provide technical support for penetration tests and audit of the products.
• Review, evaluate and recommend security best practices for AWS cloud specific implementations of SDLC.
• Analyse, review and suggest new application installations, test various features and fuctionalities and collaborate with IT helpdesk team through the process of application whitelisting.
• Design and implement application and web-based security trainings across the organization.
• Develop tools to automate security testing, design and implement strategies to enhance the efficiency of security bug discovery and resolution.
• Lead and mentor the team, provide technical and non-technical guidance for their overall development.
• Lead the vulnerability management by collaborating with development leads, managers to ensure vulnerabilities are remediated within SLA.
YOE : 05 to 08
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS Cloud Compliance DAST Product security SAST SDLC Vulnerabilities Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.