Assistant Vice President - Vulnerability & Application Security Lead

About the company

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to the overall development of an employee through comprehensive learning & development framework

Role Purpose

The IT Application Security Operations SME, under the guidance of IT Security Operation leader serves a critical SME role for the execution, implementation and operations of the application security which includes F5 WAF (Web Application Firewall) operation support, expert knowledge on OWASP, application security, Non-OS Vulnerability Management. Under the support of CTO/CISO / InfoSec team. Person will be managing the application security operational support as per the defined functional & company strategy, goals, and performance objectives Candidate have WAF related expert certification (F5- BIG-IP ASM specialist or F5- Security certification), Application security or OWASP related certifications, Certified Application Security Engineer/expert (CASE).

Role Accountability 

Web Application Firewall (WAF)

1. Experience in designing, implimentation, production support of F5's  Web Application Firewall (WAF) platform
2. Optimize the WAF configuration to avoid the Application performance issues
3. Provide technical leadership on WAF and support in identifying and resolving WAF related issues
4. Manage day-to-day WAF related operational activities and task
5. Lead change, incident, and problem management for WAF including creating change requests, incident Reports and Root Cause Analysis (RCA) reports.
6. Provide escalation Support on critical issues on WAF solution platform
7. Need to co-ordinate with application team to onboard URL onto WAF and resolve their queries
8. handle all critical security incident, advisories ad resolution as per SLA
9. Candidate have WAF related expert certification (F5- BIG-IP ASM specialist or F5- Security certification
10. Very good knowledge on OWASP vulnerability, troubleshooting and mitigation
11. Responsible for implementation, execution, and effectiveness of vulnerability management program to achieve 100% defects closure 
12. Coordinate patch management activities for Applications and its related components
13. Ensure execution of patch deployment as per the schedule received from Infosec for Vulnerability identified in Applications domain
14. Implementing security hardening best practices, and publishing the Vulnerability and Patch Management metrics
15. Manage Vulnerability management framework to support compliance and risk management activities to mitigate vulnerability risks
16. Manage the execution of patch management for Non-OS environment
17. Provide L3 / L4 Support on Application Security issues and Conclude RCA

 Measures of Success 

1. 99.9 uptime for all application security tools.
2. Application security incident management which should resolve as per agreed ITIL SLA
3. All operation KPI should be in green state 
4. All PKI/.Certificate should be in gree status and there should not be any threat or expiration on them
5. Vulnerability Management
   1. Responsible for 98%  compliance with respect to Non OS application Vulnerability management.
   2. Responsible to achieve compliance for top 10 OWASP application security threat.
   3. co-ordination with all IT team/Leads to get maintenance window, pre and post sanity of weekly and monthly basis.
6. Risk Management
   1. All application Security tools KPIs are in green state.
   2. All VAPT/back box and white box testing for application should be mitigate.
   3. controls against each residual risk.
7. Auditing and Compliance
   1. All IT application related finding in the auditing should be closed as per agreed timeline.
   2. All hardware should be on agreed OS firmware (N-2)compliance.
   3. All IT hardware /tools should have hardening configuration implemented.
8. Budgeting
   1. Responsible to prepare budget and expense against each project or BAU activity.

Technical Skills / Experience / Certifications

1. Experience in Designing, IT & Cyber  Security, application security, WAF solution 
2. Security certification:CISM, CEH ,WAF certification

Competencies critical to the role

1. Good experience in security design, security solution and operation.
2. Good experience in network design, security solution and operation.
3. Strong knowledge on security tools WAF, NIPS, DLP, NAC, SOAR, threat hunting, Mitre framework.
4. Should have experience in managing contracts and dealing with external vendors / third parties
5. Excellent project management skill, stakeholder management, time management.
6. Excellent Communication, Interpersonal, Presentation and Leadership Skills 
7. Strong verbal and written communication skills with both business and technical areas

Qualification 

1. Experience of 10+ years in Designing, IT & Cyber Security, application security, WAF solution .
2. Security certification: CISM, CEH ,WAF certification

Preferred Industry

BFSI, NBFC