The bank for a changing world

Application Security Lead

Contract

Standard / Permanent

Location

IN-MH-Mumbai

Job function

INFORMATION TECHNOLOGY

Reference

CIB001987

Application Security Lead (GM IT Application Security)

Experience:   7- 10 years
 
Role
An Application Security Lead is required to work with the GM IT Application Security team. The role will focus on shaping and implementing best-practice guidelines for securing applications against the following security standards:
 
  • Authentication: SAML, Kerberos, Windows, SSO, PKI, other token based etc.
  • Authorisation : SAML Assertions, LDAP repositories, ad-hoc usage of ADAM ,others  
  • Code security : Protecting against OWASP recognised security risks, static source code analysis
  • Networking/Messaging Protocols : Web Services (both WS.* and RESTful), SSL/TLS handshake, MQ, CFT (file transfer), others
 
Objectives
  1. Should contribute to the definition of best-practice guidelines prescribing how to secure services and applications (developed predominantly in JAVA & .NET) driven through various security policies defined for this area.
  2. Should be familiar with application development so that he/she can use prior development knowledge in integrating strong authentication libraries with different applications and troubleshooting.
  3. Should be able to play the security consultant role for application development teams.
  4. Should have good Knowledge of Secure Coding Best Practices .Good exposure of Web based applications and vulnerabilities associated e.g. OWASP top 10.
  5. Should be flexible to work on other security areas like risk assessment, publishing different KRI dashboards, participate in different security committees etc.
  6. The candidate will be a flexible, forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus.
  7. Highly skilled and able to demonstrate value to the application development and architecture community at a practical level.
  8. Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals

Skills:

 

 
Essentials
Desirable
 
  • Strong understanding and experience with Strong Authentication and Authorisation best practices, standards and mechanisms.
  • Understanding of Encryption,PKI,Message Digest/Hash function, Digital Signature
  • Familiar with coding languages like JAVA/J2EE , .NET , C++ etc.
  • Experience with secure session management and securing data flows between endpoints
  • Experience in application architecture review from security perspective
  • Excellent knowledge of secure programming best practices
  • Knowledge of producing different security reports and Dashboards
  • Strong communication skill to coordinate between stakeholders
  • Experience with SAML assertions and either the SAML 2.0 protocol, WS-Federation and WS-Trust.
  • Experience of a wide range of communication technologies used in the financial enterprise, e.g. WS.*, RESTful WS, TIBCO RV, MQ
  • Experience with the Spring Framework, especially Spring Security
  • Experience implementing single-sign-on security strategies in enterprise environments
  • Experience with Static Source Code Analysis tools like HP Fortify Code Review Tool
  • Good to have security certifications (CISSP, CSSLP, CEH, ISO 27001 etc.)