Application Security Manager – Information Security Group

Essential Services: Role & Location fungibility

At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team. To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service. While the role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature.

About the role

At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security.

Key Responsibilities

• Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc.
• Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis.
• Collaborate: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation.

Key Qualifications & Skills

• Education Qualifications: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent
• Certifications: OSCP
• Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset.
• Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)
• Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends