G+D makes the lives of billions of people around the world more secure. We create trust in the digital age with integrated security technologies in three business areas: Digital Security, Financial Platforms and Currency Technology. We have been a reliable partner for our customers for over 170 years with our innovative solutions for SecurityTech! We are an international technology group and traditional family business with over 14,000 employees in 40 countries. Creating Confidence is our path to success. Trust is the basis of our co-operation within G+D.
The whole world trusts us when it comes to physical or digital currencies. We increase the security and efficiency of the cash cycle in collaboration with central banks and the entire currency industry. As the market leader in advanced currency management, would you like to join us in shaping the future of payments
ROLE OVERVIEW As an Application Security Specialist in G+D, you will be immersed in the Cyber Defense Centers invigorating, rapid-paced & dynamic work setting, and play a critical role in safeguarding our organizations web applications and software systems. Your primary focus will be on identifying vulnerabilities, analyzing results and enriching them, implementing security measures, and ensuring the confidentiality, integrity, and availability of our applications. Youll collaborate with various stakeholders in order to contribute to a robust security posture. You will be expected to be proactive in your duties and provide constructive inputs to evolve the organizations cyber defense program.
RESPONSIBILITIES
- Conduct thorough security assessments for Web & Mobile applications, APIs, and software components to identify critical flaws in applications and systems that cyber attackers could exploit.
- Identify and prioritize security vulnerabilities, including OWASP Top Ten risks.
- Collaborate with development teams to integrate security best practices into the software development lifecycle.
- Perform code reviews, static analysis, dynamic testing, and penetration testing to identify security flaws at all architectural levels of the applications.
- Assist in incident response and vulnerability remediation efforts by responding to and managing the remediation of prioritized vulnerabilities, deviating baselines and unpatched assets. You should be capable of vulnerability prioritization, understanding the technical vulnerability details, perform root-cause analysis and consult the relevant stakeholder with the detailed technical steps required for remediation.
- Develop and maintain secure coding guidelines and standards.
- Monitor & analyze application logs and respond to security incidents promptly.
- Work on AD Security and related vulnerabilities in authentication protocols such as NTLM, RADIUS, Kerberos, etc.
- Prepare and provide detailed technical analysis (as required) and summary stats for management via the collected vulnerability testing data that can be leveraged to pinpoint pain areas and enhance the security posture of the company.
- Research reliable sources to identify new threats to the company. Analyze, and develop/test new threat detection capabilities.
- Stay informed about emerging threats and industry trends to proactively address security risks. Analyze data from threat intel and vulnerability feeds in order to filter data for applicability to the companys environment and publish internal threat intel for the company.
- Analyze and co-relate the threat data via various security tools such as Splunk, MS Sentinel, Qualys & MS Defender, etc. in order to drive proactive, effective & prioritized remediation.
- Provide security training and awareness to various teams.
- Prepare and maintain documentation on processes, case studies, vulnerability analysis, etc.
- Automate complex tasks using scripting (shell/bash/python,SQL etc.) and analyze data using visualization tools such as PowerBI or Tableau.
Technical Skill Requirements
- Strong understanding of web application security concepts, including authentication, authorization, encryption, and secure coding practices.
- Experience with performing SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis).
- Strong knowledge / Hands-on with security tools such as Accunetix, AppScan, Web Inspect, Qualys, Rapid7, Burp Suite, Hacker1, Kali Linux & Nikto, Fiddler, CodeSec, various Security Rating platforms, etc. (Mandatory)
- Familiarity with common web vulnerabilities (e.g., XSS, CSRF, SQL injection, HTTP Header issues) and mitigation techniques. Should be fluent with OWASP Top Ten risks.
- Strong understanding of standard exploitation techniques (e.g., Mitre Att&ck) and their mitigations.
- Knowledge of industry standards (e.g., OWASP, NIST) and compliance frameworks (e.g., GDPR, ISO:27001, PCI DSS, GDPR, SOC 2, HIPAA, etc.).
- Understanding and knowledge of scripting languages such as PHP & .NET.
- Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
- Understanding of risk modeling concepts and frameworks (STRIDE, DREAD, FAIR, etc.)
- Exposure in performing Risk assessment and Business Impact Analysis.
- Basic understanding of fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS.
Soft Skill Requirements
- Strong analytical & problem-solving abilities with attention to details are mandatory.
- A proactive & focused mindset with good foresight while dealing with day-to-day tasks and/or while designing solutions for complex problems, while being adaptable is a must.
- Excellent communication and soft skills (with focus on comprehension and communication) to collaborate with cross-functional teams is a must.
- Ability to balance security requirements with business needs.
Academic Qualification Requirements
- University degree in Computer Science, Information Systems or equivalent.
- Technical certifications awarded by a reputed institute such as CEH, CASE, CISSP, OSCP, etc. are a plus.
Experience Requirements
- 8-10 years total experience.
- 8+ years of relevant experience in Application Security Management.