Search by job, company or skills

Mashreq

AVP-Security Assurance

Mashreq
India
13-16 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

We are seeking an experienced Product Security Head to lead and enhance the security practices within our software development lifecycle. The ideal candidate will have a strong background in secure SDLC, embedding security champion programs, and automating security decisions. This role involves building secure automated pipelines, implementing security testing at every stage of development, and collaborating with development and security teams to ensure that security is seamlessly integrated into the entire product development process.

KEY RESULT AREAS

  • Design, implement, and maintain secure automated pipelines within the software development lifecycle to ensure security is embedded from the start.
  • Automate security tasks to ensure secure continuous integration and continuous delivery (CI/CD) processes.
  • Work closely with development and operations teams to integrate security controls into the software development process from the earliest stages.
  • Conduct intrusive penetration testing and vulnerability assessments on applications, APIs, infrastructure, and network systems.
  • Perform security audits and code reviews to identify flaws and security risks within the development pipeline.
  • Use advanced attack techniques, tools, and simulations to identify security gaps and recommend mitigation actions.
  • Develop and implement risk management strategies to reduce vulnerabilities in development and operational environments.
  • Provide actionable feedback and training to teams to improve secure coding practices and configuration practices.
  • Work with various teams to ensure security integration throughout the product development lifecycle.
  • Prepare detailed reports, including risk assessments and actionable remediation strategies for both technical and non-technical stakeholders.
  • Keep up with new security threats and vulnerabilities and implement best practices for secure development processes.

OPERATING ENVIRONMENT, FRAMEWORK AND BOUNDARIES, WORKING RELATIONSHIPS

  • The role is based within the Information Security Group (ISG) and focuses on secure development practices, application security, and integrating security into DevOps and CI/CD processes.
  • The platform security head works within security policies, industry standards, and regulatory frameworks like PCI, NESA, RBI C-SITE, SWIFT, and development frameworks such as Agile, RAD.
  • Collaboration with development, operations, and security teams is key to ensure security is embedded into the development process.
  • Interaction with both technical and non-technical stakeholders to present security findings and remediation strategies.
  • Work with external vendors or cybersecurity experts when required to ensure security assessments are comprehensive and up to date.

PROBLEM SOLVING

  • Identify security vulnerabilities and flaws in applications, APIs, and other parts of the development lifecycle and provide solutions to mitigate them.
  • Solve problems by automating security testing processes to ensure continuous monitoring for vulnerabilities in the development pipeline.
  • Identify and address gaps in the software development lifecycle where security controls need to be better integrated.
  • Use security testing tools like Burp Suite, SAST, DAST, IAST, and dynamic testing tools to find vulnerabilities and recommend fixes.

DECISION MAKING AUTHORITY & RESPONSIBILITY

  • The Product Security Head has the authority to decide on the implementation of security tools, security strategies, and methods for automating security in the SDLC.
  • Responsible for ensuring that security is integrated at every stage of the software development lifecycle and that development pipelines are secure.
  • Takes responsibility for collaborating with teams and reporting security vulnerabilities, risk assessments, and remediation plans to senior management and technical teams.

KNOWLEDGE, SKILLS AND EXPERIENCE

  • Bachelor's or master's degree in computer science, Information Security, Cybersecurity, or a related field.
  • 13 to 16 years of progressive experience in application security, secure coding practices, API security, and CI/CD security practices.
  • Relevant certifications such as CSSLP, OSWP, CEH, and API Security certifications are highly desirable.
  • Proven experience in secure SDLC, API security, and continuous integration/deployment (CI/CD) security practices.
  • Proficiency in security testing tools like Burp Suite, SAST, DAST, IAST, and dynamic testing tools.
  • Familiarity with OpenAPI Specifications, OAuth, SAML, and API Gateway security, including enforcing AAA (Authentication, Authorization, and Accounting).
  • Strong programming and scripting skills in languages such as Python for automation and security integration.
  • Familiarity with security-focused DevOps tools such as Jenkins, GitLab CI, Docker, and Kubernetes.
  • Strong analytical skills in identifying and solving security vulnerabilities in the development lifecycle.
  • Excellent communication skills to interact with development, operations teams, and senior management to present findings and remediation strategies.
  • Experience in the banking or financial services industry.
  • Deep understanding of secure coding practices and application security principles.
  • Knowledge of development, regulatory, and compliance frameworks such as Agile, RAD, PCI, NESA, RBI C-SITE, SWIFT.

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Information Security
Employment Type:
Full time

About Company

Mashreq

Job ID: 136885563

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 24-12-2025 07:52:12 PM
Homejobs in IndiaAVP-Security Assurance