We are looking to onboard a seasoned and forward-thinking cybersecurity leader for the role of Head – Application Security at the Adani Group.
This is a strategic leadership position responsible for driving the Group's application security vision and embedding security across the software development lifecycle (SDLC). The role will focus on strengthening secure design practices, DevSecOps integration, vulnerability management, and ensuring that applications across the enterprise are resilient against evolving cyber threats.
The incumbent will work closely with engineering, digital, and product teams to establish scalable security frameworks, promote secure coding practices, and enable a proactive, risk-based approach to application security.
At Adani, we are committed to upholding the highest standards of governance, security, and operational excellence. We look forward to engaging with industry leaders who can help us advance our application security maturity and safeguard our digital ecosystem.
The detailed job description is attached for your reference.
Job Title - Head Application Security
Department - AdaniCyber Security
Reporting to - Group CISO
Location - Ahmedabad
Leadership and Strategy Development:
- Oversee the organization's application security initiatives, ensuring alignment with business goals and risk management strategies.
- Define and implement strategies to protect applications across their entire lifecycle—from design to deployment and beyond.
- Manage and mentor a team of application security professionals, including security engineers and analysts, to build a robust application security culture within the organization.
- Collaborate with senior management, development teams, product teams, and IT to ensure alignment on security priorities and initiatives.
Risk Management:
- Evaluate the security posture of applications and assess potential risks, such as data breaches, vulnerabilities, and exploitation tactics.
- Proactively identify potential threats and assess how the application's architecture could be targeted by cybercriminals.
- Develop and recommend remediation strategies to minimize risk exposure.
Secure Software Development Lifecycle (SDLC):
- Ensure that security is embedded throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment.
- Perform code reviews, static/dynamic analysis, and penetration testing to identify vulnerabilities in applications.
- Work with developers to integrate secure coding practices, secure design principles, and appropriate security controls into application development.
Application Security Testing and Tools:
- Oversee the implementation and execution of security testing activities, such as automated scanning, vulnerability assessments, and penetration testing.
- Select and implement the appropriate security tools (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA)) to identify vulnerabilities in applications.
- Coordinate remediation efforts and track the status of vulnerabilities found in applications, ensuring timely fixes.
Compliance and Governance:
- Ensure that applications meet industry standards and regulatory requirements related to application security, such as GDPR, PCI DSS, HIPAA, or SOC 2.
- Develop and enforce security policies, standards, and best practices for secure application development and deployment.
- Conduct regular audits of applications and security programs, and report security metrics to management and external auditors.
Incident Response and Threat Intelligence:
- Lead efforts to investigate and respond to application security incidents, including identifying root causes and preventing future occurrences.
- Stay up-to-date on the latest trends in application security vulnerabilities, exploits, and attack techniques, and adjust strategies accordingly.
- Work with the broader cybersecurity team to coordinate responses and communicate the impact and mitigation steps to internal and external stakeholders.
Training and Awareness:
- Provide regular security training sessions for developers, QA engineers, and other relevant teams to foster a culture of security awareness.
- Educate and advocate for secure coding standards and practices across development teams.
- Promote awareness around secure application development and threat landscapes to improve organizational security culture.
Collaboration with Other Security Teams:
- Collaborate with the infrastructure security team to ensure that application security integrates well with network security, endpoint security, and cloud security.
- Engage in or facilitate red teaming exercises to assess application vulnerabilities and ensure security resilience in real-world attack scenarios.
Tool Selection and Automation:
- Implement security automation tools to help streamline security testing and vulnerability management.
- Continuously evaluate and refine application security practices, tools, and workflows to improve efficiency and security coverage.
Vendor and Third-Party Risk Management:
- Ensure that third-party applications and services used by the organization meet security standards and are regularly assessed for vulnerabilities.
- Evaluate and assess the security of third-party suppliers, vendors, and contractors who provide software or services to the organization.
Educational qualifications & Experience:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
- Master's degree or relevant certifications in Cybersecurity or Technology Management (preferred)
- Certifications:
- Certifications in Cybersecurity such as CISSP, CISM, or equivalent
- Additional certifications in emerging technologies and innovation management (desired)
Work Experience (Range in Years) :
Minimum 15+ years of experience in the Cybersecurity industry
Demonstrated track record of leadership in driving technological advancements and innovation
Proven experience in product development and implementation within the cybersecurity domain.
