Job Description
About The Company
Monarch Innovation Private Limited is a leading organization committed to delivering innovative technology solutions across various industries. Renowned for its dedication to excellence and customer-centric approach, Monarch continuously strives to set new standards in the technology landscape. The company fosters a dynamic and inclusive work environment, encouraging professional growth and innovation among its employees. With a focus on leveraging cutting-edge technologies, Monarch aims to empower its clients with secure, scalable, and efficient solutions that drive business success.
About The Role
The organization is seeking a highly skilled Application Security Risk Analyst to join its Information Security and Compliance department. This pivotal role involves working closely with development teams and senior IT leadership to embed security practices throughout the software development lifecycle. The successful candidate will be responsible for developing, implementing, and overseeing a comprehensive Secure Systems Development Lifecycle (S-SDLC) program aligned with industry standards such as ISO and NIST frameworks. This role demands a proactive individual capable of conducting security assessments, guiding secure coding practices, and fostering a security-first culture within the organization. The Application Security Risk Analyst will serve as a subject matter expert, providing technical guidance, conducting vulnerability assessments, and ensuring that security controls are effectively integrated into all application development processes.
Qualifications
The ideal candidate will possess a minimum of 6-8 years of experience in application architecture, security assessment, and testing. A bachelor's degree in Engineering, Computer Science, Management Information Systems, or related fields is required. Relevant certifications such as CPT and CEH are mandatory, with optional certifications like CISSP, AWS Solutions Architect, and CCSP being advantageous. The candidate should have extensive hands-on experience with application security tools such as Veracode, Checkmarx, Synopsys, and Netsparker, along with a solid understanding of secure coding standards and frameworks like OWASP. Knowledge of programming languages including .NET, Java, Python, and C++, as well as familiarity with microservices, blockchain, and cloud security, is essential. A deep understanding of network security, cryptographic tools, and operating system security concepts is also required to excel in this role.
Responsibilities
Develop and implement the Secure Systems Development Lifecycle (S-SDLC) program in collaboration with senior IT leaders and application development teams, ensuring compliance with organizational risk management policies and industry standards.
Provide governance and oversight of the S-SDLC program, regularly communicating progress, challenges, and solutions to the CISO, senior management, and development teams.
Act as a security consultant, disseminating application security knowledge and best practices across development communities to foster a security-first mindset.
Research emerging security threats, including blockchain vulnerabilities, and evaluate solutions to mitigate risks effectively.
Lead demonstrations of application security tools, ensuring teams understand how to utilize them for vulnerability detection and management.
Manage integration of security feeds from tools like static and dynamic analyzers into the organization's Governance, Risk, and Compliance (GRC) platform.
Oversee the deployment and maintenance of security testing tools such as Veracode, Checkmarx, Synopsys, and Netsparker, including policy development and user access management.
Innovate and develop new approaches to improve code analysis and security testing processes, providing strategic guidance to technical teams.
Engage with third-party vendors and support teams to resolve software defects, support issues, and optimize tool performance.
Lead and manage the organization's bug bounty program to identify and remediate vulnerabilities proactively.
Stay abreast of the latest security threats, vulnerabilities, and attack techniques, providing insights and recommendations to enhance organizational defenses.
Monitor security systems, conduct risk assessments, and recommend improvements to existing controls to safeguard sensitive information.
Assist in internal and external audits related to application security and identity access management, ensuring compliance with standards such as SOC, IAA, and DFS.
Develop and maintain security policies, procedures, and documentation, including SOD matrices, access controls, and user recertification processes.
Perform regular reviews of user access, privileged accounts, and system vulnerabilities, ensuring timely remediation and compliance.
Support incident response activities by identifying, analyzing, and documenting security breaches or potential threats.
Collaborate with cross-functional teams to implement process improvements, automation, and integration of security controls within CI/CD pipelines.
Benefits
Monarch Innovation Private Limited offers a competitive salary package complemented by comprehensive health insurance, including medical, dental, and vision coverage. Employees have access to ongoing professional development opportunities, including certifications and training programs to enhance their skills. The company promotes a healthy work-life balance through flexible working hours and remote work options. Additional benefits include paid time off, performance bonuses, and employee wellness programs. Monarch is committed to fostering a diverse and inclusive workplace where every employee's contribution is valued, and career growth is encouraged.
Equal Opportunity
Monarch Innovation Private Limited is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment decisions are made without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, or any other protected characteristic. We believe that a diverse workforce enhances our ability to innovate and serve our clients effectively. We encourage qualified individuals from all backgrounds to apply and join our team.
