Role and Responsibilities Include:
- Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities.
- Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary.
- Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices.
- Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices.
- Assess risks reported in the vulnerability assessment results and other security-related data, and prioritize remediation actions.
- Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline.
- Conduct regular security group reviews.
- Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness.
- Awareness of working and adapting to an Agile environment.
Skill Requirements:
- A bachelor's or higher degree in Computer Science, Computer Engineering, or a similar discipline.
- Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, with extensive knowledge in any one of the object-oriented programming languages.
- Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues.
- Strong web application security experience with a thorough understanding of web application vulnerabilities and secure coding practices.
- Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure.
- Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM.
- Knowledge in Cloud (AWS, Azure) Architecture.
- Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools.
- Understanding of Security Policies, Procedures, Audit, and Compliance requirements.
- Skills in Terraform/Chef/Python/Perl/Ruby are desired.
- Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics.
Soft Skills:
- Excellent communication and presentation skills.
- Ability to work collaboratively and build consensus is essential.
- Ability to manage multiple priorities effectively.
- Strong analytical and problem-solving skills with attention to detail.
- Willingness and capability to self-learn.
Good to Have:
- Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage.
- Experience in assessing and enhancing security of cloud-based environments and services.
- Experience in AWS security involving tools and processes.
- Experience in container/Kubernetes security.
- Active participation in the security communities and groups.
- Demonstrated commitment to staying up to date with emerging security threats and technologies.
- Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security, etc.
