TC-CS-CTM-AppSec-Senior

div style=font-family:Arial;font-size:1.0empAt EY, we’re all in to shape your future with confidence. /ppWe’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. /ppJoin EY and help to build a better working world. /p/divdiv style=font-family:Arial;font-size:1.0em /divpspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongCTM Senior /strong–strong DevSecOps/strong/span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptAs part of our Cyber Security team, you will help secure cloud/on-prem applications and platform while ensuring seamless development, build and deployment capabilities. You will be responsible for the security assessment of infrastructure and applications, setting up processes and guidelines. You will work closely with DevOps, architects, developers and QA teams to build highly reliable and secure products. You shall also perform in-depth analysis of security test results and create report that describes findings, exploitation procedures, risks and recommendations./span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrong /strong/span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongThe opportunity/strong/span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptWe’re looking for Senior Security Consultant with expertise in DevSecOps. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of new service offerings. You will work with other infrastructure, DevOps and application engineers to understand client business needs, provide expertise around application and cloud service development, as well as define and own clear guardrails, alerts, and Security as Code (SaC) deployments./span/pp /ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongYour key responsibilities/strong/span/pulli style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExpertise In executing large scale application security programs/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExpertise in Shift left security concept and security in DevOps/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptUnderstanding of agile software development principles and security practices/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptConvey complex technical security concepts to technical and non-technical audiences including executives./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptStrong knowledge of software supply chain vulnerabilities and the ability to effectively communicate methodologies and techniques with development teams/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptProvide technical leadership and advise to junior team members on application security engagements./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptDevelop automated solutions that mitigate risks throughout the organization./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptSupport policies and vulnerability analysis using application security testing infrastructure including (SAST, DAST, SCA, IAST, and API Security)/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptEnsure these tools deliver maximum value for both security and developer stakeholders./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptSupport integration and automation efforts to ensure that security testing is an integral and painless part of code development./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptPartner with and train developers in how to deliver secure code./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptTrack, prioritize and drive remediation of code vulnerabilities./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptDevelop and foster effective working relationships within both Security and IT teams to ensure that projects are delivered securely and on-time./span/li/ulp /ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongSkills and attributes for success/strong/span/pulli style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience with performing manual and automated SAST assessments./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.) updated and familiarized with the latest exploits and security trends./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptFamiliarity with dynamic web application vulnerability scanning tools and services (Acunetix, HP WebInspect, HCL AppScan, BurpSuite)/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptFamiliarity with static code analysis tools and services (CheckMarx, Snyk, Fortify Static Code Analysis tool, Veracode, Coverity, IBM AppScan Source)/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience in developing a DevSecOps CI/CD pipeline completely using open source tools./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience with SCM tools like Github, Gitlab, Bitbucket and their ability to integrated with CI/CD pipelines by using webhooks, actions, etc./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience with implementing different phases of CI/CD like secret scanning, SAST, SCA, DAST, Infrastructure as code, compliance as code, vulnerability management./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptOptimizing the pipeline to produce the best results and ability to plan a maturity model for the DevSecOps program./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptUnderstanding of web-based application vulnerabilities (OWASP Top 10)./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience with scripting / programming skills (e.g., Python or PowerShell or Java or Perl etc.)./span/li/ulp /ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongTo qualify for the role, you must have/strong/span/pulli style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptBE/ B.Tech/ MCA./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptMinimum of 3 years of full-time work experience in SAST, SCA, DAST and DevSecOps./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptKnowledge of Windows, Linux, UNIX, any other major operating systems./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptStrong Excel and PowerPoint skills./span/li/ulp /ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongIdeally, you will also have/strong/span/pulli style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptFamiliarity with programming languages such as Java, JavaScript, Python and Angular/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptStrong knowledge of relevant Security Standards (OWASP) and how to apply them to the software development lifecycle in a large agile environment./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience performing security analysis on web applications and APIs./span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptExperience working in an Agile environment./span/li/ulpspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrong /strong/span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptstrongWhat working at EY offers/strong/span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptAt EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are./span/ppspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptYou get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:/span/pp /pulli style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptSupport, coaching and feedback from some of the most engaging colleagues around/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptOpportunities to develop new skills and progress your career/span/lili style=font-family:arial, helvetica, sans-serif;font-size:10.0ptspan style=font-family:arial, helvetica, sans-serif;font-size:10.0ptThe freedom and flexibility to handle your role in a way that’s right for you/span/li/ulp /pdiv style=font-family:Arial;font-size:1.0empbEY | Building a better working world /b/ppEY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets./ppEnabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow./ppEY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories./p/div