Associate Architect - Product Security

Envestnet

Thiruvananthapuram, India
Education
Qualifications
Benefits
Skills
Other
Apply
10,000+ Similar Jobs

Description

  • Responsibilities
    • Define and enforce secure coding standards and best practices.
    • Perform threat modeling, security architecture reviews, and code analysis.
    • Design and implement secure CI/CD pipelines with integrated security controls.
    • Automate security testing (SAST, DAST, IAST, SCA, container scanning) in SDLC process.
    • Evaluate and integrate security tools and platforms
    • Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
    • Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.)
    • Leverage ASPM and build workflows and reports
    • Evaluate and integrate security tools and platforms
    • Implement Infrastructure as Code (IaC) security and cloud-native security controls.
    • Monitor and respond to security incidents in development and production environments.
    • Collaborate with development teams to remediate vulnerabilities and design secure applications.
    • Develop and deliver secure coding training and awareness programs.
    • Stay current with emerging threats, vulnerabilities, and security technologies.
    • Ensure compliance with industry standards (e.g., OWASP, NIST etc).

Requirements

    • Overall 10+ years of experience in application security, software development, or related roles.
    • 6+ years of work experience in Application security, preferably in a fintech or financial services domain
    • Strong understanding of web, mobile, API and cloud application architectures.
    • Experience of code reviewing or code contributing in Java, Java Script, .Net. C#, Python, or IaC scripting.
    • Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
    • Deep understanding of DevSecOps practices and experience in CI/CD automation for one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
    • Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
    • Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.)
    • The experiences in building security controls for a system that follows NIST CSF and SSDF frameworks and performing the risk-based security reviews that meet the OWASP, SOC2, GDPR requirements.
    • Ability to identify and summarize practical operational procedures, write standards or SOPs, and provide security scan reports.
    • A good understanding of full stack software development and best practices for developing software (version control, branching, automation, IaC, documentation, testing, etc.)
    • Ability to collaborate cross-functionally and communicate effectively with highly technical teams and provide written assessment reports as needed.
    • Certifications such as CSSLP, OSWE, or CEH.
Read Full Description
Apply
Jobs at Envestnet
Similar Jobs
Confirmed 20 hours ago. Posted 2 days ago.

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
Managing a Software Career
Demand for (Artificial) Intelligence: Jobs for Engineers & Scientists
Is it Really 10 Times Harder to Get Into Google Than Goldman Sachs?
How To Get Into Investment Banking
How to Master the Technical Interview at Google and Facebook

Roles for Junior Investment Bankers

Mid-Level and Senior Investment Banking Jobs

Junior & Mid-Level Non-Tech Jobs at FinTech Companies