Technology Lead-cloud Application Security

 Job Description

Role and Responsibilities: 

• Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices. 
• Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC). 
• Develop and nurture collaborative relationships with business and development teams to align security objectives with business priorities, ensuring mutual benefit and effective prioritization. 
• Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives. 
• Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations. 
• Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process. 
• Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels. 
• Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests 
• Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture. 
• Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders.  

Requirements: 

• Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM). 
• Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development. 
• Strong understanding of cloud and application security concepts, vulnerabilities, and attack vectors. 
• Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues. 
• Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics. 
• Proven track record in information security vulnerability assessment, remediation, and security governance. 
• Familiarity with Security Policies, Procedures, Audit, and Compliance requirements. 
• Expert understanding of code syntax and semantics of at least one object-oriented programming language. 
• Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests. 
• Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives.  

Soft Skills: 

• Excellent communication and interpersonal skills, adept at articulating technical concepts to non-technical stakeholders. 
• Capable of effectively collaborating with cross-functional teams and building consensus is essential. 
• Commitment to continuous learning and staying updated on industry developments and emerging technologies.