Job Description

Full time
Information Security Engineering Specialist
India, Pune 3 days ago
Job category
IT&S
Experience level
Intermediate
Relocation available
This role is eligible for relocation within country
Job type
Professionals
Travel required
Up to 10% travel should be expected with this role
Job code
RQ103847

Application Security Specialist (grade H)
You will work with
This team drives the response and management of cyber incidents, using an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By ing lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bp's cybersecurity posture.
Let me tell you about the role
We are looking for Information Security Engineering Specialist (Application Security) who will be accountable for supporting the management of large security data sets, developing data-driven solutions and insights, and building data integration solutions and digital automation. We build digital solutions primarily in the cloud using Azure and AWS, so we can adapt quickly, demonstrate the latest technology, and scale our solutions globally.
You will advocate that application development, platform development, and infrastructure teams adhere to secure design and development practices (e.g., threat modeling, technical design review, resilience testing, monitoring & alerting, code review, and documentation)
You will also contribute to standard processes that will help shape bp's security agenda and create a culture of excellence.
What you will deliver
Provide technical expertise in support of information security and risk activities specific to the specialism to achieve objectives e.g. designing and developing security solutions to work across bp's digital environments that are consistent with current policies.
Maintain and improve the security aspects of the SDLC to help software engineering teams create products secure by design.
Develop and promote guidelines for secure API and cloud-native applications.
Maintain systems that are designed to uncover code vulnerabilities and provide remediation insights.
Integrate security processes, such threat modeling, static/dynamic analyses, and code reviews
Deliver the implementation and application of relevant operating processes and procedures, and ensure all activities adhere to the relevant standards.
Evolve the security roadmap to meet anticipated future requirements and needs.
Create and articulate materials on how to embed and measure security throughout the software and platform development lifecycle.
Develop and maintain a series of internal and external collaborator relationships, delivering advanced technical knowledge to support project delivery, cooperatively identify key challenges and ensure that security solutions successfully protect bp against cyber risks.
What you will need to be successful (experience and qualifications)
Experienced security professional with over 5 years of full stack development combined with delivering security engineering services or developing security solutions in complex organizational environments.
Strong communication abilities, with a comprehensive understanding of both developer and executive experiences
Should be capable of performing manual code audit, identify and fixing application vulnerabilities.
Should be proficient in two or more object-oriented programming languages (e.g., Java, JavaScript, Python etc.)
Should be capable of deploying the application to the cloud native resources.
Should be capable of securing applications deployed to VMs and Containers.
Firm foundation of information and cyber security principles and standard processes.
Solid knowledge in application security concepts (OWASP Top 10, secure coding best practices, common vulnerabilities, etc.)
Must possess a proven track record as a solution architect.
Demonstrated practical experience in threat modeling strategies, including at least two of the following approaches: software-centric, attacker-centric, asset-centric, or risk-centric threat modeling.
Should be able to demonstrate proficiency in both STRIDE and PASTA methodologies.
Proficient with code scanning tools and should be proficient in fine tuning the result controllers
Practical Experience in code scanning tools (SAST, DAST, SCA) and integrating multiple vulnerability detection tools provide a unified developer experience.
To achieve onboarding, false positive detection, reporting and metrics.
Experience with CI/CD pipelines and DevSecOps tools to automate security checks and integrate them into the development workflow.
Must demonstrate proficiency in developing secure open-source strategies for the organization.
Must possess the ability to address open-source risks, including security, licensing, and operational concerns.
Operational proficiency in frameworks such as CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc.
Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus.
Usage of AI to secure application is a plus
Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX)
Continuous learning and improvement approach.
Legal Disclaimer:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.
If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Our innovative Energize recognition points programme and spot awards translate exceptional performance into tangible rewards, to motivate our high performers.

Pay

bp offers competitive pay in line with industry standards, making us an employer of choice.



Discretionary bonus

We offer discretionary bonuses to reward strong company, business unit and individual performance, and recognition awards, including those related to long service to recognize commitment to the company.



Retirement & savings

We offer a range of discretionary retirement and savings plans to help provide you and your family with financial security.



Insurance benefits

To give you additional peace of mind, bp provides valuable insurance benefits in some countries. These are designed to provide financial assistance to employees and their families if employees become unwell or die in service.



Equity

Depending on your location and job level, there may be equity (stock and share) options you are eligible to join so you can be part of bp's success.