Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Application Security Architecture and Design

Good to have skills :

NA

Minimum

5

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices. Roles & Responsibilities: -Lead the delivery of application and infrastructure security services including: -Dynamic Application Security Testing (DAST) -Static Application Security Testing (SAST/SCA) -Web & API Penetration Testing -Mobile Application Security Testing -Infrastructure Vulnerability Management (IVM) -Oversee scan scheduling, execution, validation, and reporting. -Drive the reduction of false positives and enhance detection accuracy. -Ensure timely delivery of security testing activities aligned with client SLAs. -Perform automated and manual security scans for applications and infrastructure. -Validate findings, analyze root causes, and prioritize remediation based on risk. -Provide technical recommendations to development, DevOps, and infrastructure teams. -Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE). -Administer and optimize usage of security tools including but not limited to: -WebInspect, Veracode, Burp Suite, Custom Scripting Tools -GitLab, ServiceNow Security Modules -Datadog Security Explorer, OpenShift ACS -Tune and maintain tool configurations, scan profiles, and dashboards. -Track scan volumes, issue lifecycle, and performance KPIs. -Deliver dashboards and executive-level reports on security posture. -Support audit, compliance, and client reporting needs. -Team Collaboration & Stakeholder Management -Provide technical direction and mentorship to the delivery team. -Liaise with client teams, application owners, and platform SMEs. -Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: -Experience in Cybersecurity, with specialization in Application Security and Vulnerability Management. -Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect). -Hands-on experience in penetration testing of web, mobile, and API-based applications. -Familiarity with infrastructure scanning and vulnerability remediation practices. -Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE). -Experience working in global delivery teams, preferably in a client-facing role. Preferred Certifications-CEH / OSCP / GWAPT / CISSP / CSSLP,Veracode Certified Specialist or equivalent,Vendor certifications on WebInspect, Burp Suite, GitLab Security -Knowledge of cloud security principles (Azure/AWS/GCP) -Familiarity with container security and DevSecOps tooling -Exposure to automated CI/CD security integrations Additional Information: - The candidate should have minimum 5 years of experience in Application Security Architecture and Design. - This position is based at our Gurugram office. - A 15 years full time education is required.




15 years full time education