Job Description

15 Petabyte of data hosted, 49 countries supported, 15000 servers and thousands of devices to connect locations and businesses.

The role purpose is to support with technical expertise in scan triage, remediation guidance, technical reviews, Checkmarx/Q-WAS usage/integration, project on-boarding/off-boarding, CI/CD configurations and/or fix as per requirements.

Your responsibilities include, but are not limited to:

• Design, implementation, and governance of SAST, SCA and DAST in SDLC and DevSecOps. Also, configuration, maintenance, and health check of tool and DevSecOps configurations along with administration, on-boarding, and off-boarding of projects utilizing SAST, SCA & DAST

• Technical integration of Checkmarx SAST and SCA, Q-WAS DAST into DevSecOps tool chains such as Jenkins, AzureDevOps, JFROG Artifactory, Jira, ServiceNow, build tools, etc. and automation.

• As a DevSecOps professional, professional will troubleshoot issues that arise in the SAST, DAST, in CICD tools. Candidate will use their technical skills and knowledge of these tools to identify and resolve issues quickly.

• Functional/L2/L3 technical issue resolution with operations, vendor, and delivery teams and ongoing maintenance and updates/upgrade support to operations team.

• Ensuring the implemented solution meets it objective and provides productive outcome through adequate configuration, customization, and maintenance and reviewing findings reported by tools for false positive, fine tuning and customization

• Assist development and security teams in completing scans or scan issue resolution, consult development teams on validation/remediation of reported findings and manage and report delivery of AppSec/DevSecOps engagements within SLA

• Act as a liaison between AppSec Vendor and Application teams and perform quality reviews of vendor outcomes and ensure service users are informed regarding status of their requests through established channels or ad-hoc reporting required.

• Support continuous process improvements and enhancements for AppSec Service w.r.t tools, process, documentation updates, knowledgebase maintenance, user training, DevSecOps related areas, etc. as needed/assigned

Commitment to Diversity & Inclusion:
Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
Minimum requirements
What you\xe2\x80\x99ll bring to the role:

• University degree in business/technical/scientific area or comparable education/experience with 6+ years\xe2\x80\x99 experience majorly in SAST, DAST, SCA and other related AppSec testing.

• 3+ years of hands-on experience working in DevSecOps setup/integrations with Checkmarx SAST/SCA product, Q-WAS DAST product, JFROG Artifactory, automation, troubleshooting, Linux, Groovy, Python, Java.

• Strong understanding of secure software development lifecycle, application security concepts (ex. OWASP/SANS), DevSecOps workings, development processes such as build activities, dependencies, open source usage

• Good understanding of vulnerabilities, false positive analysis, and remediation options and has worked with developers on remediation discussions

• Good understanding on SCM tools like BitBucket, Azurerepos.

• High level of personal integrity, and the ability to professionally manage confidential matters and exude the appropriate level of judgment and maturity.

• Interpersonal and collaborative skills to drive security message to Application teams

• Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.

Desirable Requirements:

• Salesforce APEX and SAP ABAP code knowledge

• Professional information security certification, such as CEH, GWEB, GCSA, CSSLP, CISSP is preferred.

Why consider Novartis?

769 million lives were touched by Novartis medicines in 2022, and while we\xe2\x80\x99re proud of this, we know there is so much more we could do to help improve and extend people\xe2\x80\x99s lives.

We believe new insights, perspectives and ground-breaking solutions can be found at the intersection of medical science and digital innovation. That a diverse, equitable and inclusive environment inspires new ways of working.

We believe our potential can thrive and grow in an unbossed culture underpinned by integrity, curiosity and flexibility. And we can reinvent what\'s possible, when we collaborate with courage to aggressively and ambitiously tackle the world\xe2\x80\x99s toughest medical challenges. Because the greatest risk in life, is the risk of never trying!

Imagine what you could do here at Novartis!

India Accessibility and accommodation
Novartis is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to perform the essential functions of a position, please send an e-mail to diversityandincl.india@novartis.comand let us know the nature of your request and your contact information.

Join our Novartis Network:
If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network
Division
CTS
Business Unit
TT CTS
Country
India
Work Location
Hyderabad, AP
Company/Legal Entity
Nov Hltcr Shared Services Ind
Functional Area
Technology Transformation
Job Type
Full Time
Employment Type
Regular
Shift Work
No
Early Talent
No