Job Description

About the Opportunity Job Type: Permanent Application Deadline: 15 August 2023 Title: Technical Specialist - Application Security Department: Global Cyber and Information Security Location: Gurgaon/ Bangalore, India Reports To: Senior Manager, Application Security Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $471 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures. Find out more about what we do, our history, and how you could be a part of our future at . Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more. As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Our Values Integrity - Doing the right thing, every time and putting the client first Trust - Empowering each other to take the initiative and make good decision Our Behaviours Our employees should be: Brave - Challenge the status quo, be accountable and speak up Bold - Act with conviction, encourage diverse thinking and keep things simple Curious - Learn to do new things in better ways and encourage fresh thinking Compassionate - Have empathy, care for colleagues, clients and the community Department Description The Global Cyber and Information Security department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. Global Cyber and Information Security (GCIS) is responsible for: Cyber Security: Protecting the Technology Environment from internal and external security threats, Application Security (through secure design practices, secure coding practices, penetration testing, and developer training) Centralised Access Management - working to principles of least privilege, access appropriate to role, and Role Based Access Control Infrastructure Security Security Engineering and Architecture Security Application Support Cyber Defence Operations Information Security Risk Management Technology Risk and Audit Management, Technology Service Continuity Application Security is part of IT Security group within the Global Cyber & Information Security (GCIS) Technology organisation of Fidelity International and is responsible for maintaining the Confidentiality, Integrity and Availability of Fidelity Information Systems, across a multi-regional, global company network. Purpose of the Role As Technical Specialist, would be responsible to understand technical implementation and architecture. Assess its security implications for chosen technical strategy for specific applications. The process will involve managing the request queues. That might require Design Review, Code review and Penetration Testing. This role demands interaction with development groups, Enterprise Architecture, Information Security Officer (ISO) and vendors. Aim is to ensure applications are compliant with FIL Information Security Standards. The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. FIL Systems are implemented in a wide range of technologies based on architectural standards. Key Responsibilities Review Software applications for potential security vulnerabilities through Application Security Practices. Manage distribution of tasks and track to its closure Liaise with delivery groups to understand the implementation and review the output from security point of view. Understand business requirements, evaluate potential products / solutions and provide technical recommendations. Be \'hands on\' with technology and to contribute to design, development and support projects with security lens. Contribute to evolution of security reviews in accordance with FIL Information Security Standards and market best practices. Provide diligent and competent service to customers by delivering an impartial and accurate service. Foster security awareness and understanding, across the stakeholders Imparting the training to the junior team members. Experience and Qualifications Required Must have About 8+ years of Industry experience with exposure to complete development lifecycle. Proficient in secure application architecture design reviews with knowledge of secure communication principles among internal/external components of the system. Strong process and tools knowledge on how to integrate security tools into development, CI/CD Pipeline. Expert understanding of mobile / cloud security principles and tools. Proven ability of implementing the processes in place. Develop well documented guidelines, process documents, training materials. Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols Knowledge of attack vectors from OWASP, WASC and mitigation of the same. Knowledge in various open source security tools such as proxies, fuzzers etc Proven expertise in web technologies (Java/J2EE/Struts). Capable of understanding end user requirements from security perspective Knowledge of key security technologies i.e. Secure Design Reviews, Threat Modelling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Security Firewalls. Knowledge of attack vectors from OWASP and mitigation of the same. Working knowledge of executing source code analysers to unearth security vulnerabilities in the source code Extensive work experience in process-based project management, and implementing metrices to measure progress Nice to have Team player ability to manage pressure Ability to remove barriers and enable teams to complete their objectives Knowledge of Web Application Firewall implementation (preferably F5) and associate technologies. Professional certification CISSP/ISO 27001/CEH will be an added advantage Excellent problem-solving and critical-thinking skills Understanding of emerging technologies and corresponding security threats Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.

foundit