1+ months

Tech Specialist, Application Security Engineer

Bengaluru, KA 560002
The new AT&T advertising technology business is on a unique mission through the launch of its newest business Xandr. This organization born as recently as August 2018 & built on a foundation of 140 years of AT&T excellence and multiple acquisitions of top assets and people, is driving the advertising industry forward by creating new options for advertisers and publishers to find and reach specific audiences at scale in trusted, premium content environment. A fundamental enabler for our strategy is technology, and we have launched a new technology center of excellence in Bangalore which is searching for candidates who embody the Xandr principles - create with curiosity and courage, believe in better, use data responsibly, pursue differences, reflect and imagine, and teach and learn.


About the Job:

The Application Security Engineer will deliver secure hybrid cloud infrastructure and software using best practices and commercial & open-source security tools. This individual will work across the organization on key business initiatives, including direct to consumer and support the continued adoption of cloud services. The candidate will automate security testing in the development process and work with security, governance and compliance, application development, and infrastructure teams to interpret requirements and translate them into actions, while balancing security, agile software development, continuous integration and deployment (CI/CD).

Responsibilities:

Perform security testing of applications early in the software development lifecycle, leveraging DAST and SAST, and assess applications against security and complaince best practices, policies.

Manage the security components of continuous integration and delivery software pipeline to ensure security testing is performed throughout the CI/CD pipeline.

Automate security controls testing within CI/CD pipelines that package, test, and deploy infrastructure and containerized applications.

Design and implement threat modeling processes to determine the controls needed for a given application within the software development lifecycle.

Provide SME guidance in assessing cloud infrastructure to address findings resulting from design reviews, threat modeling, and SAST and DAST testing.

Perform vulnerability assessment, pen testing, and work across department lines to communicate findings and drive forward risk remediation efforts.

Contribute to the decisions being made that impact the organizations cloud implementations, direction, and cloud security posture.

Design and implement security risk metrics monitoring to report on threats and the security posture; define data reporting metrics to drive forward continuous security improvements, including gate checks and integrated view of projects in the pipeline.

Perform technical security configuration assessments of cloud platforms such as Microsoft Azure, Amazon Web Services (AWS).


Skills/Requirements:

Bachelor's degree in a technical discipline (or equivalent work experience)

Minimum of seven years in IT (a minimum of five years in information security)

Strong background in Penetration Testing, Secure Development Lifecycle methodologies

Expertise in identifying vulnerabilities, static/dynamic code analysis, code reviews.

Experience in Python, Perl, JavaScript, Shell scripting, Familiarity with SAFe, agile release train concepts and Agile methodology

A good understanding across cloud and infrastructure components (server, storage, network, data, and applications) Hands-on experience using tools such as Checkmarx, Micro Focus, Synopsys or Veracode(any one tools) - as well as Jenkins, GitLab, Puppet, Vault, and Grafana or other related automation and orchestration toolset Any two tools experience

familiraty expereine in automaiton and orchestrtion toolset such as - Jenkins, GitLab, Puppet, Vault, and Grafana any two of the skills

Expertise in working with CI/CD tools and pipelines including artifact repositories.

Experience with collaboration tools such as Jira, sprint planning, task ownership, comfortable in customer-facing roles

Understanding of industry-leading practices around cyber risks and cloud security using industry standards such as CIS Benchmarks, Cloud Security Alliance, and NIST SP 800-144, and 800-145 One or more industry-leading certification is preferred CCSP, GCSA, CSSLP
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.

Categories

Posted: 2021-02-26 Expires: 2021-05-05

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Tech Specialist, Application Security Engineer

AT&T
Bengaluru, KA 560002

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast