App Security Architect
Qualification : BE graduate
Requirements Gathering :
Understand functional and non functional application security requirements.
Raise queries and seek clarification.
Use requirement gathering techniques like Interviews Focus groups Facilitated workshops to collect more information security requirements and refine them.
Design & Analysis :
Identify areas that need to be validated using POC and drive it.
Conduct and facilitate idea generation techniques like brainstroming benchmarking alternatives generation to come up with exhaustive and ideal design.
Create design documents LLD HLD etc.
Monitor and review installation and configuration of application and data security products data repository product(ldap) and configure replication.
For enabling parallel development of custom component create skeleton / framework using which implementation will be done by Security Engineers.
Conduct code review ensure code quality and standard continous integration is done.
Clarify questions / resolve issues / concerns on time.
seek review from peer / Senior Developer periodically.
Highlight any potential risks to Leads and seek inputs to resolve issues identified.
Update traceability matrix for the work package developed.
provide support on process audit activities.
Adhere to process and tools.
follow the SCM policies set for project.
Create unit test plan.
Review unit test cases.
Review unit test results.
Develop SDLC lifecycle artifacts based on customer SDLC process.
Change Management :
Review build and deployment instructions.
Schedule and review change requests.
Facilitate automation for build and deployment.
Facilitate building of tools / process for quick and efficient validation of application pre / post deployment (sanity checks).
Defect Management :
Analyze defects (identify dependencies between application / components alternate fixes etc).
Review defect fixes.
Ensure defect density is low defect leakage is null and first time right metric is high.
Coaching & Facilitating :
Build induction training conduct and facilitate.
Facilitate knowledge sharing within and among team through sessions.
Encourage team to take up domain / technical certifications.
Project Estimation :
Technical inputs for estimation.
Do project estimation for project enhancements and mid size new projects.
Resource / Efforts Estimation and Monitoring :
Provide bottom up estimation for work packages.
Provide input to Security architect on dependencies between work packages.
Process Improvements and Adherence :
Identify areas where automation / improvements can be done develop accelerators to improve efficiency and productivity.
Identify pain points / gaps in process and suggest improvements.
Knowledge Management :
Contribute towards updating knowledge assets and reviweing user manual online help document installation manual / scripts.
Contribute / search / reuse all types of assets from repository.
People management :
Resolve conflicts within team.
Conduct periodic 1 on 1 to provide and receive feedback.
Business Development :
Technical support required for drafting solution response.
Solution Design & Development :
Create Design documents LLD HLD.
Perform POC for solution realization based on technology skills.
Must Have Skills
GRC Strategy & Implementation