Senior Security Analyst - Application Security

Fidelity International

Gurgaon

2d ago

About the opportunity

Department Description

The Information & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally.

These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions.

The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Global Cyber & Information Security (GCIS) is responsible for :

Cyber Security : Protecting the Technology Environment from internal and external security threats,Application Security (through secure coding practices, penetration testing, and developer training)Centralised Access Management working to principles of least privilege, access appropriate to role, and Role Based Access ControlInfrastructure SecuritySecurity Engineering and ArchitectureSecurity Application SupportCyber Defence Operations

Information Security Risk Management

Technology Risk and Audit Management,

Technology Service Continuity

Application Security is part of IT Security group within the Global Cyber & Information Security (GCIS) Technology organisation of Fidelity International and is responsible for maintaining the Confidentiality, Integrity and Availability of Fidelity Information Systems, across a multi-regional, global company network.

Purpose of the Role

Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely.

The role will involve working closely with development groups to ensure secure design, development and implementation of tools, services and components.

As Sr. Technical Analyst, person would be responsible to understand complex technical and architectural issues from security and tool perspective and the ability to understand the implications associated with the chosen technical strategy.

This position will focus on security of new and existing services to support business functionality. The role will involve working closely with development groups to understand tool and service requirements.

This role would demand interaction with Fidelity vendors to conduct risk assessment. The job involves working closely with development groups, Enterprise Architecture, ISO (information Security Officer) so that the applications are compliant with FIL Information Security Standards.

The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels.

FIL Systems are implemented in a wide range of technologies based on architectural standards.

Key Responsibilities

Experience in integrating various application security assessment tools in DevSecOps / build tools like Jenkins, Bamboo, AWS code pipeline with on-prem and cloud infrastructure.

Manage, monitor, configure application security assessment tools like SAST, DAST, IAST, SCA, Docker, Container, Vulnerability aggregator.

Able to suggest advance tools, creating evaluation criteria and perform PoC according to our requirements.

Experience in creating and publishing various reports (vulnerability status, adoption status, trend analysis, utilization, etc.

for stakeholders and management.

Engage with the devops team to integrate security in the CI / CD pipeline.

Define the processes, practices, and tools enabling CI / CD, maximising the speed, security, and quality of product delivery.

Primary responsibility is to focus on strengthening the posture in pre-deployment for application security assessment tools.

Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.

Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.

Foster security awareness and understanding.

Experience and Qualifications Required

Must Have

4-6 years of integrating, managing application security tools in DevSecOps / build tools like Jenkins, Bamboo, AWS code pipeline with on-prem and cloud infrastructure.

Setting up the tools in different environments like on-prem, cloud and be able to codinate with other teams to enable communication among different components of the system.

Hands on experience in monitor, configure application security assessment tools like SAST, DAST, IAST, SCA, Docker, Container, Vulnerability aggregator.

Good experience in creating and publishing various reports (vulnerability status, adoption status, trend analysis, utilization, etc.

for stakeholders and management.

Define the processes, practices, and tools enabling CI / CD, maximising the speed, security, and quality of product delivery.

Knowledge of attack vectors from OWASP, WASC and mitigation of the same.

Knowledge in various open source security tools such as proxies, fuzzers etc

Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach;

resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity

Capable of understanding end user requirements from security perspective

Sound business and technical acumen

Good to Have

Integrate Security into DevOps and enable security automation in CI / CD pipeline

Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.

Focused and versatile team player that is comfortable under pressure

Ability to remove barriers and enable teams to complete their objectives

Excellent problem-solving and critical-thinking skills

Understanding of emerging technologies and corresponding security threats

Self-motivated, flexible, with a can do’ attitude.

Solid influencing skills

Ability to pick up business knowledge, new technology areas, new processes / methodologies and apply these changes in the day-to-day working to improve Security organisation.

About you

About Fidelity International

We’ve been helping our clients plan and save for the futures they want for over 50 years. From more than 25 locations around the world, we provide investment services and retirement expertise to 2.

5 million clients everyone from central banks and financial institutions to wealth managers and private individuals. We think generationally and look to the long term.

And today, building on the security of private ownership and our strong sense of purpose, we’re growing our business like never before.

What it’s like to work here.

In our welcoming, caring culture, you’ll feel valued, trusted and free to express yourself. We recognise the value of inclusion and diversity in culture, in thought and in experience.

With this in mind, please let us know if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond.

As well as a clear commitment to inclusion, we offer real flexibility about where, when and how you work. It’s an approach we call dynamic working’, and you’ll find it brings the very best out in you.

Getting started

For more about who we are, how we work and the part you could play in both our progress and our future, visit .

Or, if you’re feeling inspired, start your journey with us right now.

APPLY

Applying to this Job Role : Please note you are only required to upload your CV / Resume to the application screen.

Report this job

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.