Cognizant is looking for an experienced cyber security professional capable of leading Application Security Architect at Cognizant’s client's entity.
This role will be responsible for implementing security into the Software Development Life Cycle for the Cognizant’s client's New Core Banking Platform. This includes the continuous management of the secure testing life cycle including DevOps and CICD integration with the implementation of technologies such as Static, Dynamic, Interactive Application Security Testing, Penetration Testing and Run-time Application Security Protection. This individual will be working with software developers both onshore and offshore to provide guidance and direction on secure development practices and discovery and remediation of vulnerabilities in an agile fashion.
The SME will evaluate and assess solutions both prior to deployment and on an ongoing basis as part of Cognizant’s continuous security management program.
• Serve as a Cybersecurity resource and SME for a Product and Platform centric organization — ensuring that secure coding practices, security architecture, and governance are integrated with solutions during development while also ensuring that security is designed into actual services from the inception of the project, to production and client delivery
• Day-to-day work with client delivery teams and ensure that they adhere to Cognizant’s corporate information security architecture, policies, procedures, baselines and guidelines. This is role requires a mix of technical capabilities as well as the know-how to provide security governance over complex applications and projects while also having the ability to articulate complex security concepts to business and non-security personnel
• Work with the development teams to secure SaaS, PaaS, IaaS (cloud and on premise) applications including assisting in the overall architecture and design of the solution and supporting components
• Engage with resources across governance, compliance, and technical architects during the lifecycle of a project, supporting the sales cycle, interact with prospective clients and client teams to usher in, and provide security assurance, guidance, and advisory
• Coordinate security testing of solutions including result analysis and driving of remediation (SAST, DAST, IAST, RASP, VM, and penetration testing)
• Work with infrastructure and development teams to integrate, implement, and maintain security tools in the CICD pipeline leveraging automation to ensure SAST, DAST, etc. are part of the overall model.
• Interface with Digital business leaders, client architecture teams, corporate architecture and governance personnel, as well as the Cognizant Security (CS) teams.
• Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
• Work with program managers to develop project plans, estimation documents, specifications, diagrams, and flowcharts
• Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
• Solid understanding as to how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
• Implement common principles and practices across cloud platforms and provide compliance with industry specific guidelines such as the Security Trust and Assurance Registry from the Cloud Security Alliance.
• A four-year college degree in Computer Science or equivalent certification, or experience is required
• 5 years of security architecture responsibility and progressive information security experience across various information security / information technology risk management domains
• 7+ years of IT experience (including hands-on knowledge of network and distributed systems) and a sound understanding of networking concepts
• 3+ years performing risk assessments including experience with SAST/DAST/IAST tools, Vulnerability Remediation, Controls Mapping, Audit Protocols, Applications, Databases, Virtual Networks, Servers, Domains, SaaS, Cloud, Encryption, Firewalls, DLP, IAM Solutions, and security testing. Some experience with IAST and RASP tools preferred.
• Experience coordinating third party penetration testing and working with development teams and product teams to drive remediation of findings. Some experience performing penetration testing is preferred.
• Experience implementing security tools (i.e. Kenna, Qualys, Palo Alto Twistlock, Checkmarx (SAST), Acunetix (DAST), Contrast (RAST), Black duck (SCA)) and integrating them with workflow and development platforms (i.e. Jira, Jenkins, etc.).
• Experience implementing application security best practices in public cloud environments (GCP/AWS/Azure) in alignment with ISO 27k, CSA, ISF, NIST, OWASP, SANS and CIS top 20 compliance.
• Strong experience in public cloud solutions, services and practices including containers PaaS, IaaS, and SaaS products and services.
• Understanding of network design principles with and knowledge of virtualized environments and implementation of security controls in a virtual infrastructure.
• IWork with development teams to ensure that appropriate assessment of security risks is performed. This role requires a mix of technical capabilities as well as the know-how to provide security oversight for complex applications and articulate security concepts to developers
• Strong communication and presentation skills. Ability to present complex compliance issues in an easy to understand manner for executive management.
• Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
• Certification in one or more of the following is required: CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional)
• Highly Motivated team player, with a can do attitude and the ability to get things done
• Aptitude for solving problems and acting on own initiative
• Strong Organizational Skills, with the ability to manage tasks, time & resources; establishing courses of action in order to achieve defined business objectives.
• Creativity & decision making skills for problem solving & idea generation. Ability to understand and solve complex issues with clear, balanced & implementable solutions.
• Capacity to quickly learn new skills and adapt to new environments
• Ability to present complex solutions and methods to a general community.
• Must be reliable and have outstanding work ethics.
• Excellent written and verbal communication and organizational skills.
• Experience with working on global teams across time zones, cultures and language.
We offer:• Work in a global company, in a modern office premises with experienced management and professional colleagues
• Opportunity to grow both professionally and personally
• Inspiring working atmosphere and many engaging activities
• Clear career path and extra benefits.Please apply directly to recruiter - email@example.com
Employee Status : Full Time Employee
Shift : Day Job
Travel : Yes, 5 % of the Time
Job Posting : Feb 05 2020
About CognizantCognizant (Nasdaq-100: CTSH) is one of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 194 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.