Job Title: Application Security Architect
Location: Hyderabad (Preferred) or Gurugram
Salary: ₹50-55 Lakhs per annum
Work Culture: Hybrid (Work from office 2 days a week)
Work Timings: Monday to Friday, 12 PM to 9 PM IST

We are seeking a hands-on, experienced, and motivated individual to build and lead our Application Security capability. As the head of Application Security you will be responsible for the security of our software applications, public and private cloud platforms, software supply chain, and other domains as appropriate. This is a highly collaborative and hands-on position, working closely with multiple organizations within Cendyn: Software Engineering, Platform Engineering, Security, IT, and more as required. The right candidate will have extensive experience managing cross-functional projects and liaising with senior leaders.

Job Responsibilities

• You will leverage your deep understanding of application security concepts, cloud security, and build and release processes to develop and implement innovative, scalable solutions that enable secure software development and delivery.
• You’ll bring a deep understanding of compute infrastructure, how software interacts with low-level services and hardware, application runtimes and environments, and software development.
• As an experienced technical leader, you will build and grow consensus across the organization. You will establish and maintain partnerships within the organization, engaging with engineers to understand pain points and define solutions that balance security and operational needs.
• Foster a culture of continuous improvement and adaptability.
• You will be a skilled communicator, able to consult, educate, and empower engineers to build and ship innovative software in a secure manner by default. You will gather regular feedback about developer experience, ensuring that security is an enabler, not a roadblock or gate.
• You will demonstrate the ability to handle multiple competing priorities in a fast-paced environment while maintaining a strategic, big-picture perspective.
• You will assist in the 24x7 triage, remediation, and documentation of security events, leveraging your experience and skills to stay one step ahead of potential threats.
• Collaborate closely with other departments to plan and execute vulnerability remediation plans, develop Root Cause Analyses (RCA), and ensure incidents are not repeated.

Essential Function

• A typical day-to-day for this position could see you working on one or a number of projects, such as the following:
• Validating technical design documents in collaboration with Platform Engineering and Application Architecture
• Reviewing cloud access patterns and security controls
• Responding to security alerts and incidents
• Coordinating with engineering teams to plan CVE remediation and validation testing
• Conducting internal penetration testing and reporting findings to senior leadership
• Designing and implementing security and access controls, policies, and procedures
• Reviewing logs, audit trails, security and operations dashboards, reports, and alerts
• Assisting in responding to customer inquiries and the RFP process
  
  

Requirements

• 10+ years of relevant experience in application security, cybersecurity, cloud engineering, DevOps, SRE, and software development
• 8+ years of experience with public cloud platforms (AWS, GCP, Azure) and private cloud (VMWare)
• Experience working in polyglot application environments, including .NET, Java, Ruby, PHP, JS, and Python.
• Experience working with databases and DB security; preferred DBs include MSSQL, MySQL, and MongoDB.
• Demonstrated experience with common security tools, including but not limited to:
• SAST – Snyk, Veracode, Sonarqube, etc.
• DAST – Burp, OWASP ZAP, Checkmarx, etc.
• SIEM – Arctic Wolf, Sentinel, Splunk, Datadog, etc.
• Observability – Datadog, New Relic, Logic Monitor, etc.
• IDS and IPS
• Web Application Firewalls
• Extensive experience with Linux and Windows
• Excellent verbal and written communication skills, with the ability to inspire and empower teams
• Proven ability to handle multiple competing priorities in a fast-paced environment
• Experience working closely with senior and executive leadership
  

Preferred Qualifications

• Bachelor’s or Master’s Degree in Computer Science, Information Security, Cybersecurity, or other relevant field of study
• At least one relevant industry certification; preferred examples:
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional+ (OSCP+)
• Certified Information Systems Security Professional (CISSP)
• Experience shepherding organizations through audits, such as PCI and SOC II
  
  

Work Timings:
Monday through Friday from 12 PM to 9 PM IST. This will provide healthy overlap between India team and US team and supporting both to ensure adequate collaboration. This role will be working in Hybrid Mode and will require at least 2 days’ work from office at Hyderabad.