Fwd: Jobs: Apps Sec Lead Opp with Allstate India

40 views
Skip to first unread message

Vandana Verma

unread,
Feb 25, 2021, 7:01:19 AM2/25/21
to bangalor...@owasp.org, infose...@googlegroups.com, ss...@allstate.com
Hi Team,

If you are looking for an AppSec role in Allstate India, Please reach
out to Subrahmanya.

Thank You
Vandana

---------- Forwarded message ---------
From: Subray Bhat, Subrahmanya <>
Date: Thu, Feb 25, 2021 at 3:32 PM
Subject: Apps Sec Lead Opp with Allstate India
To: van...@infosecvandana.com <van...@infosecvandana.com>


Hi Vandana,

We have connected over LinkedIn, as discussed, please help with right
reference for the role.

It is a lead role, open for BLR or Pune

Exp : 12 - 15 years

Java and threat modeling are must !

Job Description

The Application Security Engineer will be responsible for integrating
security into the development of Allstate’s applications. The
Application Security Engineer will work closely with the product and
software development team to threat model, vulnerability scan, and pen
test the early software, system, and network architecture and identify
required control points in the application stack. The Application
Security Engineer will also work closely with developers to diagnose,
document, and remediate application security vulnerabilities. The
Application Security Engineer will also be responsible for evaluating,
recommending, and implementing application security related software
in an automated continuous integration/deployment environment.



Job Responsibility:



Work closely with application development and QA teams to help
formulate and implement a strategy for software security that is
tailored to the specific risks facing the organization, including
threat modeling and applications security advisement services.

Develop and maintain a balanced application security program based on
a well-defined application security framework

Conduct application security assessments / penetration tests and
implement tools for dynamic/automated code reviews

Ensure application design and implementation best-practice with
role-based and appropriate access standards, as well as integration
with Identity and Access Management environments.

Ensure compliance with society, regulatory, and industry standards for
application security.

Continuously evaluate the organization’s existing application security
practices, define and measure security-related activities, and
demonstrating concrete improvements to the application assurance
program within the organization.

Provide secure application development training to developers and
provide guidance on the development of web-based training for ongoing
awareness.

Conduct source code reviews and penetration testing

Develop and maintain unit and integration tests designed to ensure
security controls are tested on every build





Primary and Secondary Skills Requirements:



Primary Skills: Development language - Java development, Javascript,
Python, Ruby, C++/C#, Perl Application Security etc

Secondary Skills: Security penetration testing tools - Metasploit,
w3af,Blackduck,Veracode & burp suite (any one or two)

Other Skills: Jenkins, Pivotaltracker,Cloud Foundry ,AWS



Experience

11 to 14 years



•Bachelor Degree in Engineering.



•CEH, CSSLP, or CISSP, GSEC, GIAC, GPEN, SDLC certification preferred.

•Must have strong business acumen with ability to work with
application development, QA and security teams.

•A strong understanding of application security frameworks



•Thorough knowledge of the OWASP Top 10

•Must have a solid understanding of application security code reviews
and penetration testing.

•10+ years’ experience in application development and security.

•Practical understanding and use of commercial application security tools

•Must be fluent in write technical reports based on findings.

•Highly proficient with development languages including Java, Groovy,
Ruby, C,C++, Python..,

•Strong self-starter who has the ability to operate independently.

•Good understanding on Networking concepts.

•Solid understanding and experience with establishing application
security policies across an organization.

•Excellent oral/written presentation skills with ability to
communicate effectively with senior executive leadership; proficiency
in preparation of presentations, analytical reports, and documents
regarding program operational status, achievement and performance.

•Understanding and passion for Agile/XP/Scrum/Kanban

•Understanding of Test Driven Development built on User Stories

•Understanding of Continuous Integration/Testing/Delivery

•Expert in Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins is preferred

•Exposure on Veracode, BlackDuck and etc..,,





Thanks and Regards,

Subrahmanya Bhat

Talent Acquisition-Technology ( Allstate India)
Reply all
Reply to author
Forward
0 new messages