To learn more about how Dell Technologies is supporting our communities during COVID-19, please read a letter from Michael Dell.
Product & Application Security Lead
Primary Location: Bangalore,
Additional Location(s): Bengaluru, India
We are currently seeking a Product & Application Security (PAS) Leadto join our Information Security team. The PAS Lead for RSA will govern the RSA Product & Application Security program, coordinate vulnerability and security response for both product lines and corporate business applications, and provide secure application design consultation for RSA applications and cloud Software as a Service (SaaS) environments. The lead must develop trusted relationships with industry partners, security researchers and with their internal customers to define and drive process improvements across the development and support organizations to constantly improve RSA’s application security program
The ideal candidate will have demonstrated success in building a Product & Application security program within a global technology company, will possess extensive experience supporting a diverse range of customers. This position requires technical depth and experience, but also strong leadership skills in order to succeed.
- Serve as the senior application security program lead for RSA, developing the program strategy and advising company leadership and stakeholders on related subject matter as needed.
- Define and manage the end to end process for reporting and remediating vulnerabilities across all RSA products, applications and services.
- Run the RSA Responsible Disclosure program by managing relationships with external finders, technical analysis of reported vulnerabilities, tracking of remediation activities, creation and dissemination of communication materials and facilitate the release of security advisories to customers.
- Act as technical subject matter expert for secure application design reviews, technical application design reference architectures and secure code development practices.
- Strong understanding of security-related government requirements such as FIPS or STIG.
- Partner with product engineering security champions to support process changes to optimize reporting and response to vulnerabilities. These include, strategy for product and application updates, and customer support process improvements.
- Manage and coordinate response to customer inquiries about RSA product and application security practices.
- Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
- Define the secure development lifecycle practice security controls and associated training curriculum.
- Participate in the maturation and adoption of DevSecOps process across the organization.
- Develop program governance metrics, KPIs and SLOs to provide visibility into secure software development standard adherence.
- Coach, train, and inspire a global team of security champions across product and application security professionals.
- Bachelor’s Degree or equivalent years of industry experience
- 8+ years of experience in product and application security, incident response, or other applicable technical field
- 5+ years of experience with various application security tools including SAST, SCA, DAST, Penetration testing, and fuzzing techniques
- Advanced knowledge of secure web, mobile, API, Microservices, network, security architectures and design patterns.
- Experience designing and implementing secure RESTful APIs
- Knowledge of AWS, Azure, GCP native security tools
- Expert ability to demonstrate, and provide remediation of common security flaws such as those in the OWASP top 10
- Experience delivering software via DevSecOps pipeline and Agile Methodologies, specifically balancing the business need to quickly deliver value while maintaining security control visibility and auditability
- Results-driven and accountability-minded
- Ability to operate effectively in a fast-paced environment with competing and shifting priorities
- Excellent written and verbal communication skills
- Ability to speak confidently and credibly in external forums
- Ability to confidently and effectively present complex technical topics to senior non-technical audiences
- Ability to work collaboratively and effectively as part of a larger matrixed organization