Consultant - Product Security
Envestnet, Inc
- Location
- Trivandrum, Kerala, India
- Job type
- Full-time
Required skills
- Python
- AWS
- API
- Apigee
- Azure
- C#
- CI
- compliance
- cross-functionally
- DevOps
- Docker
- fintech
- full stack
- GitHub
- Java
- Kubernetes
- Source Code
- version control
- SDLC
About the role
Envestnet, Inc
Website:
envestnet.com
Job details:
Description
Responsibilities
- Define and enforce secure coding standards and best practices.
- Hands on experience to perform Threat Modeling and source code analysis across various development languages (preferably in .NET and JAVA)
- Design and implement secure CI/CD pipelines with integrated security controls.
- Automate security testing (SAST, DAST, IAST, SCA, container scanning) in the SDLC process.
- Evaluate and integrate security tools and platforms
- Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
- Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.)
- Leverage ASPM and build workflows and reports
- Evaluate and integrate security tools and platforms
- Implement Infrastructure as Code (IaC) security and cloud-native security controls.
- Monitor and respond to security incidents in development and production environments.
- Collaborate with development teams to remediate vulnerabilities and design secure applications.
- Develop and deliver secure coding training and awareness programs.
- Stay current with emerging threats, vulnerabilities, and security technologies.
- Ensure compliance with industry standards (e.g., OWASP, NIST etc).
Requirements
- Overall, 8 -10 years of experience in application security, software development, or related roles.
- 6+ years of work experience in Application security, preferably in a fintech or financial services domain
- Strong understanding of web, mobile, API and cloud applications & its architectures.
- Experience of code reviewing or code contributing to Java, Java Script, .Net. C#, Python, or IaC scripting.
- Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
- Deep understanding of DevSecOps practices and experience in CI/CD automation for one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
- Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
- Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.)
- The experiences in building security controls for a system that follows NIST CSF and SSDF frameworks and performing risk-based security reviews that meet the OWASP, SOC2, GDPR requirements.
- Ability to identify and summarize practical operational procedures, write standards or SOPs, and provide security scan reports.
- A good understanding of full stack software development and best practices for developing software (version control, branching, automation, IaC, documentation, testing, etc.)
- Ability to collaborate cross-functionally and communicate effectively with highly technical teams and provide written assessment reports as needed.
- Certifications such as CSSLP, OSWE, or CEH.
- Exposure to AI security initiatives is an advantage
Click on Apply to know more.
This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.