Application Security Architect - AWS, Azure, GCP and OCI
Job Location: Electronics City, Bangalore
· Design & develop in-depth security architecture and perform threat modelling for products and services of Merck.
· Define secure system development lifecycle and product security maturity model.
· Develop security controls and processes for products/services developed and deployed in cloud and on-promise.
· Define coding standards across application & data security
· Define a standardized set of security requirements, and align with internal Merck policies and meet external compliance/regulatory requirements like GxP, GDPR etc.
· Lead the reviews of the security architecture defined and application designs, and review audit source codes.
· Stay relevant & lead innovation in application security best practices.
· Coach the application development teams on secure system development lifecycle & security best practices to upskill the security expertise of application developers.
· Work in a dynamic environment and handle multiple priorities.
Who You Are:
· Any degree with 10+ years of relevant work experience.
· Proficient in securing cloud infrastructure and cloud applications.
· Proficient in development and application security.
· Good to have certifications: CRISC, GSEC, CISA, CISM or CISSP etc.
· Have experience in coding in Java, Python, or Go and one scripting language.
· Have good knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
· Have good knowledge of AWS, Azure, GCP and OCI native security tools.
· Subject matter expert in application security concepts, best practices and methods
· Have good knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
· Hands on experience with data architecture, modelling and integration.
· Knowledge of security by design principles and architecture level security concepts.
· Have good knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
· Proficient with methodologies and tools, for threat analysis of complex systems, such as threat modelling and software fuzzing.
· Have good knowledge of developer tools and environments, project management and bug tracking systems.
· Proficient in building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
· Proficient in application security tools like SAST, SCA, DAST, Penetration testing, Fuzzing etc.
· Proficient in securing container-centric deployments using Docker & Kubernetes.
· Proficient in implementing and integrating security tools into CI/CD.
· Practiced process improvement, automation release management, and system development life cycle (Waterfall and Agile).
· Practiced with Data security and Governance.
· Practiced implementing quantitative risk methodologies.
· Have very good communication, presentation and analytical skills.
Job Requisition ID: 209091
Location: Bangalore SBS
Career Level: E - Professional (10+ years)
Working time model: full-time
The Company is an Equal Employment Opportunity employer. No employee or applicant for employment will be discriminated against on the basis of race, color, religion, age, sex, sexual orientation, national origin, ancestry, disability, military or veteran status, genetic information, gender identity, transgender status, marital status, or any other classification protected by applicable federal, state, or local law. This policy of Equal Employment Opportunity applies to all policies and programs relating to recruitment and hiring, promotion, compensation, benefits, discipline, termination, and all other terms and conditions of employment. Any applicant or employee who believes they have been discriminated against by the Company or anyone acting on behalf of the Company must report any concerns to their Human Resources Business Partner, Legal, or Compliance immediately. The Company will not retaliate against any individual because they made a good faith report of discrimination.
North America Disclosure
The Company is committed to accessibility in its workplaces, including during the job application process. Applicants who may require accommodation during the application process should speak with our HR Services team at 855 444 5678 from 8:00am to 5:30pm ET Monday through Friday.
Job Segment: Developer, Application Developer, Cloud, Java, Testing, Technology