Job Description

The role entails overseeing application security, encompassing the development, implementation, and maintenance of security measures to safeguard applications against potential threats and vulnerabilities. This involves staying updated on the latest advancements in DevSecOps tools and methodologies, possessing technical proficiency in various attack techniques, and providing feedback for enhancing tools and processes. Collaboration with other security domains to support multiple business units across Asia, Africa, and the UK is also expected.Key Responsibilities:

• Manage the engineering, operation, and upkeep of all relevant security systems and tools.
• Design, implement, and update application security controls in line with the organization\'s information security strategy.
• Collaborate with a team of security professionals to handle tasks such as vulnerability scanning and management.
• Develop scripts and integration code to ensure seamless functioning of DevSecOps tools and their value addition to development teams.
• Utilize industry pipelines for continuous integration and end-to-end automation of builds and deployments.
• Analyze application security tool scan results and provide strategic guidance to development teams for issue resolution.
• Operate application security technologies for various testing purposes including manual, static, and dynamic testing, software composition analysis, and API scanning.
• Identify, document, and address security issues while maintaining necessary DevSecOps processes and documentation.
• Participate in the RFP/RFI process and evaluate solutions based on organizational needs.
• Assist in proof of concept, technical evaluation, procurement, management, and configuration of application security technologies.
• Lead security projects ensuring adherence to scope, timeline, and budget.
• Continuously seek improvements in security systems and processes.
• Address security product escalations and collaborate with relevant parties for resolutions.
• Facilitate knowledge sharing to ensure continuity of security operations.
• Collaborate with cross-functional teams to ensure balanced risk management across the organization.

• Profound understanding of OWASP Top 10 and related processes/standards.
• Expertise in application-specific vulnerabilities like CSRF, XSS, and Injection attacks.
• Operational experience in triaging identified application security findings.
• Strong grasp of technology concepts in SDLC, DevSecOps, containers, and Cloud.
• Proficiency in scripting languages such as Perl, Python, or Shell Scripting.
• Experience in managing stakeholder expectations across business, technical, and operational teams.
• Exceptional problem-solving, analytical, critical thinking, and troubleshooting skills.

• Bachelor\'s degree in information security, Computing Engineering, or equivalent.
• Minimum 5 years of experience in application security within large organizations.
• Prior exposure to global/regional environments, preferably in financial services or tech industries.
• Experience with at least one cloud service provider (AWS, Azure, GCP, etc.).
• Relevant Information Security certifications (CISSP, CISM, Comptia Security+) are advantageous.
• Familiarity with information security control practices and frameworks.
• Strong written and verbal communication skills in English.
• Ability to work both independently and collaboratively within a team environment.

Adecco