Application Security Architect

Job Purpose

We are seeking a handson experienced and motivated individual to build and lead our Application Security capability. As the head of Application Security you will be responsible for the security of our software applications public and private cloud platforms software supply chain and other domains as appropriate. This is a highly collaborative and handson position working closely with multiple organizations within Cendyn: Software Engineering Platform Engineering Security IT and more as required. The right candidate will have extensive experience managing crossfunctional projects and liaising with senior leaders.

Job Responsibilities

• You will leverage your deep understanding of application security concepts cloud security and build and release processes to develop and implement innovative scalable solutions that enable secure software development and delivery.
• Youll bring a deep understanding of compute infrastructure how software interacts with lowlevel services and hardware application runtimes and environments and software development.
• As an experienced technical leader you will build and grow consensus across the organization. You will establish and maintain partnerships within the organization engaging with engineers to understand pain points and define solutions that balance security and operational needs.
• Foster a culture of continuous improvement and adaptability.
• You will be a skilled communicator able to consult educate and empower engineers to build and ship innovative software in a secure manner by default. You will gather regular feedback about developer experience ensuring that security is an enabler not a roadblock or gate.
• You will demonstrate the ability to handle multiple competing priorities in a fastpaced environment while maintaining a strategic bigpicture perspective.
• You will assist in the 24x7 triage remediation and documentation of security events leveraging your experience and skills to stay one step ahead of potential threats.
• Collaborate closely with other departments to plan and execute vulnerability remediation plans develop Root Cause Analyses (RCA) and ensure incidents are not repeated.

Essential Function

A typical daytoday for this position could see you working on one or a number of projects such as the following:

• Validating technical design documents in collaboration with Platform Engineering and Application Architecture
• Reviewing cloud access patterns and security controls
• Responding to security alerts and incidents
• Coordinating with engineering teams to plan CVE remediation and validation testing

• Conducting internal penetration testing and reporting findings to senior leadership
• Designing and implementing security and access controls policies and procedures
• Reviewing logs audit trails security and operations dashboards reports and alerts
• Assisting in responding to customer inquiries and the RFP process

Requirements

Required Education and Experience

• 10 years of relevant experience in application security cybersecurity cloud engineering DevOps SRE and software development
• 8 years of experience with public cloud platforms (AWS GCP Azure) and private cloud (VMWare)
• Experience working in polyglot application environments including .NET Java Ruby PHP JS and Python.
• Experience working with databases and DB security; preferred DBs include MSSQL MySQL and MongoDB.
• Demonstrated experience with common security tools including but not limited to:
  • SAST Snyk Veracode Sonarqube etc.
  • DAST Burp OWASP ZAP Checkmarx etc.
  • SIEM Arctic Wolf Sentinel Splunk Datadog etc.
  • Observability Datadog New Relic Logic Monitor etc.
  • IDS and IPS
  • Web Application Firewalls
• Extensive experience with Linux and Windows
• Excellent verbal and written communication skills with the ability to inspire and empower teams
• Proven ability to handle multiple competing priorities in a fastpaced environment
• Experience working closely with senior and executive leadership

Preferred Qualifications

• Bachelors or Masters Degree in Computer Science Information Security Cybersecurity or other relevant field of study
• At least one relevant industry certification; preferred examples:
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP)
  • Certified Information Systems Security Professional (CISSP)
• Experience shepherding organizations through audits such as PCI and SOC II

Work Timings:

Monday through Friday from 12 PM to 9 PM IST. This will provide healthy overlap between India team and US team and supporting both to ensure adequate collaboration. This role will be working in Hybrid Mode and will require at least 2 days work from office at Hyderabad.

Travel:

This position may require up to 15 of travel. Travel may be within India international overnight and outside of regular business hours.

EEO Statement

Cendyn provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race color religion sex national origin age disability or genetics. In addition to federal law requirements Cendyn complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.

Cendyn expressly prohibits any form of workplace harassment based on race color religion gender sexual orientation gender identity or expression national origin age genetic information disability or veteran status. Improper interference with the ability of Cendyns employees to perform their job duties may result in discipline up to and including discharge.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.