AVP Senior Manager - Application Security SAST SCA with a Large Private Sector Bank
AVP Senior Manager - Application Security SAST SCA with a Large Private Sector Bank
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Role Overview
The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes strong secure coder ensuring secure coding practices and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development DevSecOps and risk management teams to identify and remediate vulnerabilities effectively.
Key Responsibilities
1. SAST & SCA Strategy and Implementation
- Define implement and manage **SAST & SCA frameworks** to secure the banks applications.
- Lead the integration of security tools (e.g. Fortify Checkmarx SonarQube Veracode Snyk Black Duck) into CI/CD pipelines.
- Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities.
2. Vulnerability Management & Risk Mitigation
- Oversee the assessment triage and remediation of vulnerabilities identified through SAST & SCA scans.
- Establish risk-based prioritization for vulnerabilities collaborating with development teams for timely fixes.
- Ensure compliance with industry standards (OWASP NIST ISO 27001 PCI-DSS) and internal security policies.
3. Collaboration & Stakeholder Management
- Work closely with development DevOps and security teams to promote secure coding practices
- Collaborate with third-party vendors for security tool management and support
- Present vulnerability trends remediation progress and risk insights to senior leadership and risk committees.
4. Governance Training & Awareness
- Develop and enhance secure coding guidelines and best practices for development teams.
- Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices.
- Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs.
Qualifications & Experience
- 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security** with a strong focus on SAST and SCA.
- Deep understanding of secure SDLC DevSecOps and CI/CD integration.
- Hands-on experience with **SAST & SCA tools** (Fortify Veracode Checkmarx Snyk Black Duck SonarQube etc.
- Strong knowledge of **secure coding practices** vulnerability remediation and risk management
- Comprehensive Experience with **programming languages** (Java .NET Python JavaScript) and their security implications
- Able to write secure code
- Experience in **regulatory compliance** frameworks (OWASP Top 10 NIST ISO 27001 PCI-DSS RBI Guidelines)
- Strong leadership and stakeholder management skills
- Certifications preferred:** CISSP OSWE OSCP CSSLP or any relevant security certification
Application Security,SAST,SCA,Static Application Security Testing,Software Composition Analysis,Vulnerability Management,Risk Mitigation
Employment Type
Full Time
