Application Security Lead

Job Title: Application Security Lead

Division: Weir Minerals
Location: Bangalore
Work Mode: Hybrid

Purpose of Role:

The Application Security Lead is responsible for driving the enterprise application security operations aligning with the strategywith a specific focus on SAP authorization governance secure software development and risk management across cloud and onprem environments. The role ensures strong security controls regulatory compliance and effective risk mitigation across all major business applications and changedelivery initiatives.

A component of the Security Operations function. This position partners with global security engineering audit and business teams to provide expert security guidance govern critical access support DevSecOps practices and maintain robust application security posture. Bring together the visibility of the application security components that are active today mitigate any gaps to maintain coverage.

Why choose Weir: Be part of a global organization dedicated to building a better future: At Weir the growing world depends on us. It depends on us constantly reinventing quickly adapting and continually finding better faster more sustainable ways to access the resources it needs to thrive. And it depends on each of us doing the best work of our lives. Its a big challenge but it is exciting.

An opportunity to grow your own way: Everything moves fast in the dynamic world of Weir. This creates opportunities for us to take on new challenges explore new areas learn progress and excel. Best of all there is no set path that our people must take. Instead everyone is given the support and freedom to tailor-make their own career and do the best work of their lives.

Feel empowered to be yourself and belong: Weir is a welcoming inclusive place where each individuals contribution is recognized and all employees are encouraged to innovate collaborate and be themselves. We continually focus on people and their wellbeing. We believe in fairness and choose to be honest transparent and authentic in everything we do.

Key Responsibilities:

Strategic Leadership

• Define and execute the enterprise application security and SAP security strategy.

• Understand and ensure a way of showing compliance with security governance frameworks policies and standards aligned to industry best practices.

• Act as the security escalation point for application risk vulnerabilities and authorization issues.

• Manage thirdparty security service partners and consulting resources.

• Bring together all the various components of application security being conducted today.

SAP Security Authorization & GRC Governance

• Lead endtoend SAP Security Authorization and GRC Access Control operations (ARA EAM).

• Oversee design review and deployment of SAP roles profiles and authorization objects.

• Govern Segregation of Duties (SoD) sensitive access privileged user access and emergency access (Firefighter).

• Conduct periodic access reviews user recertifications and SoD rule maintenance.

• Perform risk assessment and impact analysis for new roles transports and SAP design changes.

• Coordinate SAP security patches and remediation with technical teams.

Application Security DevSecOps & CI/CD

• Integrate application security best practices into CI/CD pipelines.

• Support DevSecOps and Security Champions programs across engineering teams.

• Threat modelling secure design reviews and assessment of application changes for vulnerabilities.

• Track and report that applications have been patched to their latest approved versions.

• Ensure secure coding standards dependency/secret scanning and container image security.

• Work with Cloud and Infrastructure teams to secure Azure and/or AWS environments.

• Support development of detect-and-respond use cases (logging monitoring incident response).

• Build and create and the process of supporting the application developers with aligning with the security policy requirements.

• Understand the Web Application Firewalls and plan and manage the reconfiguration.

Risks Compliance & Audit Management

• Own the SAP GRC Access Control platform including ARA and EAM modules.

• Manage the global SoD ruleset conflict resolution process and mitigation controls.

• Perform risk assessment and impact analysis for new roles transport deployments and design changes.

• Lead internal and external audit support controls testing and evidence preparation.

• Coordinate with the technical team on SAP security patches deployments to maintain the security stability and compliance of the SAP environment.

Stakeholder & Audit Management

• Engage with Architecture Security Ops functions Culture Governance and Delivery teams to ensure consistent security guidance.

• Provide expertise in secure design cloud architecture and regulatory compliance.

• Contribute to reducing future incidents through lessons learned and continuous improvement.

• Champion security culture and high professional standards.

Safety First: Demonstrate 100% commitment to our zero harm behaviours in support of our drive towards developing a world class safety culture.

Job Knowledge/Education and Qualifications:

• Bachelors degree in IT Computer Science Cybersecurity or related field.

• 8 years in Application Security SAP Security/Authorization SOC/Cybersecurity functions. Stong Understanding of:

  • Application Security SDLC and DevSecOps principles

  • SAP security architecture GRC Access Control SoD authorization concepts

  • CI/CD pipeline security (GitLab Azure DevOps Jenkins etc.)

  • Cloud security for Azure GCP and/or AWS.

  • Web Application Firewalls.

  • Expertise in SAST DAST SCA and penetration testing tools
    (e.g. Veracode Checkmarx Burp Suite SonarQube Fortify)

  • Strong understanding of OWASP Top 10 CWE and common application vulnerabilities

  • Experience performing threat modelling risk assessments and vulnerability analysis.

  • Skilled in security assessment methodologies (ISO NIST FAIR OCTAVE etc.).

  • Strong analytical documentation and communication skills with multistakeholder environments.

  • Ability to manage complex security issues independently in fastpaced environments.

  • Demonstrated experience supporting internal and external audits.

Founded in 1871 Weir is a world leading engineering business with a purpose to make mining operations smarter more efficient and sustainable. Thanks to Weirs technology our customers can produce essential metals and minerals using less energy water and waste at lower cost. With the increasing need for metals and minerals for climate change solutions Weir colleagues are playing their part in powering a low carbon future. We are a global family of 11000 uniquely talented people in over 60 countries inspiring each other to do the best work of our lives.
For additional information about what it is like to work at Weir please visit our Career Page and LinkedIn Life Page.

Weir is committed to an inclusive and diverse workplace. We are an equal opportunity employer and do not discriminate on the basis of race national origin gender gender identity sexual orientation veteran status disability age or any other legally protected status.

#minerals

#LI-BG1