Application Security Manager

Position Purpose: The purpose of this position is to lead a highperforming, multidisciplinary security team and shape the future of secure software delivery across the organization. Drive tangible impact through measurable security outcomes, automation, and innovation.

Responsibilities

Direct Responsibilities

• Review and interpret various application classifications and their architectures (e.g., web apps, APIs, infrastructure, server side, mainframe, WebSphere).
• Demonstrate solid knowledge of data in transit and data at rest encryption, TLS (certificates, cipher suites such as RSA and Diffie Hellman), middleware message queues, secure file transfers, and database encryption.
• Good Understanding of access control concepts, including onboarding, automated provisioning/reconciliation, and privileged access management tools (e.g., SailPoint, CyberArk).
• Good Understanding of authentication best practices and familiarity with strong authentication mechanisms such as SSO, SAML, 2FA/MFA, Arcot, RSA, etc.
• Possess a clear grasp of application security testing processes (DAST, SAST, SCA, penetration testing, VAPT) and the end-to-end workflow, even if hands on scanning experience is not required.
• Good Understanding of payment specific applications (e.g., SWIFT messages), associated encryption of payment flows, mutual authentication, and end to end encryption.
• Work closely with application/asset owners and technical teams to conduct security compliance reviews, gather functional information, and implement appropriate security controls with documented evidence.
• Produce concise findings reports and discuss results with relevant Application owners & Stakeholders.
• Demonstrated teammanagement ability, preparation of managementlevel reports, capability to interact with higher ups in management steering committee meetings and skilled in handling crossfunctional meetings to drive decisions and actions.
• Mentor and onboard new team members through knowledge transfer sessions and hands on shadowing during their initial period.

Contributing Responsibilities

• Extended knowledge of IT infrastructure & Network and Application (Web, Client-Server, Payment Systems) security reviews
• Provide consultation and recommendations on application security controls for the central region.

Technical & Behavioral Competencies

• Strong knowledge of application security framework and standards (OWASP TOP 10, NIST, SANS, ISO and relevant regulatory requirements)
• Strong understanding of OWASP top 10, SAST/DAST/SCA, API security, secure coding practices, threat modeling, vulnerability management, cryptography techniques, authentication techniques (SSO, SAML, MFA/2FA, etc.), secure SDLC
• Good communication skills
• Knowledge of application security controls (Access control mechanisms and Data Security)
• Should have IT audit background
• Good knowledge of IT security (defense in depth)

Specific Qualifications:

Any technical certification (CEH/ISO27001/CISM/CISA/CISSP) will be a value addition

Skills Referential (Required knowledge, skills and abilities)

Technical Skills:

• AppSec assessments (Application security compliance review / API Security)
• Vulnerability management and Remediation techniques
• Governance framework and Reporting

Behavioral Skills:

• Ability to collaborate / Teamwork
• Ability to deliver / Results driven
• Communication skills Oral & Written

Education Level: Bachelor degree or equivalent

Location: Bengaluru/Mumbai