App Security Architect
Qualification:
BE graduate- MCA graduate.
Responsibility:
Requirements Gathering:
- 'Understand functional and non functional application security requirements.
- Raise queries and seek clarification.
- Use requirement gathering techniques like Interviews Focus groups Facilitated workshops to collect more information security requirements and refine them.
Design & Analysis:
- 'Identify areas that need to be validated using POC and drive it.
- Conduct and facilitate idea generation techniques like brainstroming benchmarking alternatives generation to come up with exhaustive and ideal design.
- Create design documents LLD HLD etc.
Coding:
- 'Monitor and review installation and configuration of application and data security products data repository product(ldap) and configure replication.
- For enabling parallel development of custom component create skeleton/framework using which implementation will be done by Security Engineers.
- Conduct code review ensure code quality and standard continous integration is done.
- Clarify questions / resolve issues / concerns on time.
- seek review from peer / Senior Developer periodically.
- Highlight any potential risks to Leads and seek inputs to resolve issues identified.
- Update traceability matrix for the work package developed.
- provide support on process audit activities.
- Adhere to process and tools.
- follow the SCM policies set for project.
Testing:
- 'Create unit test plan.
- Review unit test cases.
- Review unit test results.
Documentation:
- Develop SDLC lifecycle artifacts based on customer SDLC process.
Change Management:
- 'Review build and deployment instructions.
- Schedule and review change requests.
- Deployment.
- Facilitate automation for build and deployment.
- Facilitate building of tools/process for quick and efficient validation of application pre/post deployment (sanity checks).
Defect Management:
- 'Analyze defects (identify dependencies between application/components alternate fixes etc).
- Review defect fixes.
- Ensure defect density is low defect leakage is null and first time right metric is high.
Coaching & Facilitating:
- 'Build induction training conduct and facilitate.
- Facilitate knowledge sharing within and among team through sessions.
- Encourage team to take up domain/technical certifications.
Project Estimation:
- 'Technical inputs for estimation.
- Do project estimation for project enhancements and mid size new projects.
Resource/ Efforts Estimation and Monitoring:
- Provide bottom up estimation for work packages.
- Provide input to Security architect on dependencies between work packages.
Process Improvements and Adherence:
- 'Identify areas where automation/improvements can be done develop accelerators to improve efficiency and productivity.
- Identify pain points/gaps in process and suggest improvements.
Knowledge Management:
- Contribute towards updating knowledge assets and reviweing user manual online help document installation manual / scripts.
- Contribute / search / reuse all types of assets from repository.
People management:
- 'Resolve conflicts within team.
- Conduct periodic 1 on 1 to provide and receive feedback.
Business Development:
- 'Technical support required for drafting solution response.
Solution Design & Development:
- 'Create Design documents LLD HLD.
- Perform POC for solution realization based on technology skills.
Must Have Skills
- Sailpoint FAS
- Imperva Data Security Fabric
- Imperva Data Security
- Domain knowledge
- Change LifeCycle Mang
- Incident Management
- IBM Guardium Data Discovery
- IBM Guardium DB Activity Mon
- IBM Guardium DB Vulnr Assmnt
Good To Have Skills
- OpenText File Analysis Suite
- Varonis DatAdvantage