Application Security Lead

The Company

Egon Zehnder (www.egonzehnder.com) is trusted advisor to many of the world’s most respected organizations and a leading Executive Search firm, with more than 550 consultants and 63 offices in 36 countries spanning Europe, the Americas, Asia Pacific, the Middle East and Africa. Our clients range from the largest corporations to emerging growth companies, government and regulatory bodies, and major educational and cultural institutions. The firm is a private partnership which allows us to operate independent of any outside interests. As a result of this unique culture, Egon Zehnder has the highest professional staff retention rate for a global firm in our profession. We have a blue-chip client base across all industries and operate at the Board and senior management level.

Knowledge Centre India (KCI)

Established in January 2005, KCI in Gurgaon, works in close collaboration with the Global offices of Egon Zehnder. There are 5 teams that make up KCI: Research, Research Operations, Visual Solutions, Projects/CV Capture and Digital IT.

Your Journey at Egon Zehnder Starts Here

At EZ, you have the opportunity to deliver digital transformation initiatives across the globe for the organization. Our focus on emerging technology solutions along with our commitment to internal career growth and exceptional client value has resulted in a firm that is routinely recognized as a “Best Place to Work.”

Who we are!

We are part of Digital-IT team established 14 years ago in Gurgaon, India to provide technology support and rollout digital initiatives to 60 plus global offices. Digital IT has six key pillars – Collaboration Technology; Functional Technology; Digital Technology; Security & Architecture; Infrastructure & Services, Digital Success to support business and to take lead on digital transformation initiatives with the total strength of 150+ team members across the globe.

Requirements

Job Description 

Be a part of the application security team as a team lead and work closely with the Application Development team to ensure that any software developed or acquired meets the stringent standards while enabling rapid innovation to meet our firm and clients’ everchanging needs.   

Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors.   

Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security. Demonstrable ability to influence decision‐making processes at all levels of a large organization will be critical to success.  

Responsibilities 

As an application security team lead, your role revolves around ensuring the security of software applications developed within your organization. Here's a breakdown of the key responsibilities typically associated with this role: 

1. Team Management 

•  Lead a team of application security professionals, including security engineers and analysts. 
•  Provide guidance, mentorship, and support to team members, fostering their professional development and growth. 
•  Coordinate team activities, prioritize tasks, and allocate resources effectively to meet security objectives. 

2. Security Strategy and Roadmap: 

• Develop and implement a comprehensive application security strategy aligned with organizational goals and industry best practices. 
• Define security standards, policies, and procedures specific to application development and deployment. 
• Establish a roadmap for enhancing the security posture of applications over time, considering emerging threats and technologies. 

3. Security Assessment and Testing: 

• Oversee the assessment and testing of applications for security vulnerabilities throughout the software development lifecycle (SDLC). 
• Conduct or coordinate security reviews, code reviews, and penetration testing to identify and remediate security weaknesses. 
• Collaborate with development teams to integrate security testing tools and processes into their workflows. 

4. Security Awareness and Training: 

• Promote awareness of application security risks and best practices among development teams, stakeholders, and other relevant parties. 
• Deliver or facilitate training sessions and workshops on secure coding practices, vulnerability management, and related topics. 
• Foster a culture of security consciousness and accountability across the organization. 

5. Compliance and Regulatory Compliance: 

• Ensure that applications comply with relevant security standards, regulations, and industry certifications (e.g., OWASP, PCI DSS, GDPR). 
• Collaborate with compliance teams to assess and address security requirements imposed by regulatory bodies or contractual obligations. 

6. Vendor and Third-Party Risk Management: 

• Assess the security posture of third-party applications, libraries, and services used within the organization's environment. 
• Establish and maintain processes for evaluating and managing the security risks associated with third-party software components. 

7. Continuous Improvement and Innovation: 

• Monitor industry trends, emerging threats, and evolving security technologies to continuously improve the effectiveness of application security practices. 
• Identify opportunities for innovation and automation to streamline security processes and enhance the efficiency of security operations. 

Skills:  

1. Prior work experience in application security is mandatory. 
2. Should have solid experience in Penetration testing. 
3. Candidates must have strong leadership skills. 
4. Candidates must have excellent verbal and written communication skills. 
5. Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. 
6. Familiarity with a variety of development and testing tools 
7. Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques. 
8. Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired. 
9. Experienced in tools like Snyk, Tenable WAS, Invicti, Burp suite, Postman, kali linux  
10. Experience in conducting Threat Modelling using STRIDE, PASTA etc 

Experience: At least 6 years of relevant experience 

Should be willing to support and be available during non-working hours in case of emergency situations. 

Benefits

Benefits which make us unique

At EZ, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Egon Zehnder can mean for you!

Benefits Highlights:

• 5 Days working in a Fast-paced work environment.
• Work directly with the senior management team
• Reward and Recognition
• Employee friendly policies
• Personal development and training
• Health Benefits, Accident Insurance

Potential Growth for you!

We will nurture your talent in an inclusive culture that values diversity. You will be doing regular catchups with your manager who will act as your career coach and guide you in your career goals and aspirations.

Location

The position is based at Egon Zehnder’s KCI office in Gurgaon, Plot no. 29, Institutional Area Sector 32

EZ Commitment to Diversity & Inclusion

Egon Zehnder aims for a diverse workplace and strives to continuously lead with our firm values. We respect personal values of every individual irrespective of race, national or social origin, gender, religion, political or other opinion, disability, age and sexual orientation as warranted by basic rights enshrined in the UN Declaration of Human Rights. We believe diversity of our firm is central to the success and enables us to deliver better solutions for our clients. We are committed to creating an inclusive environment and supportive work environment, where everyone feels comfortable to be themselves and treated with dignity and respect and there is no unlawful discrimination related to employment, recruitment, training, promotion, or remuneration.

Egon Zehnder is an Equal Opportunity Employer

Egon Zehnder provides equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, disability, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.