Cyber Security Analyst - Application Security

Position responsibilities include:
•    Perform threat modeling for Enterprise and SaaS IT assets.
•    Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities. 
•    Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc.
•    Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats.
•    Assess the risk by evaluating likelihood and impact, determine countermeasures and remediation.
•    Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products.
•    Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
•    Provide feedback for improving Threat Modeling tools and processes.
•    Develop and maintain Threat library for custom application/infrastructure components.
•    Leverage industry best practices to continually improve process maturity.
•    Provide input to the Risk Management Framework and related documentation.
•    Promote awareness of security issues among application teams and business teams through training and awareness programs.
•    Report threats and associated risk metrics to management
•    Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc.
 

Skillset required:
•    Experience in different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.).
•    Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques. 
•    Knowledge of organization's information security policies, standards, and procedures.
•    Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
•    Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML). 
•    Experience in cloud security and API security.
•    Experience in security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run.
•    Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles.
•    Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy. 
•    Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc.
•    Skill to provide security controls guidance related to data usage, processing, storage, and transmission. 
•    Ability to evaluate information for reliability, validity, and relevance.
•    Excellent analytical, communication, documentation, and presentation skills.
•    Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.
•    Strong knowledge of Agile practices and SDLC
•    Self-Starter who can work in ambiguous situations and drive to a solution.
•    Strong interpersonal skills, including ability to educate and influence.
 

Qualifications required:

• Bachelor’s degree in computer science, Cyber Security, or related field of study
• 2+ years of experience in Cyber Security or related fields of IT.
• 2+ years of experience in Application development / Infrastructure management
• Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc.
• Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable.