Cyber Security Analyst - Application Security
Chennai, Tamil Nadu, India
Ford Motor Company
Since 1903, we have helped to build a better world for the people and communities that we serve. Welcome to Ford Motor Company.Position responsibilities include:
• Perform threat modeling for Enterprise and SaaS IT assets.
• Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.
• Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc.
• Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats.
• Assess the risk by evaluating likelihood and impact, determine countermeasures and remediation.
• Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products.
• Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Provide feedback for improving Threat Modeling tools and processes.
• Develop and maintain Threat library for custom application/infrastructure components.
• Leverage industry best practices to continually improve process maturity.
• Provide input to the Risk Management Framework and related documentation.
• Promote awareness of security issues among application teams and business teams through training and awareness programs.
• Report threats and associated risk metrics to management
• Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc.
Skillset required:
• Experience in different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.).
• Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.
• Knowledge of organization's information security policies, standards, and procedures.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML).
• Experience in cloud security and API security.
• Experience in security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run.
• Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles.
• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.
• Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc.
• Skill to provide security controls guidance related to data usage, processing, storage, and transmission.
• Ability to evaluate information for reliability, validity, and relevance.
• Excellent analytical, communication, documentation, and presentation skills.
• Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.
• Strong knowledge of Agile practices and SDLC
• Self-Starter who can work in ambiguous situations and drive to a solution.
• Strong interpersonal skills, including ability to educate and influence.
Qualifications required:
- Bachelor’s degree in computer science, Cyber Security, or related field of study
- 2+ years of experience in Cyber Security or related fields of IT.
- 2+ years of experience in Application development / Infrastructure management
- Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc.
- Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security CEH CISSP Cloud Computer Science Cryptography GCP Governance IAM ISO 27001 IT infrastructure LLMs Microservices Network security NIST NoSQL OpenID OSCP OWASP Privacy Redis Risk management RMF SaaS SAML Scripting SDLC Security assessment SQL Vulnerabilities XSS Zero Trust ZTNA
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs