Show All Results
Application Security Architect - AWS, Azure, GCP and OCI
A career at our company is an ongoing journey of discovery: our 57,000 people are shaping how the world lives, works and plays through next generation advancements in healthcare, life science and performance materials. For more than 350 years and across the world we have passionately pursued our curiosity to find novel and vibrant ways of enhancing the lives of others.
Job Location: Electronics City, Bangalore
- Design & develop in-depth security architecture and perform threat modelling for products and services of Merck.
- Define secure system development lifecycle and product security maturity model.
- Develop security controls and processes for products/services developed and deployed in cloud and on-promise.
- Define coding standards across application & data security
- Define a standardized set of security requirements, and align with internal Merck policies and meet external compliance/regulatory requirements like GxP, GDPR etc.
- Lead the reviews of the security architecture defined and application designs, and review audit source codes.
- Stay relevant & lead innovation in application security best practices.
- Coach the application development teams on secure system development lifecycle & security best practices to upskill the security expertise of application developers.
- Work in a dynamic environment and handle multiple priorities.
Who You Are:
- Any degree with 10+ years of relevant work experience.
- Proficient in securing cloud infrastructure and cloud applications.
- Proficient in development and application security.
- Good to have certifications: CRISC, GSEC, CISA, CISM or CISSP etc.
- Have experience in coding in Java, Python, or Go and one scripting language.
- Have good knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
- Have good knowledge of AWS, Azure, GCP and OCI native security tools.
- Subject matter expert in application security concepts, best practices and methods
- Have good knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
- Hands on experience with data architecture, modelling and integration.
- Knowledge of security by design principles and architecture level security concepts.
- Have good knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
- Proficient with methodologies and tools, for threat analysis of complex systems, such as threat modelling and software fuzzing.
- Have good knowledge of developer tools and environments, project management and bug tracking systems.
- Proficient in building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
- Proficient in application security tools like SAST, SCA, DAST, Penetration testing, Fuzzing etc.
- Proficient in securing container-centric deployments using Docker & Kubernetes.
- Proficient in implementing and integrating security tools into CI/CD.
- Practiced process improvement, automation release management, and system development life cycle (Waterfall and Agile).
- Practiced with Data security and Governance.
- Practiced implementing quantitative risk methodologies.
- Have very good communication, presentation and analytical skills.
What we offer: With us, there are always opportunities to break new ground. We empower you to fulfil your ambitions, and our diverse businesses offer various career moves to seek new horizons. We trust you with responsibility early on and support you to draw your own career map that is responsive to your aspirations and priorities in life. Join us and bring your curiosity to life!
Curious? Apply and find more information at https://jobs.vibrantm.com