Application Security Architect

Job Purpose

We are seeking a hands-on, experienced, and motivated individual to build and lead our Application Security capability. As the head of Application Security you will be responsible for the security of our software applications, public and private cloud platforms, software supply chain, and other domains as appropriate. This is a highly collaborative and hands-on position, working closely with multiple organizations within Cendyn: Software Engineering, Platform Engineering, Security, IT, and more as required. The right candidate will have extensive experience managing cross-functional projects and liaising with senior leaders.

Job Responsibilities

• You will leverage your deep understanding of application security concepts, cloud security, and build and release processes to develop and implement innovative, scalable solutions that enable secure software development and delivery.
• You’ll bring a deep understanding of compute infrastructure, how software interacts with low-level services and hardware, application runtimes and environments, and software development.
• As an experienced technical leader, you will build and grow consensus across the organization. You will establish and maintain partnerships within the organization, engaging with engineers to understand pain points and define solutions that balance security and operational needs.
• Foster a culture of continuous improvement and adaptability.
• You will be a skilled communicator, able to consult, educate, and empower engineers to build and ship innovative software in a secure manner by default. You will gather regular feedback about developer experience, ensuring that security is an enabler, not a roadblock or gate.
• You will demonstrate the ability to handle multiple competing priorities in a fast-paced environment while maintaining a strategic, big-picture perspective.
• You will assist in the 24x7 triage, remediation, and documentation of security events, leveraging your experience and skills to stay one step ahead of potential threats.
• Collaborate closely with other departments to plan and execute vulnerability remediation plans, develop Root Cause Analyses (RCA), and ensure incidents are not repeated.

Essential Function

A typical day-to-day for this position could see you working on one or a number of projects, such as the following:

• Validating technical design documents in collaboration with Platform Engineering and Application Architecture
• Reviewing cloud access patterns and security controls
• Responding to security alerts and incidents
• Coordinating with engineering teams to plan CVE remediation and validation testing

• Conducting internal penetration testing and reporting findings to senior leadership
• Designing and implementing security and access controls, policies, and procedures
• Reviewing logs, audit trails, security and operations dashboards, reports, and alerts
• Assisting in responding to customer inquiries and the RFP process

Requirements

Required Education and Experience

• 10+ years of relevant experience in application security, cybersecurity, cloud engineering, DevOps, SRE, and software development
• 8+ years of experience with public cloud platforms (AWS, GCP, Azure) and private cloud (VMWare)
• Experience working in polyglot application environments, including .NET, Java, Ruby, PHP, JS, and Python.
• Experience working with databases and DB security; preferred DBs include MSSQL, MySQL, and MongoDB.
• Demonstrated experience with common security tools, including but not limited to:
  • SAST – Snyk, Veracode, Sonarqube, etc.
  • DAST – Burp, OWASP ZAP, Checkmarx, etc.
  • SIEM – Arctic Wolf, Sentinel, Splunk, Datadog, etc.
  • Observability – Datadog, New Relic, Logic Monitor, etc.
  • IDS and IPS
  • Web Application Firewalls
• Extensive experience with Linux and Windows
• Excellent verbal and written communication skills, with the ability to inspire and empower teams
• Proven ability to handle multiple competing priorities in a fast-paced environment
• Experience working closely with senior and executive leadership

Preferred Qualifications

• Bachelor’s or Master’s Degree in Computer Science, Information Security, Cybersecurity, or other relevant field of study
• At least one relevant industry certification; preferred examples:
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional+ (OSCP+)
  • Certified Information Systems Security Professional (CISSP)
• Experience shepherding organizations through audits, such as PCI and SOC II

Work Timings:

Monday through Friday from 12 PM to 9 PM IST. This will provide healthy overlap between India team and US team and supporting both to ensure adequate collaboration. This role will be working in Hybrid Mode and will require at least 2 days’ work from office at Hyderabad.

Travel:

This position may require up to 15% of travel. Travel may be within India, international, overnight, and outside of regular business hours.

EEO Statement

Cendyn provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Cendyn complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Cendyn expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Cendyn’s employees to perform their job duties may result in discipline up to and including discharge.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.