Application Security Security Engineer Ii U2013 Cyber Security Job In Lilly In India, Bengaluru / Bangalore

• Technical subject matter expert for the Container Security Testing tools used to perform scans
• Build relationships with internal and external customers and partner with them to monitor and coordinate remediation of vulnerabilities across corporate and business applications
• Partner with Information Security Architecture to define and continually improve the Application Security Program.
  
  
• Develop processes and/or improve current processes related to Application Security Testing services
• Coordinate with the Threat Intelligence Team and SOC to drive key vulnerability initiatives
• Triage newly identified critical vulnerabilities and zero-day vulnerabilities, assess threat and impact information, and manage escalation processes for remediation based on risk
• Follow departmental change management process to ensure appropriate implementation of metrics and reporting capabilities
• Continuously improve the processes and procedures to include reporting exceptions/risk acceptance for further review including escalation to the appropriate risk owners.
  
  
• Interact with stakeholders to develop and fine-tune the process of how metrics are calculated and communicated
• Provide written and oral communications as appropriate to the information security leadership related to Application Security quantitative metrics, reporting, and analysis

• Bacheloru2019s or Associateu2019s degree plus 5+ years of related Information Security experience or application development and support experience
• 3+ years of Advanced experience with:
  • Experience with cloud service providers and technologies
  • Experience with cloud security management tools, such as Palo Alto Prisma Cloud.
    
    
  • Experience in DevSecOps and conducting end to end security testing of Applications u2013 Web, Mobile, Thick Client, API & Web Services
  • Experience with automating processes for security testing, escalating, and reporting through scripting and working with APIu2019s
  • Experience with security compliance procedures and providing automation where possible
  • Experience with enforcing adherence to application security policies and procedures
  • Experience & Knowledge of OWASP Top 10, SANS 25, OSSTMM, MITRE ATT&CK Framework.
    
    
  • Experience in systems administration, security DevOps processes, system hardening, IAM, guardrails, and service control policies within cloud computing environments
  • Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation
  • Data analysis and problem resolution Must be able to integrate and correlate large amounts of data to identify complex patterns and trends
  • Applying good risk-based judgment to complex problems.
    
    

• Certified Information System Security Professional (CISSP)
• GIAC Certifications:
  • Certified Security Essentials (GSEC)
  • Certified Enterprise Vulnerability Assessor (GEVA)
  • Certified Enterprise Defender (GCED)
  • Certified Penetration Tester (GPEN)
  • Certified Exploit Researcher & Advanced Penetration Tester (GXPN)
  • Certified Incident Handler (GCIH)
• Strong written and oral communication skills
• Ability to think analytically and to understand and communicate quantitative information
• Ability to apply programming language structures (eg, source code review) and logic.
  
  
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (eg, protection of information, systems and processes)
• Knowledge of cyber-attack stages (eg.
  
  , reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of ethical hacking principles and techniques
• Knowledge of cyber attackers (eg, script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  
  
• Skill in the use of penetration testing tools and techniques

Lilly is looking for Any Graduate / Post Graduate profile candidates.