Principal Lead-Software Engineering (Information Security)
In this role the person will be the responsible for securing complex applications of a very large scale suite of applications related to wealth management, banking & related fields. In this role the person will be fully responsible for ensuring developers are provided all assistance in writing secure applications, these application (if not already integrated) need to be delivered via Dev Sec OPS (Secure SDLC) and CICD pipeline. For this role we are looking for a highly motivated Individual who is hands on and technically strong to work closely with application teams, information security teams & cyber-security teams across geographical regions and solve for identified vulnerabilities. The applicant should be well versed with NVD, CVE Enumerations, CVSS. Responsibilities
• Collaborate and work in an integrated fashion with with engineering team to reduce/ minimize application vulnerabilities and make them stronger/ stable to prevent internal or external cyber-attacks from within and outside the organization.
• Should be able to act as ethical hacker and find ways of first exposing and then make up for vulnerabilities.
• In-depth knowledge of parameter manipulation, session hijacking, and cross-site scripting and other OWASP vulnerabilities. Required Qualifications
• Bachelors/Master degree in Computer Science/Information Systems or equivalent.
• 10+ years experience and relevant 5 to 7 years in disciplines including:
• Should be able to take a step up role of security champion for wider organization base.
• Should have ability and/ or aptitude to engineer security pattens in applications of various types (cloud native/ on premises).
• Exceptional problem solving skills with strong programming fundamentals & algorithms (strong analytical skills).
• Good knowledge of operating systems internals including UNIX and windows (scripting knowledge such as powershell and bash).
• Should have excellent communication skills.
• Should have certifications such as CEH (Certified Ethical Hacker).
• Certified Information Systems Security Professional (CISSP)
• Should know tools such as veracode/ blackduck and be well versed with "Secure Coding" principles.
• Should be able to help setup application (in coordination with DevOPS Tools team) pipeline scans in tools such as Jenkins.
• The person should have knowledge of the different methods malicious hackers use in order to break into a network or system. Preferred Qualifications
Candidates who have used following tools (or have familiarity with below) will have an added advantage:
• Veracode (or equiv. SAST/ DAST tool)
• X-Ray for Jfrog (for scanning container images) Good to have certifications:
• Certified Cloud Security Professional (CCSP)
• AWS Certified Security
• AWS Certified Cloud Practitioner About Our Company
With the right company, life can be brilliant. Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U.S. based financial planning company headquartered in Minneapolis with a global presence. The firm's focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You'll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you're talented, driven and want to work for a strong ethical company that cares, take the next step to create a brilliant career at Ameriprise India LLP.
Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.