Job Description:

About the opportunity The Information & Technology Risk department is a part of the Global Technology department The Technology function provides IT services to the Fidelity International business, globally These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation

Information Security and Technology Risk (IS&TR) is responsible for

Cyber Security Protecting the Technology Environment from Internal and External Security Threats Application Security (Through Secure Coding practices, Penetration Testing, and Developer Training)
Centralised Access Management Working to principles of least privilege, access appropriate to role, and Role Based Access Control(RBAC)
Infrastructure Security
Security Engineering and Architecture
Security Application Support
Cyber Defence Operations

Information Security Risk Management
Technology Risk and Audit Management
Technology Service Continuity

Application Security is part of IT Security Group within the Information Security and Technology Risk (IS&TR) Technology organisation of Fidelity International and is responsible for maintaining the Confidentiality, Integrity and Availability of Fidelity Information Systems, across a multi-regional, global company network

Purpose of your role

Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely As Senior Technical Analyst, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to provide consultative guidance on remediations and paths for effectively addressing identified vulnerabilities

This position will focus on security assessment of new and existing services to support business functionality The role will involve working closely with development groups to securely design, develop and implement services and components

The role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out Security Reviews ie Secure Requirement Review, Penetration Testing and Vulnerability Assessment This role will also involve identifying potential weaknesses and vulnerabilities in our Applications, simulate threats, recommend controls and procedures This role will be a key contributor to the organisation, performing Ethical Hacks of Fidelitys applications and systems

The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels

Key Responsibilities

Review Software applications for potential security vulnerabilities by conducting application security reviews ie Requirements review, Penetration testing (Ethical Hacking), Vendor Risk Assessment and Secure Code Review
Responsible for designing, developing and executing manual and automated security tests (wherever possible) using modern tools and techniques
Liaison with Developers, Architects and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed
Closely work with Product Managers, Technical Specialists and Developers to define and validate all security aspects for the Fidelitys applications
Understand the business requirements, evaluate potential products/solutions and provide technical recommendations
Be hands on with technology and to contribute to the design, development and support of projects with the security recommendations
Research new security tools and participate in initiatives to implement those that will cost-effectively enhance testing capabilities and product security
Aware of changes in the industry applying knowledge of new threats and vulnerabilities
Advise on security improvements and product designs
Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards
Foster security awareness and understanding

Essential Experience and Qualifications

5-7 years of conducting application security assessments ie Penetration testing (Ethical Hacking) and Vulnerability Assessment, Vendor Risk Assessment and Secure Code Review
Excellent skills in Penetration Testing of applications (Web Application, Web Service, Thick Client and Mobile Application)
Excellent technical skills in both Information Security Architecture and Penetration Testing
Working knowledge of key security technologies ie Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
Knowledge in various Security Tools such as Burp Suite, IBM AppScan (Standard and Source), HP WebInspect, Acunetix, OWASP ZAP, HP Fortify, Checkmarx, Veracode, Postman, SoapUI etc

Knowledge of attack vectors from OWASP Top 10, SANS Top 25, PCI DSS, WASC and mitigation of the same
Comfortable in reproducing test results from automated tools and recognizing false positives, prioritizing true findings, guiding developers in the selection of a remediation strategy and validating the remediation
Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols
Reverse engineering and exploit development capabilities
Capable of understanding end user requirements from security perspective
Experience with DevOps processes and culture
Knowledge in Agile development environment & Continuous Integration/Continuous Delivery pipeline

Excellent written and communication skills, able to lead meetings and discussions including a strong ability to explain findings to delivery team
Understanding of emerging technologies and corresponding security threats

Preferred Experience and Qualifications

Experience of security testing in a Secure SDLC
Extensive scripting and programming experience ie Java Script, Python, Java/J2EE
Exposure to one of the major cloud IaaS providers (AWS, Azure, Google)
Excellent problem-solving and critical-thinking skills

Self-motivated, flexible, with a can do attitude

Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation
Possessing any of the following will be an asset CEH, OSCP, CISSP

About you

About Fidelity International Fidelity International offers world class investment solutions and retirement expertise As a privately owned, independent company, investment is our only business We are driven by the needs of our clients, not by shareholders Our vision is to deliver innovative client solutions for a better future

Our people are passionate, engaged, smart and curious, and we give them the independence and the confidence to make a difference While we take pride in the excellence of our investment solutions and client service, we know we can always do better We are honest, respectful and make tough calls, challenging the status quo to achieve better outcomes through innovation Above all else, we always put our clients first

Profile Summary:

Employment Type : Full Time
Eligibility : Any Graduate
Industry : Banking, Financial Services/Stockbroking
Functional Area : IT Software : Software Products & Services
Role : System Security
Salary : As per Industry Standards
Deadline : 19th Apr 2020

Key Skills:

Taking these free online tutorials can help you get your next job

People who search this job also searched for the following Keywords

Salary trends based on over 1 crore profiles

View Salaries

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status