RSA - Product & Application Security, Consultant
Primary Location: Bangalore,
Additional Location(s): Bengaluru, India
RSA oﬀers mission-driven security solutions that provide organizations with a uniﬁed approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to eﬀectively detect and respond to advanced attacks; manage user access control; and reduce business risk, fraud and cybercrime. RSA protects millions of users around the world and helps more than 90 percent of the Fortune 500 companies, and every branch of the U.S. federal government, thrive and continuously adapt to transformational change. For more information, go to rsa.com.
We are currently seeking a Product & Application Security (PAS) Consultant to join our Information Security team. The PAS Consultant for RSA will assist with the governance of the RSA Product & Application Security program, coordinate vulnerability and security response for both product lines and corporate business applications, and provide secure application design consultation for RSA applications and cloud Software as a Service (SaaS) environments. The Consultant must develop trusted relationships with industry partners, security researchers and with their internal customers to define and drive process improvements across the development and support organizations to constantly improve RSA’s application security program
The ideal candidate will have demonstrated success in building a Product & Application security program within a global technology company, will possess extensive experience supporting a diverse range of customers. This position requires technical depth and experience, but also strong leadership skills in order to succeed.
- Serve as the senior application security program Consultant for RSA, developing the program strategy and advising company leadership and stakeholders on related subject matter as needed.
- Assist with the definition and management of the end to end process for reporting and remediating vulnerabilities across all RSA products, applications and services.
- Run the RSA Responsible Disclosure program by managing relationships with external finders, technical analysis of reported vulnerabilities, tracking of remediation activities, creation and dissemination of communication materials and facilitate the release of security advisories to customers.
- Act as technical subject matter expert for secure application design reviews, technical application design reference architectures and secure code development practices.
- Strong understanding of security-related government requirements such as FIPS or STIG.
- Partner with product engineering security champions to support process changes to optimize reporting and response to vulnerabilities. These include, strategy for product and application updates, and customer support process improvements.
- Manage and coordinate response to customer inquiries about RSA product and application security practices.
- Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
- Define the secure development lifecycle practice security controls and associated training curriculum.
- Participate in the maturation and adoption of DevSecOps process across the organization.
- Develop program governance metrics, KPIs and SLOs to provide visibility into secure software development standard adherence.
- Coach, train, and inspire a global team of security champions across product and application security professionals.
- Bachelor’s Degree or equivalent years of industry experience
- 8+ years of experience in product and application security, incident response, or other applicable technical field
- 5+ years of experience with various application security tools including SAST, SCA, DAST, Penetration testing, and fuzzing techniques
- Advanced knowledge of secure web, mobile, API, Microservices, network, security architectures and design patterns.
- Experience designing and implementing secure RESTful APIs
- Knowledge of AWS, Azure, GCP native security tools
- Expert ability to demonstrate, and provide remediation of common security flaws such as those in the OWASP top 10
- Experience delivering software via DevSecOps pipeline and Agile Methodologies, specifically balancing the business need to quickly deliver value while maintaining security control visibility and auditability
- Results-driven and accountability-minded
- Ability to operate effectively in a fast-paced environment with competing and shifting priorities
- Excellent written and verbal communication skills
- Ability to speak confidently and credibly in external forums
- Ability to confidently and effectively present complex technical topics to senior non-technical audiences
- Ability to work collaboratively and effectively as part of a larger matrixed organization
RSA is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. RSA will not tolerate discrimination or harassment based on any of these characteristics. RSA encourages applicants of all agesJob ID: R074119