Technical Analyst – Application Security

Job Description

Title                 Technical Analyst – Application Security

Department      Global Cyber & Information Security

Location          Bengaluru, India

Reports To       Senior Manager - Application Security

Level                Security Analyst -2

We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our GCIS - Application Security team and feel like you’re part of something bigger.

Department / Team Description

The Global Cyber & Information Security (GCIS) department is a part of the Global Technology department. The Technology function globally provides IT services to the Fidelity International business. These include development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Applications, and Infrastructure services that the FIL relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. 

About role

As Technical Analyst, one would be responsible to understand technical and architectural implementation. Use this understanding to conduct the Design, Code review and Penetration Testing. The role will involve working closely with development groups to securely design, develop and implement services and components. This role demands interaction with development groups, Enterprise Architecture, Information Security Officer (ISO) and vendors. Aim is to ensure applications are compliant with FIL Information Security Standards.

The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology, implementation, adoption and problem solving. The candidate shall display good interpersonal skills and show confidence and ability to interact professionally with people at all levels.

Key Responsibilities

• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Code Review, Software Composition Analysis, Penetration testing (Ethical Hacking), Vendor Risk Assessment.
• Liaise with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
• Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.
• Review design and development artefacts to ensure security quality in the products being developed.
• Evolve security review processes in accordance with Information Security Standards and market best practices.
• Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.

Experience and Qualifications Required

Must Have

• 2-3 years of conducting application security assessments i.e. Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.
• Knowledge of attack vectors from OWASP, WASC and mitigation of the same, open-source software security assessment tools.
• Knowledge of web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).
• Good understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols
• Working knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
• Working knowledge of executing source code analysers to unearth security vulnerabilities in the source code
• Run and analyse security Penetration testing and pinpoint security issues and suggest mitigations.
• Capable of understanding end user requirements from security perspective
• Sound business and technical acumen

Good to Have

• Excellent problem-solving and critical-thinking skills
• Understanding of emerging technologies and corresponding security threats
• Self-motivated, flexible, with a ‘can do’ attitude.

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.