Job Description

Hiring Manager: Murali Krishnaiah

Talent Acquisition Advisor: Revil Amolik

Job Code Level: DSP4

Refer Your Friends!



OPENTEXT

OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation.



YOUR IMPACT

As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support



What The Role Offers



• Strategic Planning:
• Align application security initiatives with business goals; refine Product Security processes and tools.
• Technical Leadership:
• Stay updated on the latest trends and advancements in application security and apply them to continually improve the organization's security program.
• Recommend mitigations for vulnerabilities; manage third-party and open-source software risk.
• Architecture and Design:
• Review application designs for security best practices.
• Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls.
• Security Reviews:
• Conduct security assessments throughout the development lifecycle.
• Collaborate with development teams to remediate security vulnerabilities.
• Code Review and Analysis:
• Conduct code reviews and implement automated code analysis tools.
• Secure Development Practices:
• Enforce secure coding practices, train developers in secure coding.
• Incident Response/Customer Escalations:
• Lead incident response efforts related to application security incidents.
• Work with cross-functional teams to investigate and remediate security breaches.
• Policy and Standards:
• Develop and enforce application security policies; ensure compliance with industry standards.
• Security Testing:
• Oversee the implementation of security testing methodologies
• Conduct Penetration Testing activity for applications/systems
• Security Awareness:
• Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Collaboration:
• Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity.
• Documentation and Reporting:
• Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management.
• Generate reports and conduct peer reviews.
• Research and Innovation:
• Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions.
• Vendor and Tool Evaluation:
• Evaluate and recommend security tools/technologies; Manage vendor relationships


What You Need To Succeed



• Industry standard best practices on application security controls, requirements, features, and specifications
• Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation
• Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.)
• Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful& JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers)
• Strong experience in manual vulnerability assessment and penetration testing
• Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc.
• Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices
• A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality)
• Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.)
• Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.)
• Should have excellent team playing and collaborative skills, to work with multiple stake holders.
• Strong analytical, troubleshooting, writing, communication, and consultancy skills
• Possess a commitment to quality and a thorough approach to work


Education and Experience:

• B.E./B.Tech/Bachelors/Master of Computer Science or equivalent


Industry Experience: 8-12 years,



• 6+ years of relevant experience


OpenText's efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please submit a ticket atAsk HR. Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenText's vibrant workplace.