Share this Job

Assistant Manager - IT Risk & Security

Date Posted: Jun 11, 2021

Location: Noida, IN, 0

Company: MetLife

Assistant Manager - IT Risk & Security

Job Description – Assistant Manager- IT Risk and Security – Application Security
Position Title:
Asst Manager – IT Risk and Security
Function, Responsibility Level: Asst Manager - Operations
Reports to (Responsibility Level):
Manager / Sr. Manager
Supervises: NA [Individual Contributor role]
Location:
MetLife GOSC
NOIDA
Global Grade:
10 M
Cost Center (85 series):
Complexity:
PID/s Load Mapping:
Position Summary
Application Security team is responsible to support cybersecurity globally by helping the application development (AD) teams through the entire AppSec program by continuous and rigorous monitoring and testing of in-scope applications to identify the security flaws and vulnerabilities that may be exploitable and accordingly remediate, mitigate, or accept the risk as per MetLife ATCS-428 standards.
✓ Provide multi-disciplinary knowledge, skills and experience in Application security and management ✓ Perform vulnerability testing, risk analyses and security assessments
✓ Act as a consultant/advisor in presenting risk and mitigation controls to developers based on assessments
✓ Interact with clients in a collaborative consultative manner to deliver results, provide feedback and remediation recommendations on findings
✓ Act as your liaison to our external testing partners before, during, and after testing
✓ Create, manage and administer Veracode/User profiles for AD team members
✓ Onboarding and access provisioning for ITRS team members on Veracode, Primeon, Archer, JIRA and AppSec SharePoint site
Shift Timings – 4:00 PM to 1:00 AM OR 5:00 PM to 2:00 AM Job Responsibilities
✓ Should have minimum 6+ years’ experience in Application Security field, secure code reviews and secure SDLC design
✓ Provide multi-disciplinary knowledge, skills and experience in Application security and management
✓ Should have excellent understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding
✓ Thorough understanding of OWASP Top 10 and their mitigation
✓ Serve as the subject matter expert on number of security technologies and security centric standardizations
✓ Deliver client engagements in Application Security and Vulnerability Assessment/Penetration Testing
✓ Should have good experience in conducting Application level testing (SAST/DAST/AEH)
✓ Identify and exploit vulnerabilities in applications and infrastructure
✓ Interact with clients in a collaborative consultative manner to deliver results, provide feedback and remediation recommendations on findings
✓ Act as a consultant/advisor in presenting risk and mitigation controls to the client based on the assessments
✓ Understand the client dynamics and identify new opportunities within the client organization
✓ Prepare reports documenting identified issues based on internal templates
✓ Knowledge of standards like ISO 27001, PCI DSS, HIPAA, NIST, OWASP, etc.
✓ Hands on experience with Veracode, BurpSuite, Nessus, NMap, etc. (preferably Veracode SAST/DAST testing experience)
✓ Write and maintain technical documentation including design docs, test plans, project plans, procedures, incident reports and troubleshooting guides
✓ Participation in the daily planning, tracking, scheduling and execution of deliverables, management activities
Knowledge, Skills and Abilities
Education
• IT Graduate
• Bachelor’s degree in Computer Science, Cyber Security or a related field • Knowledge of Databases, Networks, Hardware, Firewalls and Encryption
Experience • Total of 8 years of overall industry experience with minimum 6 years of experience in Application Security field • Experience in using BurpSuite
• Must process problem solving, planning, and analytical skills to drive continuous improvements
Knowledge and skills (general and technical) • IDS/IPS, penetration and vulnerability testing • Application security and encryption technologies • Secure coding practices, ethical hacking and threat modeling • ISO 27001/27002, ITIL and COBIT frameworks • PCI, HIPAA, NIST, GLBA and SOX compliance assessments • Windows, UNIX and Linux operating systems • C, C++, C#, Java or PHP programming languages • Exposure to IT Archer Findings • Exposure to enterprise share-point • Intermediate MS Office skills

MetLife:

 

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.      

 

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.