[ZAG056] - Senior Technical Analyst - Application Security

[ZAG056] - Senior Technical Analyst - Application Security

03 May
Fidelity International
Gurgaon district

03 May

Fidelity International

Gurgaon district

Department Description

The Information & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. 

Information Security & Technology Risk (ISTR) is responsible for:

- Cyber Security:

Protecting the Technology Environment from internal and external security threats,Application Security (through secure coding practices, penetration testing, and developer training)Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access ControlInfrastructure SecuritySecurity Engineering and ArchitectureSecurity Application SupportCyber Defence Operations

- Information Security Risk Management

- Technology Risk and Audit Management,

- Technology Service Continuity

Application Security is part of IT Security group within the Information Security and Technology Risk (IS &TR;) Technology organisation of Fidelity International and is responsible for maintaining the Confidentiality, Integrity and Availability of Fidelity Information Systems, across a multi-regional, global company network.

Purpose of your role

Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.

This position will focus on security of new and existing services to support business functionality. The role will involve working closely with development groups to securely design, develop and implement services and components.

The role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out Security reviews i.e. Secure Requirement Review, Secure Design Review, Code Review, and Penetration Testing. This role would also demand interaction with Fidelity vendors to conduct risk assessment. The job involves working closely with development groups, Enterprise Architecture, ISO (information Security Officer) so that the applications are compliant with FIL Information Security Standards.

The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. FIL Systems are implemented in a wide range of technologies based on architectural standards.

Key Responsibilities

Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Design review, Code Review, Penetration testing (Ethical Hacking), Vendor Risk Assessment.

Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.

Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.

Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.

Review design and development artefacts to ensure security quality in the products being developed.

Evolve security review processes in accordance with Information Security Standards and market best practices.

Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams.

Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.

Provide diligent and competent service to customers by delivering an impartial and accurate service with Integrity, honesty and in accordance with the Information Security Policy and Standards

Foster security awareness and understanding.

Experience and Qualifications Required

Must Have

4-6 years of conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.

Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)

Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code

Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements

Knowledge of attack vectors from OWASP, WASC and mitigation of the same.

Knowledge in various open source security tools such as proxies, fuzzers etc

Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).

Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols

Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity

Capable of understanding end user requirements from security perspective

Sound business and technical acumen

Good to Have

Integrate Security into DevOps and enable security automation in CI/CD pipeline

Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.

Focused and versatile team player that is comfortable under pressure

Ability to remove barriers and enable teams to complete their objectives

Excellent problem-solving and critical-thinking skills

Understanding of emerging technologies and corresponding security threats

Self-motivated, flexible, with a ‘can do’ attitude.

Solid influencing skills

Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.

Fidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately-held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 locations and with $611.4 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.

Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $471 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.

Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.

As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 30 September 2020. Read more at

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: [zag056] - senior technical analyst - application security
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert