Infosec Senior Expert - Application & Product Security Engineering
Join Our Community
Required Skills
Job Description
- *ZEISS in India**
ZEISS in India is headquartered in Bengaluru and present in the fields of Industrial Quality Solutions, Research Microscopy Solutions, Medical Technology, Vision Care and Sports \& Cine Optics.
ZEISS India has 3 production facilities, R\&D center, Global IT services and about 40 Sales \& Service offices in almost all Tier I and Tier II cities in India. With 2200\+ employees and continued investments over 25 years in India, ZEISS’ success story in India is continuing at a rapid pace.
Further information at ZEISS India .
- *Purpose of this position / Position summary**
The Application \& Product Security Engineering Lead (PSEL) is a member of the global Business Information Security organization at the ZEISS Consumer Markets (COM) segment and reports directly to the Head of Business Information Security COM.
The Business Information Security (BIS) organization is responsible for the implementation of information security controls, policies, and processes across the segment in close alignment with Corporate Information Security and the different business functions.
Within the BIS organization, the PSEL owns and drives the **secure development lifecycle (SDL)** and acts as a **technical authority for product, application, and cloud security** , working side\-by\-side with engineering teams.
The PSEL provides lateral technical leadership to 50\+ Security Engineers allocated to the business functions globally. S/he provides guidance to the Security Engineers to identify applicable security requirements, supports threat modelling activities, reviews architecture proposals from an information security and data privacy perspective, reviews and approves the results of security tests and assessments, and monitors the implementation of measures.
The PSEL is strongly integrated in the processes and projects of the respective business areas with a proactive and results\-oriented attitude.
- *Primary duties and responsibilities**
The PSEL is responsible for the definition and the operational implementation of the secure development lifecycle within the business areas developing and maintaining customer\-facing applications, digital platforms, IoT products and production equipment at the ZEISS COM segment:
- Develop, document and enforce security policies and standards aligned with the strategy of the organization.
- Provide professional leadership to the Security Engineers across the segment, providing guidance regarding learning paths and further development.
- Advise teams on secure design and review architecture proposals.
- Guide Security Engineers to identify applicable security requirements. Support them in conducting threat modelling and selecting applicable security controls. Oversee the creation of security documentation.
- Ensure the proper implementation of a secure development lifecycle, including maintenance and the use of security tools, e.g., static and dynamic application security testing, software composition analysis, security monitoring, etc.
- Oversee the planning and execution of security testing activities, including penetration testing and vulnerability assessments. Together with the security engineers, review findings and define countermeasures. Ensure that the relevant findings are remediated before moving to production.
- Coordinate Free and Open\-Source Software (FOSS)\-related activities across the COM Segment. Responsible for ensuring compliance with internal FOSS guidelines in the different functional units.
- Monitor and review the effectiveness of the secure development lifecycle in the business areas. Report on its progress on a regular basis to the business owners and senior management.
- Disciplinary responsibility for the local Information Security resources of the COM Segment in Bangalore.
- *Education / Professional Certification**
University degree in computer science, information technology or related education; with an excellent academic record and ideally focused on security.
Holding a valid certification from a well\-recognized information security organization is of advantage, e.g., ISC2 CSSLP, CISSP.
- *Experience**
At least 10 years’ work experience in software engineering in the industry, related to customer\-facing applications and products, with proven experience in the implementation of security controls. At least 3 years of experience in management positions.
Experience in leading teams from a disciplinary and project point of view. Experience interacting with senior management in multinational corporations.
Experience in designing and implementing a Secure Development Lifecycle for software engineering.
Previous experience in a regulated industry is of advantage, e.g., medical, finance, insurance.
Experience with Microsoft and/or AWS cloud technologies, Linux and Open Source, incl. experience in the development of IoT/device software.
Experience working in an international, multicultural and multidisciplinary environment.
- *Knowledge / Skills / Other characteristics**
Solid software engineering background with an in\-depth understanding of the secure software development lifecycle, including the implementation of security controls.
Good understanding of solution architecture methodologies, capable of reviewing software architecture from a security and data privacy point of view.
Familiar with the applicable international Cybersecurity and Data Protection regulations and standards, e.g., ISO 27k family, IEC 62443 family, NIST security framework, UL 2900, GDPR, HIPAA, Chinese DSL, PIPL.
Excellent Business English skills for professional communication and documentation. Proficiency in further widely used business languages is of advantage.
Proactive attitude and a high degree of initiative.
Soft skills for mentoring and fostering a security culture within the organization. Strong communication skills.
Lateral leadership skills.
Your ZEISS Recruiting Team
Itishree Pani
Similar Jobs
- E
Senior System Engineer - AWS IAM, Python and Agentic AI
EPAM Systems · Gurgaon, Haryana, India
- J
Lead Software Engineer- DevOps, Kubernetes, AWS
JPMorganChase · Bengaluru, Karnataka, India
- H
AWS Cloud Infrastructure & Snowflake Platform Engineer
Haparz · Bengaluru, Karnataka, India
Job Overview
- Job type
- Full-time
- Work mode
- On-site
- Location
- Bengaluru
- Posted
- 1d ago
- Source
- Indeed