Early on, Orange defined its role to address some of today’ssocialchallenges linked to our industry: promoting responsible mobile phone use, raising awareness of screen time, recycling mobile phones, and fighting against cyber bullying.
Conduct security assessments and code reviews to identify vulnerabilities in applications
Collaborate with development teams to integrate security best practices into the software development lifecycle
Design and implement security controls and measures to protect applications from threats and attacks
Perform security testing, including penetration testing and vulnerability scanning
Understanding of encryption, authentication, and authorization mechanisms
Protecting applications at runtime by monitoring and blocking malicious activities
Preventing attacks like code injection, SQL injection, and remote file inclusion and security remediation
Strong analytical and problem-solving skills
Stay updated with the latest security threats and industry best practices
Provide guidance and support in remediating security findings and implementing secure coding practices
Contribute to the development and maintenance of security policies, standards, and guidelines
Participate in incident response and security incident investigations as needed
Must be an effective communicator, balancing business goals with engineering goals, efficiently manage a communication with the
business owner of a project Write elegant, clean, and well-solution documentation
Preferred candidate profile:
BE/B.Tech in Computer Science. or MCA or equivalent
Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP))
Good to have ISTQB certification.
Knowledge of DevOps practices and tools
Experience with security standards and frameworks (e.g., ISO 27001, NIST, PCI DSS)
Must have experience in web app securities using SSL and other technics.
Knowledge of common application security vulnerabilities (e.g.,OWASP Top 10) and mitigation techniques.
Proven experience in application security, secure coding practices and secure software development lifecycle.
Should have experience in any security tool like Contrast Security, Screen, and Waratek, VMware Air Watch, Microsoft Intune, and MobileIron.
Experience with secure development frameworks and tools.
Knowledge of cloud security principles and best practices.
Understanding of regulatory compliance requirements (e.g., GDPR,HIPAA).
Familiarity with Dev SecOps practices and tools.
Familiar with tools to identify potential security vulnerabilities.Examples include Veracode, Checkmarks, and Fortify.
Ability to complete all phases of software development life cycle (SDLC) including analysis, design, functionality, testing and support.
Should have working knowledge of using a latest development tools and techniques like TFC, GIT, DevOps, Jira.
Understanding of modern development methodologies and tools including Agile (XP and Scrum), Rapid Application Development, etc.
Interested candidate can share their resume along with basic details on jyotsna.bisht@orange.com
