Job Title- Application Security Lead

Position type- Full Time      

Work Location- Delhi NCR

Working style- Hybrid         

Cab Facility-yes 

Shift Time - 12.30-9.30PM

Required education and certifications critical for the role- Any Graduate or Post-Graduate (full time)

Required years of experience – 9-15 years of relevant experience

It’s an exciting time to be at Aon!  We are seeking a motivated and innovative Lead Code Security to join our growing Global Cyber Security organization. This position, reporting to the Senior Product Security Leader, and will work closely with various application teams to integrate security into the Software Development Lifecycle and manage application security risks. We look for individuals who have a passion for identifying and fixing security vulnerabilities in Application Code.

The Role will primarily focus on onboarding applications to AON’s standard DevSecOps tools for SAST, SCA & Secrets Scanning. The role will execute Application Security plans including onboarding applications to DevSecOps tools, provide expert analysis of findings to separate the noise (false-positives) from the signal (true-positives), work with the Application Development teams and drive remediation work on the findings, document the most commonly occurring vulnerabilities and their solutions, and collect metrics to inform leadership about the current threat landscape and overall Application security posture.

A successful candidate should be able to demonstrate experience in automating security at scale by building and implementing static analysis and software composition analysis tools and integrating security into the Software Development Lifecycle. 

Aon is in the business of better decisions

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive team and we are passionate about helping our colleagues and clients succeed.

What the day will look like

• Manage the applications queue for SAST onboarding and integrate application build pipelines with SAST and SCA tooling. 
• Execution of plans and procedures related to SAST and SCA integration with CI/CD pipelines for all Aon applications.
• Support application development engineers with the integration of SAST/SCA IDE scanning plugins.
• Support application development teams to resolve scan failures, modify pre-scan settings and scan configurations according to the needs of the individual applications. Fine tune scan rules and configurations in SCA, SAST tools to minimize number of false positive observations.
• Assist with tool access requests, provisioning and Role-based access engineering for SAST and SCA tools and responding to other specific application security requests.
• Interface with global application teams to execute static analysis and triaging of findings.
• Manage the relationship with third-party vendors providing SAST/SCA services to support uninterrupted code scanning from CI/CD pipelines for AON Development teams.
• Consults with external Vendors (Application Security tool vendors), internal business users, Application Development teams and Infrastructure technology teams, including GSS, Network, Cloud Security, IAM and other DBAs and Server admins as needed to implement changes or resolve issues with the execution of Application Security tools and processes. 
• Assist with the continuous process and quality improvement initiatives in the Application Security space.
• Provide guidance to application engineers on application security concepts and static analysis issues and provide remediation guidance.
• Document and distribute the latest guidance in Application Security tools and processes and enable the Security Champions to be the first point of contact for their teams Application Security needs. 
• Develop verifiable metrics (e.g., tracking and monitoring adoption of AppSec tools, aggregation of Application Security data) associated with monthly and quarterly reporting.
• Provide metrics and analytics data to inform Cybersecurity leadership about the current threat landscape facing Aon applications and the overall Application security posture.
• Support governance and compliance audits related to PCI, HIPAA, Sox and other regulations
• Help with incident response when needed.

.

Skills and experience that will lead to success

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity or related field.
• Overall 7-8 years experience in IT with at least 5 years of relevant experience working in Application Security and Security in the SDLC. 
• Strong knowledge of Application Security testing, and performing manual source code reviews
• Strong work ethic with the ability to work independently and multitask effectively in a fast-paced environment.
• Solid understanding of OWASP 10 and SANS Top 25 Security Vulnerabilities.
• Strong experience working with one or more of SAST, DAST, SCA and AppSec tool suites such as Snyk, Checkmarx, Burp, Fortify, Coverity, Blackduck, etc.
• Experience with various DevOps build environments/tools (e.g., Azure DevOps, GitHub, Gitlab, Bitbucket, TeamCity, Jenkins etc)
• Proficiency in one or more programming languages such as C#, Java, Javascript, Python. Familiarity with Python scripting.
• Experience working with any of public/private cloud environments (Azure/AWS/GCP)
• Strong experience working in an Agile environment as part of a AppSec team or multi-disciplinary IT Team to deliver secure software.
• Experience with ticketing and workflow tools such as ServiceNow and Jira

Preferred Experience:

• Hands on development experience of 3 years or being the Security Champion in a Development team doing hands-on development and security focused source code reviews.
• Security certifications like CISSP, OSCP, CEH, CCSP or equivalent preferred.
• Excellent problem-solving and critical-thinking skills.
• Understanding of emerging technologies and corresponding security threats
• Self-motivated, flexible, with a ‘can do’ attitude.
• Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply in day-to-day work
• Multi-cultural approach, and ability to interface with all levels of the organization
• Strong analytical, conceptual and problem-solving skills
• Accountability and reliability, self-motivation.
• Pro-activity, initiative, and autonomy.

How we support our colleagues

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself.  We offer a variety of working style solutions for our colleagues as well. 

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. 

We are committed to providing equal employment opportunities and fostering an inclusive workplace. If you require accommodations during the application or interview process, please let us know. You can request accommodations by emailing us at [email protected] or your recruiter. We will work with you to meet your needs and ensure a fair and equitable experience.

#LI-RK2