2 Microsoft Sdl Jobs

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

Cybersec Security Advisor Job description: Are you passionate about tackling complex data problems? Do you thrive on using your analytical and cybersecurity skills to solve large-scale challenges? Are you intrigued by the intersection of complex business processes and data-driven approaches? If so, we'd love to hear from you! At Schneider Electric, we are undergoing a transformative journey by leveraging Artificial Intelligence & Automation technologies to empower users with Machine Learning and Cognitive computing, driving business value. Simultaneously, as the number of cybersecurity threats continues to grow, we recognize the importance of having a comprehensive cybersecurity approach across our solutions to safeguard our business and customers. We seek a cybersecurity professional to join our AI Digital Risk Leader & Data Officer team to drive the implementation of Secure development process in our AI organization. To ensure a cohesive cybersecurity strategy implemented throughout our AI HUB, you will collaborate closely with AI Cybersecurity teams but also Autonomous spokes team in NAM and GSC. The role The Security Advisor is responsible for the adoption and implementation of the SDL framework following the Schneider Electric SDL V2 process and in compliance to the SE SDL Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems. The Security Advisor regularly interacts with key stakeholders (including representatives from marketing, R&D offer development, technical leaders, and leadership team members) as well as stakeholders from the Business Unit Security Team and the corporate Product Security Office (PSO) to ensure that cybersecurity guidelines and processes are executed in an efficient and effective manner. Key Responsibilities for the Role • Act as Subject Matter Expert, serve as a consultant and advisor for cybersecurity topics within AI development teams. Provide guidance, coaching and expertise to execute SDL practices such as threat modelling, secure design practices, secure coding and implementation, and security testing. • Gather SDL and Cybersecurity metrics to contribute to data driven strategies and plans to aid in the deployment of SDL and cybersecurity functionality as required by cybersecurity standards such as IEC62443, and to further improve SDL and Cybersecurity effectiveness and efficiency. • Ensure that their assigned development teams abide with risk-driven cybersecurity processes and controls. • Support development teams to manage vulnerability triage and resolution • Support internal SDL audits and Formal Cybersecurity Reviews (FCSRs) and other supported Schneider data security and privacy processes. • Conduct training and presentations to build cybersecurity competencies within teams. • Track organizational maturity using cybersecurity maturity frameworks and track other SDL-related goals as directed. Qualifications - External Key skills and requirements • Ability to align operational/information security policies with business requirements. • Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects. • Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs. • Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews. • Working knowledge of security and privacy standards, regulations, and legislation. • Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices • Experience with AI and ML technologies and services (Machine Learning, Conversational AI, Computer Vision, No Code / Low Code AI) Qualifications & Experience • Customer-oriented with a service-oriented attitude (flexible, personable, and approachable) • Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist. • Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams. • Experience guiding and assisting organizations in implementing security product/system development practices. • Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set. • An understanding of domain appropriate communication mechanisms protocols • Strong communication skills, including the ability to render concise reports, summaries, and presentations. • Project management or technical leadership skills preferred.