Diageo Hiring for Lead – Vulnerability Management at Bangalore, India Full Time

Job Description :

The VM lead is responsible for managing the application security in heterogenous IT environment in Diageo, which includes websites, APIs for consumers, customers, corporate functions, and supply across on-premises, cloud, and 3rd party hosting. This role will also be responsible for oversight & support of the DevSecOps practices and cloud-native security testing.

Responsibilities:

• Be a subject matter expert on our cross-functional security projects with end-to-end ownership on topics such as CI/CD integration and automation, SAST/DAST/SCA security, API security, vulnerability disclosure program/bug bounties and more.

• Lead and guide threat modeling sessions and secure remediation planning discussions with application teams.

• Create security guidance and documentation.

• Work closely with our Security Awareness team to help shape targeted and focused application security training programs for our developers/engineers.

• Contribute to the identification of key metrics within the Application Security space and effectively communicate those metrics/KPIs across the various levels of stakeholders across the organization.

• Implement and automate security controls, governance processes, and compliance validation in the Application security COE

• Influence and lead other members of the Application security testing, DevSecOps and other users such as architect, developers and testers in applying the right security architectures and best practices

Experience

• 6 + years of experience in Application Security Testing (API, Web application, Thick clients)

• Broad knowledge of security technologies for applications, databases, networks, servers, and desktops

• Good understanding of application security concepts, protocols, topology and application security guidelines

• Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls.

• In-depth, knowledge on the platforms at scale for containerized workloads

• Solid understanding of Azure DevOps and Hands on knowledge of contemporary DevSecOps practices and working in Agile environments with multiple development teams

• Experience with supporting enterprise Cloud applications or infrastructure

• Possess experience in information system compliance with government standards and industry best practices including, but not limited to NIST, OWASP, CWE, OSSTMM and SANS

• Hands on experience in Dynamic security testing of web based application Knowledge of Secure SDLC and Security standards like OWASP, SANS, CWE, NIST, OSSTMM

• Experience on both commercial and open source tools Burpsuite, metasploit, AppScan, WebInspect, SSLScan, Soap UI Pro, SOAPSonar, Skipfish, Qualys,Nikto, Nessus, nmap, sqlmap, OWASP ZAP

• Understanding of emerging technologies and corresponding security threats

• Knowledge in building secure CI/CD pipelines (GitHub Actions preferred). All things as-code mindset to expand to security teams.

• Ability to manage and prioritize between multiple tasks and projects.

• Proven success collaborating with many product development groups

Worker Type :

Regular

Primary Location:

Bangalore Karle Town SEZ

Additional Locations :

Job Posting Start Date :

2023-09-07

With over 200 brands sold in more than 180 countries, we’re the world’s leading premium drinks company. Every day, over 30,000 talented people come together at Diageo to create the magic behind our much-loved brands. From iconic names to innovative newcomers – the brands we’re building are rooted in culture and local communities. Our ambition is to be one of the best performing, most trusted and most respected consumer products companies in the world.

Our founders, such as Arthur Guinness, John Walker, and Charles Tanqueray, were visionary entrepreneurs whose brilliant minds helped shape the alcohol industry. And through our people, their legacy lives on. Join us, and you’ll collaborate with talented people from all corners of the world. Together, you’ll innovate and push boundaries, shaping a more inclusive and sustainable future that we can all be proud of.

With diversity at our core, we celebrate our people’s unique passions, commitments and specialist skills. Because when varied voices, mindsets, and personalities come together, great ideas are born. In our supportive culture, your voice will be heard and you’ll be empowered to be you. Just bring your ambition, curiosity and ideas, and we’ll celebrate your work and help you reach your fullest potential.

DRINKiQ

What’s your DRINKiQ? Take our quiz to understand how alcohol is made and explore the effects of drinking. You can discover everything you need to know at DRINKiQ (https://www.drinkiq.com/en-gb/)