Manager - Information Security (Application Security)


The Application Security Manager would need to have at least 12+ years of experience. The Application Security Manager is responsible for managing the Application security related activities and the security governance track of the Application Security Assurance. This role should possess application software expertise, along with excellent communication, project management and organisational skills. The position requires exposure to application security vulnerabilities, different application security testing methodologies and related application security tools. As Myntra you will be bringing cutting-edge approaches to solve business problems, create architecture & design to realise the solutions. This involves working with developers, designers, business analysts and product managers.

In this role, application security manager will be responsible for the security governance and ensuring adherence to application security control and risk analysis in SDLC. The Myntra application includes internally developed applications, third party developed applications, commercial off the shelf (COTS), open source software. The individual should have expertise in application security risk, cloud architecture, application threat modeling, policy writing and familiar with regulatory standards such as ISO 27001 / 27002 and PCI-DSS. Additional responsibilities include managing project plans for new initiatives, working with team members regarding team metrics and assistance with the distribution of weekly and monthly status reports. AppSec manager will interact with the Myntra engineering, architect and tech teams to provide guidance, best practices and technical assistance in addressing application security issues. Managing monthly application security meetings and coordinating training for developers.

Responsibilities and Scope:

    • Collaboratively work with application engineering / architect / development / product teams and guide them to follow the Security gates set as per Myntra application security process 
    • Evaluate application security processes as it relates to application, risk management, threat modelling, security testing, compliance, penetration testing, and security tooling and provide process governance as well as though leadership concerning adjusting to future needs
    • Liaison with engineering, architect and tech teams to address the internal & external requests related to AppSec 
    • Coordinate security training for the Myntra’s development staff to ensure AppSEc policy management to ensure control standards and policies are up to date and consistently followed
    • Coordinate leadership team and manage weekly / biweekly & monthly meetings 
    • Manage and update Key Performance Indicators (KPI’s) for the application security assurance program and for team
    • Manage the application security threat modeling process and coordinate application threat models against the Myntra applications
    • Liaison with various internal teams (Engineering, Application Development, Architecture, Procurement Services, Corp IT) for Application security initiatives and automation efforts. Manage new projects and initiatives related to application security as needs arise
    • Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications 
    • Coordinate with ASAP team members to track internal and external assessment and regulatory compliance and address requests related to the Application Penetration Test, SAST and DAST 
    • Conduct presentations on application security topics to respective leadership and management and provide regular status updates on all assigned tasks and deliverables
    • Maintains security issues logged, tracked and followed up on all reported vulnerabilities (Internal / External). Works with stakeholders for mitigation of risks by following established procedures and continuously monitors application security control
    • Create clear career paths for team members and help them grow with regular & deep mentoring. Perform regular performance evaluation and share and seek feedback.
    • Perform well in uncertainties and collaborate and work with unclear interfaces to other teams in our rapidly evolving organizations

Must Have:

  • Excellent leadership skills to mentor the application security experts under you.
  • Deep understanding of technologies and architecture in a highly scalable and available set-up.
  • Deep understanding & expertise with highly transactional, large relational and complex systems
  • Strong object oriented design skills, and an uncanny ability to design intuitive module and class-level interfaces
  • Superior project management skills to manage multi-engineer projects and experience of delivering high quality projects on time
  • Above 12 years of experience with technology depth as well as good people skills
  • Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile, CI/CD
  • Exposure to the Application Security Vulnerabilities (OWASP Top 10), security testing methodologies and related tools such as Fortify, WebInspect, BurpSuite
  • Programming experience (Java/J2EE, JavaScript, AJAX, PHP, Python) will be an added advantage
  • Good Knowledge and familiarity with Operating system administration – Windows & Linux
  • Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive

Nice to Have:

  • Able to establish credibility with smart engineers quickly, and provide longer term vision and motivation.
  • Great people skills to closely work with other teams. Product Management, Business Development, and Operations, all need your expertise to ensure superior solutions match our scale of operations.
  • Very high technical competence, strong technical background with track record of individual technical accomplishments – Ability to play the role of the architect for the team