Ingram Micro
Join our Talent Network

This site uses and sets "cookies" on your computer to help make this website better. You can learn more about these cookies and general information about how to change your cookie settings by clicking here. By continuing to use this site without changing your settings, you are agreeing to our use of cookies.

Skip to main content

Principal, Information Security-IND

Mumbai, India
Job ID: 57789

Share:

Description

Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.   

At Ingram Micro, we believe that Security must be part of our software DNA, delivered through SSDLC and DevSecOps. As Principle, Software Security Engineer, you will lead and champion a team of Software Security Engineers and Developers to deliver and propagate a mature SSLDC and DevSecOps practice across all R&D groups globally. If you are passionate about building a Culture of Security within Agile, CI/CD and DevSecOps come join our team!  

Position Summary 

  • Integrated Security SME within the SSDLC to ensure security is always included at every phase  
  • Perform application/software security risk assessments for custom developed code 
  • Gain deep insight into the software being developed to ensure security is part of the value chain 
  • Partner with the Cloud Security Operations Engineering Teams for frictionless release handoff within DevSecOps 
  • Lead application security reviews and threat modeling, including code review and dynamic testing 
  • Lead the delivery of the secure software delivery framework (SSDF) through building of security technical roadmap 
  • Own and perform application/software security vulnerability assessments   
  • Lead in development of automated security testing to validate that secure coding best practices are being used   
  • Champion security recruiting activities with leadership 
  • Perform assessments of SDLC processes, guide and advise software development teams as SMEs in application security at every phase of the SSDLC  
  • Develop and deliver application/software security training and outreach to build security champions within the organization 

Job Qualifications  

  • Strong understanding and experience with common security libraries, security controls, and common security flaws   
  • Strong programming experience with the ability to code exploits in at least one language; Java, C++, C#, Ruby, preferably on a Linux/Unix platform to be able to target security weaknesses 
  • Be a subject matter expert (SME) of at least 1 technical area impacting the security software 
  • Strong experience working closely with developers within SSDLC leading secure software development project and building a SSDF 
  • Proven experience with threat modeling as well as software security risk assessment, converting the data into threat reports and action plans 
  • Experience with standards, frameworks, and certifications such as NIST SSDF, OWASP Top 10 and ASVS, BSIMM, ISO27034, ISO27001, CSA STAR, SOC2 and PCIDSS   
  • Experience working with vulnerability assessment, SAST, DAST, CSA tools 

Education & Experience 

  • Four-year degree in software or security engineering or related field    
  • Minimum 8 years of experience in software development and/or security including a minimum of 5 years of experience including offensive security, software development, application security 
  • Preferred Certifications: CSSLP, CSDP, CEH, CISSP, CCSP, OSCP, OSWE, GPEN, GXPN 

Other Information 

  • Provide three work references  
  • Pass a criminal background check 
  • Pass a proficiency exam related to the role 
Ingram Micro
Share:
mail

STILL LOOKING?

Get updates about the latest job openings
that match your skills.

Sign up today