Application Security Architect
Information Services | Chennai, Tamil Nadu, India | Full Time
About the Company:
IDP is a global leader in international education services. IDP has been operating for close to 50 years, creating a huge network of opportunity with offices in over 30 countries and a number of separate business lines offering specialized services to our many customers. We help International student’s study in English speaking countries. Our success comes from connecting students with the right course in the right institution and the right country; IDP is also a proud co-owner of IELTS, the world’s most popular high-stakes English language test that helps people to achieve their study and migration aspirations; we operate 11 English language teaching campuses across South East Asia;
IDP’s ongoing success comes from our highly committed and caring employees around the globe. We work collaboratively, as together we have the power to generate outstanding outcomes for our customers. It’s the diverse talent, expertise and passion of our people around that makes IDP unique. We strive to provide a working environment where people are encouraged to excel, be agile and creative, seek new ways to solve problems, take initiative, generate opportunities and be accountable for their actions.
Our brand values have been developed through comprehensive research and align with our customer’s expectations. Our commitment to these values enables our teams to have an impact on the outstanding service we deliver.
We believe education is transformative and that we will never stop learning, which is why we offer our team personal growth with exceptional learning and development. We inspire people to learn for a better future.
This role is part of the IDP Global Cyber-Security team.
The successful candidate for this role will be the focal point for uplifting our Security practices and processes for incorporating security maturity into IDP’s software development and Cloud Architecture.
We have an exciting opportunity for an Application Security Architect to provide the vision & drive in our DevSecOps way of working. As IDP’s AppSec Architect you will work very closely with development teams, Cloud & DevOps engineers to guide them in strong security and privacy approaches, continuously enhance security tooling and tool rules, and building security automations into our CI/CD pipelines and Cloud Architectures.
You will contribute to IDP security practices in AWS and across the all IDP business lines. We are entrusted with the personal information of students and we take this responsibility extremely seriously. With every other member of the team, you will be an expert voice in ensuring that Security and Privacy are a fundamental part of every design and deliverable.
The essential purpose of this role is to provide thought leadership, practical experience, and hands-on skills to continuously “raise the bar” for IDP’s Application Security. You will do great things that have a major positive impact on people’s lives.
- Be part of a team tasked with continuously reviewing IDP’s AWS environment and new initiatives against AWS recommendations.
- Feed into a pipeline of projects and initiatives that must be implemented to keep IDP current.
- We don’t triage security – it is always job zero. No code (or infrastructure) ever moves into production with a known vulnerability. We are entrusted with the personal information of students, and we take this extremely seriously. With every other member of the team, you’ll be an expert voice in ensuring that Security and Privacy are a fundamental part of every design and deliverable.
- Be very comfortable in speaking up if you have a security concern on any aspect of IDPs environment.
- Put in controls to enforce basic security policies such as Encryption at Rest, Encryption in Transit, and other fundamental security considerations on all users of AWS.
- You will regularly utilize AWS features such as Trusted Advisor, Guard Duty, and Well-Architected tools and produce actionable plans. You’ll review these regularly with the Infrastructure leadership and implement them.
- You will continuously review our environment against AWS Best Practice and Well-Architected standards. You’ll make recommendations and improvements in a structured and methodical manner.
- You love technology, are continuously learning and extending your knowledge of best practice and the business value of technology innovations.
- Tertiary Education: Bachelors or master’s in software engineering, Computer Science, or other relevant discipline.
- Deep Knowledge of Application and Cloud Security. Having a great understanding of security threats, practices & defences is the essential skill of this role. You will be able to talk confidently on the various attack vectors and risks facing an organisation such as IDP, the approaches to address those risks and be able to translate this knowledge into practical implementations of security best practices.
- People Skills: You will have a great ability to collaborate with Application and Cloud Engineering teams closely to embed AppSec throughout the product lifecycle. Much of this role will be about working with others to ensure great practices are followed, and then drive automation.
- AWS Cloud: It is important that you have a deep understanding of the AWS Cloud and its security features. You’ll understand the AWS well architected framework thoroughly, can talk to it confidently and be able to drive its implementation at IDP.
- Web Application Development: Having detailed experience in a similar environment to IDPs (Angular front end, Python, Terraform IaC, APIs, BFFs, MSA, EDA, PostgreSQL, SaaS) would make you an ideal candidate for this role.
- Test Automation: You’ll have a great knowledge of the various types of security test automation: what they should be achieving, how to implement them in a manner that achieves our security and privacy objectives and increases the productivity of the delivery flow.
- IDP have strong security and privacy practices but have a drive to massively increase the role of automation in the testing of these practices. You will have specific experience of incorporating security testing into CI/CD pipelines.
- Vendor Evaluations: You’ll have performed a number of vendor/product evaluations and can produce well-reasoned recommendations to senior leadership.
- Communication Skills: Being able to produce clear and practical policy documentation, security patterns and be able to communicate to Software and Cloud engineering teams so they understand both what is required of them, and why.