Job Title- Application Security Location- Gurugram/Noida Core Responsibilities: + Manage Static Analysis onboarding queue and onboard applications to SAST/SCA tools. Integrate security testing into CI/CD pipelines. + Assist Development teams to perform static analysis and software composition analysis on their applications to identify vulnerabilities and security risks. + Implement and maintain security tools, for SAST (Static Application Security Testing) and SCA (Software Composition Analysis). + Collaborate with development teams to address security findings, provide guidance on secure coding practices. + Develop and maintain security standards, policies, and procedures. + Participate in code reviews, ensuring secure coding practices. + Work third-party vendors providing SAST/SCA services to support uninterrupted code scanning from CI/CD pipelines for AON Development teams. + Provide metrics to Code Security leadership to measure adoption and usage of SAST/SCA tools + Stay up-to-date with emerging threat landscape, technologies, and industry trends. + Support governance and compliance audits related to PCI, HIPAA, Sox and other regulations when needed + Help with incident response when needed Required Experience: + Overall 5-7 years experience in IT with at least 2-3 years of relevant experience working in Application Security and Security in the SDLC. + Strong experience in Code Security, Static Analysis, performing manual source code reviews and using SAST/SCA and other Security testing tools + 2 years of hands-on experience with SAST tools in CI/CD. Must have experience with integration and deployment of these tools in ADO, GitHub, GitLab, and other DevOps environments. + Strong work ethic with the ability to effectively multitask in a fast-paced environment + Advanced level of understanding on Static Analysis tools (Checkmarx, Snyk, Blackduck, Gihub Advanced Security, Fortify etc) and their integration with SDLC/DevOps. + Advanced level understanding of OWASP TOP 10 and SANS TOP 25 vulnerabilities + Strong level knowledge of at least one common compiled language (e.g., C, C++, Java, .NET) and one scripting language (e.g., Perl, Bash, Python, Ruby) + Advanced level knowledge of JavaScript, HTML etc. + Intermediate level web programming ability (e.g., ASP.NET, PHP, Perl CGI, or Java) + Advanced level understanding of the cryptography concepts. + Should have understanding of DevOps (CI/CD, Release/ deployment automation), public cloud(AWS, Azure, GCP), cloud native technologies(Containers, Server less), microservices architecture etc. Preferred Experience: + Security certifications like CISSP, CEH, OSCP or equivalent strongly preferred. + Hands-on experience with SAST tools in CI/CD + Excellent problem-solving and critical-thinking skills + Understanding of emerging technologies and corresponding security threats + Self-motivated, flexible, with a ‘can do’ attitude. + Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply in day-to-day work + Multi-cultural approach, and ability to interface with all levels of the organization + Strong analytical, conceptual and problem-solving skills + Accountability and reliability, personal involvement + Pro-activity, initiative, and autonomy How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com #LI-RK2 2555434 Job Title- Application Security Location- Gurugram/Noida Core Responsibilities: + Manage Static Analysis onboarding queue and onboard applications to SAST/SCA tools. Integrate security testing into CI/CD pipelines. + Assist Development teams to perform static analysis and software composition analysis on their applications to identify vulnerabilities and security risks. + Implement and maintain security tools, for SAST (Static Application Security Testing) and SCA (Software Composition Analysis). + Collaborate with development teams to address security findings, provide guidance on secure coding practices. + Develop and maintain security standards, policies, and procedures. + Participate in code reviews, ensuring secure coding practices. + Work third-party vendors providing SAST/SCA services to support uninterrupted code scanning from CI/CD pipelines for AON Development teams. + Provide metrics to Code Security leadership to measure adoption and usage of SAST/SCA tools + Stay up-to-date with emerging threat landscape, technologies, and industry trends. + Support governance and compliance audits related to PCI, HIPAA, Sox and other regulations when needed + Help with incident response when needed Required Experience: + Overall 5-7 years experience in IT with at least 2-3 years of relevant experience working in Application Security and Security in the SDLC. + Strong experience in Code Security, Static Analysis, performing manual source code reviews and using SAST/SCA and other Security testing tools + 2 years of hands-on experience with SAST tools in CI/CD. Must have experience with integration and deployment of these tools in ADO, GitHub, GitLab, and other DevOps environments. + Strong work ethic with the ability to effectively multitask in a fast-paced environment + Advanced level of understanding on Static Analysis tools (Checkmarx, Snyk, Blackduck, Gihub Advanced Security, Fortify etc) and their integration with SDLC/DevOps. + Advanced level understanding of OWASP TOP 10 and SANS TOP 25 vulnerabilities + Strong level knowledge of at least one common compiled language (e.g., C, C++, Java, .NET) and one scripting language (e.g., Perl, Bash, Python, Ruby) + Advanced level knowledge of JavaScript, HTML etc. + Intermediate level web programming ability (e.g., ASP.NET, PHP, Perl CGI, or Java) + Advanced level understanding of the cryptography concepts. + Should have understanding of DevOps (CI/CD, Release/ deployment automation), public cloud(AWS, Azure, GCP), cloud native technologies(Containers, Server less), microservices architecture etc. Preferred Experience: + Security certifications like CISSP, CEH, OSCP or equivalent strongly preferred. + Hands-on experience with SAST tools in CI/CD + Excellent problem-solving and critical-thinking skills + Understanding of emerging technologies and corresponding security threats + Self-motivated, flexible, with a ‘can do’ attitude. + Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply in day-to-day work + Multi-cultural approach, and ability to interface with all levels of the organization + Strong analytical, conceptual and problem-solving skills + Accountability and reliability, personal involvement + Pro-activity, initiative, and autonomy How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com #LI-RK2