Information Security Engineer

Inclusion without Exception

Tata Consultancy Services (TCS) is an equal opportunity employer that embraces diversity across race, nationality, ethnicity, gender, age, physical ability, neurodiversity, and sexual orientation. Our goal is to create a workforce that reflects the societies we operate in, supported by equitable workplace policies and processes.

About TCS

TCS is an IT services, consulting, and business solutions organization with over 55 years of experience partnering with global businesses in their transformation journeys. Our portfolio includes business, technology, and engineering services delivered through our unique Location Independent Agile model. As part of the Tata group, India's largest multinational business conglomerate, TCS employs over 612,000 professionals across 55 countries. In the fiscal year ending March 31, 2024, TCS generated revenues of US $29 billion and is listed on the BSE and NSE in India. The company is recognized for its leadership in sustainability, being included in indices like the MSCI Global Sustainability Index and FTSE4Good Emerging Index.

Job Description

Skills and Responsibilities:

1. Conduct security risk assessments of applications, focusing on design and implementation of system and application code.
2. Develop and manage security governance processes and procedures for threat modeling, application security design, and DevSecOps programs.
3. Assist in developing threat modeling governance documentation.
4. Collaborate with information security leadership to develop strategies to enforce threat modeling and address control gaps.
5. Create management reports on residual risk and non-compliance.
6. Monitor compliance with security controls and ensure their proper implementation.
7. Review security controls with application owners to verify requirements are met.
8. Validate security controls against scanning tool outputs for auditability.
9. Assist in filing security standard exceptions as needed.
10. Develop and update secure design patterns and coding standards.
11. Maintain threat libraries and socialize best practices with engineering teams.
12. Provide threat modeling consultancy to application teams, ensuring a positive developer and customer experience.
13. Uphold Blue Box values in all interactions.
14. Develop innovative attack techniques to test and improve security measures.
15. Contribute to security strategies and process development.
16. Support investment decisions through business cases and cost-benefit analyses.
17. Prepare reports to prioritize security activities.

Preferred Qualifications:

• Experience with threat modeling.

TCS Canada Inc. is committed to accessibility, complying with AODA and OHRC. If accommodations are needed during recruitment, please inform Human Resources.

Thank you for your interest. Qualified candidates will be contacted within 2 weeks. We encourage you to apply for other suitable opportunities.