Consultant- Application Security Engineering (Cyber Security)

General Mills

General Mills

Mumbai, Maharashtra, India
Posted on Thursday, March 9, 2023

Job Description

India is among the top ten priority markets for General Mills, and hosts our Global Shared Services Centre. This is the Global Shared Services arm of General Mills Inc., which supports its operations worldwide. With over 1,300 employees in Mumbai, the center has capabilities in the areas of Supply Chain, Finance, HR, Digital and Technology, Sales Capabilities, Consumer Insights, ITQ (R&D & Quality), and Enterprise Business Services. Learning and capacity-building is a key ingredient of our success.

Shift Timings - Regular 

About General Mills
We make food the world loves: 100 brands. In 100 countries. Across six continents. With iconic brands like Cheerios, Pillsbury, Betty Crocker, Nature Valley, and Häagen-Dazs, we’ve been serving up food the world loves for 155 years (and counting). Each of our brands has a unique story to tell.

How we make our food is as important as the food we make. Our values are baked into our legacy and continue to accelerate us into the future as an innovative force for good. General Mills was founded in 1866 when Cadwallader Washburn boldly bought the largest flour mill west of the Mississippi. That pioneering spirit lives on today through our leadership team who upholds a vision of relentless innovation while being a force for good. The awards and recognition we’ve received showcase our commitment to be a force for good:

• World’s Most Admired Companies, Fortune 2022
• America’s Most Responsible Companies, Newsweek 2022
• 100 Best Corporate Citizens, 3BL 2021
• Best Places to Work for LGBTQ Equality, Human Rights Campaign 2022
• 100 Best Companies, Seramount 2021
• Diversity Best Practices Leading Inclusion Index, Seramount 2021
• Best Companies for Dads, Seramount 2021
• Best Companies for Multicultural Women, Seramount 2021
• Top 10 Companies for Executive Women, Seramount 2021
• Military Friendly Employer Bronze, VIQTORY 2021
• Best Place to Work, Canada, Greater Toronto, 2021
• Top 50 – India’s Best Workplaces for Women, 2021
• Top Workplaces in Brazil, 2021
• Asia’s Best Workplaces, 2021


Hungry for What’s Next
We exist to make food the world loves, and it shows. Our passion for people, doing good and creating delicious food has energized us for over 150 years. Breaking away from the pack is how we win, so we need your unique perspectives: your quirks, ‘crazy’ ideas, rigor and insatiable curiosity to make it happen. We want people who constantly experiment, embracing the new and bold, who keep pushing to turn ideas into reality, no matter how big or small. We’ve learned becoming the undisputed leader in food means continuously reshaping, reimagining and rebuilding— that only happens when you surround yourself with those who are hungry for what’s next.


For more details check out www.generalmills.com


General Mills India Centre
General Mills India Center (GIC) operates out of Mumbai and supports the global operations of General Mills. The center was established in 2005 and has grown in strength. Today, we are a vibrant and diverse team of over 1500 employees that come together to champion business services for the various global entities of General Mills in the areas of Business Operations, Analytics Consulting, Logistics, Finance, IT Development & Technology Consulting, Consumer & Market Intelligence, Sales Capabilities, Research & Development.


Digital and Technology team
Digital and Technology is the largest team in GIC, which focuses on understanding the latest and innovative trends in technology and leading the adoption of cutting-edge technologies at General Mills. The team closely collaborates with global business teams to understand business models and assess where technology can leverage to bring efficiency and disruption. Be it AI/ML, Data Science, IoT, NLP, Cloud, Infrastructure, RPA and Automation, Digital Transformation, Cyber Security, Blockchain or Enterprise Architecture, GIC Digital and Technology has something for every technology enthusiast who wants to work here. Our MillsWorks initiative is where we bring agile@scale delivery model to life. Here, business and technology teams work cohesively in pods as ONE team, driven by a singular mission and focused on delivering value for the Company. Our employees, who work on large technology projects of strategic importance, are the Digital Transformation change agents.

Our service partnerships and employee engagement are centered on advancing equity and strengthening communities. We believe in an inclusive culture and trust in the power of people who have a passion for learning and growing with technology. We believe in “Work with Heart”. Work with Heart is focused on results, not facetime. If you are passionate about the latest in technology and want to make an impact on the digital transformation journey of a Fortune 500 company, we're waiting for you.


Job Overview

Role: Consultant, Application Security
Location: Mumbai
The Digital and Technology team of General Mills India Centre is looking for a passionate and enthusiastic individual to contribute to the Global Digital Transformation initiative at General Mills in capacity of Consultant, Application Security Engineering. This role will report into Manager Cyber Security Engineering & Operations in India and functionally collaborate with global Cyber Security. It is an Individual contributor role.
As a member of Application Security Engineering (Cyber Security), you should have required skills and experience to enable an organization to define/build/run world-class Application Security Program Strategy and Planning.
Execute multiyear vision and strategy, develop a comprehensive plan, define clear and actionable goals to achieve program goals.
Aligning people, process, and technology to address application security risks holistically.
Build/Support a AppSec program that addresses the challenges of today and the opportunities of tomorrow.


Role Responsibilities
• Help define/build/run Application Security Program.
• Partner with Cyber Security teams to understand the internal and external security risks AppSec program needs to address and recommend automation wherever possible.
• Partner with Cyber Security, Infrastructure and Application Development team to identify missing or weak security controls, create standards based on best practices, evaluate new products and services, and design a software lifecycle management program that protects our most important assets.
• Partner with Cyber Security teams during implementation of various internal security testing tools and recommend tools that help fix problems at scale.
• Support and consult Cyber Security, Product, and Development teams for application security, including threat modelling and AppSec reviews.
• Managing Web application firewall (WAF) configuration and security policies.
• Designing technical solutions to address security weaknesses.
• Develop, enhance, and interpret security tools and standards across the enterprise.
• Equip development teams with the skills they need to produce more secure software, web, and mobile applications.
• Implement milestones and metrics to measure success.
• Exceptional problem solving and analytical skills, able to quickly analyze and offer solutions to issues/problems encountered.

Must have technical skills and competencies
• 2 Years of experience/understanding of Application Security and Cyber Security
• 3 Years of experience in Application development, CI/CD and devolving large scale enterprises software
• Passionate about Secure by Design/Zero Trust Architecture
• Experience using front-end development tools and in web application design
• Experience securing applications leveraging both cloud native and cloud agnostic tools
• Experience implementing Secure Development Life Cycle(SDLC) and DevSecOps
• Experience in deploying and managing WAF for application security
• Understand application hacking and exploitation techniques.
• Well-versed in web application security, web, and mobile applications penetration testing, and risk assessment.
• Working knowledge on exploiting and fixing application vulnerabilities
• Knowledge of Vulnerability Management procedures, tools and techniques
• Knowledge of SCA, SAST, DAST & IAST security testing tools
• Knowledge of different type of security tools like NMAP, Veracode, Netsparker and Wiz etc
• Familiar with terminologies like CVSS, CVE, CWE, OWASP, MITRE, SANS 25 etc
• Knowledge of OWASP Top 10 and CWE 25, with experience in remediation techniques
• Understand how to interpret vulnerability reports and advisories.
• Excellent communication skills - verbal and written
• Must have a strong risk-management and continuous improvement mindset
• Proven self-driven with ability to drive and prioritize/complete multiple tasks independently
• Demonstrated mental agility and ability to push through ambiguity and obtain results
• Must possess strong analytical thinking and intellectual integrity
• Bachelor’s Degree in Computer Science or related field

Good to have skills
• Certified Information Systems Security Professional (CISSP) or other ISC2 security certification
• Certified Application Security Engineer (CASE)
• Certified Ethical Hacker (CEH) or other EC-Council certification
• Any relevant SANS Institute security certification




We exist to make food the world loves. But we do more than that. Our company is a place that prioritizes being a force for good, a place to expand learning, explore new perspectives and reimagine new possibilities, every day. We look for people who want to bring their best — bold thinkers with big hearts who challenge one other and grow together. Because becoming the undisputed leader in food means surrounding ourselves with people who are hungry for what’s next.