Tasks include:• Ensure ‘Secure by design’ principles using:
o automated security review of code,
o automated application security testing,
o Design and integration of cyber security toolsets to enable automated discovery, remediation, and alerting of system vulnerabilities
o Education & Training• Assist with QA and Testing, and development of Continuous Integration (CI)• Work with Developers on strategies to mitigate application security threats and vulnerabilities• Ensure developers codify compliance requirements and embed secure coding practices (OWASP)• Conduct and lead Threat Modelling/ Risk Assessments exercises• Handle Security Documentation
o Threat Models
o List of Shared services and shared risk
o Schematic of security integration points
o List of security controls
o Version control, metadata and orchestration (automation)• Analyze emerging technologies to design and build architectures and solutions to enable secure implementation of new technologies.• Stay informed on current and emerging security threats, communicate with the organization, and advocate for and assist with remediation in a timely manner.
Desired Skills:
• Background with Software development and/or Scripting (C/C++,Java, JavaScript, Go, bash, Powershell, Terraform, Ruby, Python)• Knowledge of code-scanning tools: Checkmarx, AppScan, Fortify, BlackDuck, SourceClear, WhiteSource• Experience in Automating Application Scanning/Penetration Testing + Integration with Remediation processes• Experience in Configuration Management software (Chef, Ansible, Puppet, SaltStack, etc)• Background in Linux/Unix Administration• Knowledge of network architecture, protocols, and standards• Understanding of OWASP and CIS security standards;• Experience in Lambda, AWS Simple Notification System (SNS), AWS Simple Queue System (SQS), Docker, Kubernetes, Ansible, Jenkins CI/CD and BitBucket server;
Advantage:• Certifications in DevOps and/or Cloud security and architecture (Amazon AWS Certified Solutions Architect – Professional, Amazon AWS Certified DevOps Engineer – Professional)• Effective written and oral communication with multiple levels of leadership involving both business and technical sides of the business