Job Description :
Responsibilities
Lead, drive and mentor the Client’s System Team as described below:
50 % Technical work and being security evangelist
Work jointly with the agile teams in iterative sprints to drive the threat modeling, design review, development and testing of CI/CD solutions:
o Collaborate with IT App Delivery Agile teams to educate and implement security practices as a standard from the inception of the work,
o Assist on the security controls to teams in designing new applications,
o Connect with various technical and business teams to brainstorm on new and upcoming industry security best practices,
o Provide technical guidance to developers on discovering and remediating software coding security vulnerabilities.
o Analyze and provide management reporting on vulnerability detection, remediation and compliance trending,
o Partner with architects and application development teams in secure software design,
o Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities,
o Lead Application Security Community of Practice and provide feedback on information Security related processes, tools and procedures,
o Identity Security Vulnerabilities and articulate the business risks to stack holders,
o Expert at uncovering security issues in design and code, and guiding teams to the right fix at the right time,
o Interact directly with the security community regarding vulnerabilities and threats,
o Analyze, assess, and respond to various internet threats,
o Attend sprint demo and PIPE events,
o Review the features and mark it if it requires the Security champion involvement during the Development phase,
Build automation and tests to streamline the code to cash pipeline:
30 % Research work and being solutions analyst
Monitor industry and identify latest application security threats in the technology components we are using,
Formulate and recommend tactical solutions for each Sprint deliveries,
Formulate strategic solutions and establish new secure baseline for all agile teams to consider.
20 % Technical work and being facilitator for speedy adoption
Develop monthly updates of security training and outreach content specific to each agile team’s need,
Lead monthly security training and Community of Practice discussions.
Required Qualifications:
What You Bring:
Demonstrated ability to work effectively with multiple teams and stakeholders balancing competing interests and priorities
Master’s degree in computer science or equivalent professional training and hands-on accomplishments
10+ years of application programming in Python, Java, .Net, and in C interacting with secure authorization methods (Active Directory, SSO/ADFS, Privileged Access Management)
5+ years of hands-on agile (SAFe preferred) and DevOps experience with automating application deployment, continuous delivery, and continuous integration (VSTS, Jenkins, Maven)
Infrastructure Automation (Ansible, Chef, Puppet, AWS Cloud Formation)
Experience with Source Control (Git)
Experience with virtualization and containers (Docker, Kubernetes, Vagrant)
Experience with creating and managing micro-segmentations and secure computing enclaves interacting with event driven processes across multiple programming boundaries such as AWS VPCs
Extra Credit:
Experience in developing native mobile applications in iOS and Android SDKs
Experience in Linux Administration including Bash/shell scripting
Experience administering services on AWS (RDS, VPC, RedShift, EMR, CloudWatch)
Cloud application deployment and monitoring
Ability to use a wide variety of open source technologies and cloud services
Programming experience multiple scripting and programming languages and supporting technologies such as Reagent/React, Clojure/ClojureScript, AWS Lambda, Java, Python, R, Ruby, Go, bash, Swift, Beanstalk, Azure DevOps
Skill/Experience/Education
Mandatory
Must be technically astute but also have the interpersonal and influencing skills to interface with the business and make appropriate recommendations.