Job Description
Work with product development, management, engineering and operational teams to develop best of breed security architectures supporting compliance, customer requirements and operational SLAs
· Provide practical guidance to engineering teams to support the implementation of security controls, guidelines, recommendations and best practices
· Develop and implement Secure Development Lifecycle (SDL) processes and (automated / Dev ops) tools, integration to CI/CD
· Assist engineering teams in performing Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategies
· Assist teams in identifying mitigation approaches for of vulnerability and static/dynamic scan results
· Identify technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
Requirements:
· Strong understanding of application security and industry standards and best practices (OWASP / SANS / NIST)
· Strong understanding of SDLC and Secure Development Lifecycle (SDL) including performing threat modeling and risk assessments
· Strong understanding of integration of security in CI/CD pipeline, DevOPS, DevSecOPS
· Experience designing and implementing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation)
· Must be a self-starter and able to work well with others in a fast-paced agile environment with an emphasis on collaborating and assisting the team to meet business objectives