- Understand technical and business requirements to develop tactical and strategic roadmaps to address and implement Secure SDLC controls (Data Privacy, SAST, DAST, etc).
- Collaborate with members of the team and product owners to solve operational issues and develop enhancements such as automation.
- Ensure applications stay compliant by integrating application and DevSecOps processes and CI/CD pipelines from early stages of the lifecycle.
- Collaborate with team members on continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes.
- Provide security techniques and expertise to ensure the infrastructure and software services meet specific customer security requirements/certifications
REQUIREMENTS
- Bachelor Degree in information security, computer science.
- Require good knowledge in automatic configuration management tool
- Good knowledge of threat modeling, risk assessment techniques, code reviews, and with the latest security best practices
- Experience with Authentication and Authorization solutions.
- Experience with static code analysis for software or infrastructure as code, including SonarQube,Terraform.
- Experience in developing integration APIs and WebServices (REST/SOAP), API Development
- Experience with vulnerability scanners, including Tenable Nessus, Qualys, ...
- Experience working in an Agile, DevOps/SecDevOps environment.
- Experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments.
- Experience working in a Security role handling on premise and cloud infrastructures.
- Good knowledge of containers and orchestration platforms. Need to know how to create, build, deploy and manage containers in development and production environments
- Understanding of secure software development practices- AppSec- Security and/or regulatory experience desired, OWASP 10 and Web Application Security, Mobile Application Security, API Security.
- Require good knowledge of CI/CD tools
