JOB DESCRIPTION
- Build secure development processes aligned with development methodologies
- Create security awareness and train developers, testers, and business analysts on secure development
- Create and maintain technical documents such as secure coding guidelines, security checklists, and technical security requirements
- Ensure security is built into developed applications
- Perform security assessments: Attack surface analysis and reduction, threat modeling, data
- protection, secure code reviews, SAST and DAST analysis, security testing Code pipeline security
- Develop fixes and seek solutions for software vulnerabilities
- Assess and monitor the production cloud infrastructure hosting applications for vulnerabilities and misconfigurations
- Conduct security audits across the product stack and underlying infrastructure and tooling
- Mitigate future IT security risk
- To manage own professional and self-development
- Identify security risks and vulnerabilities, analyse impact thereof and engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, as well as to drive and monitor the implementation thereof in order to mitigate, remediate security vulnerabilities.
- Provide guidance with regard to the design and implementation of software components in support of building an advanced security posture.
- Proactively broaden knowledge in the area of application security and apply new knowledge and skills.
- Participate in application security audits through the provision of relevant information.
- Participate in information technology (IT) security projects as the application security Subject Matter
- Expert (SME) ensuring compliance during each stage of the project development life cycle.
- Identify security risks and vulnerabilities, engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, and drive and monitor the implementation thereof in order to mitigate, remediate security vulnerabilities.
- Engage with the larger security community to acquire new information and adopt new security capabilities within the LHC solution delivery environment.
- Identify and implement opportunities for integration and consolidation, while ensuring the optimal use of security best practice with the development of new solutions.
- Develop and maintain secure system development life cycle (SDLC) procedures and standards.
- Manage the Security Major Incident Response Procedures, during a security breach, for the designated business application support area:
- Cloud Security – IAM, NSG, ASG, ID Federation, VPN’s, IPSec
- Cloud Security – Policies, controls, procedures and technologies
- WAF Implementations
- OWASP top 10 mitigation approaches – Service based environments e.g. REST
- Mastery of Linux/Mac/Windows operating systems
- Network/Wireless Penetration Testing
- Ability to understand and modify code in a diverse range of programming languages and frameworks – OO Programming concepts
- Proficiency in cryptographic protocols and cipher suites
- Thorough understanding of network protocols, data on the wire, and covert channels
Source code reviews. - Experience with penetration testing methodology and standards
- Deep understanding of Secure SDLC
- Present periodic reports and analytics pertaining to the security landscape surrounding the designated business applications.
QUALIFICATIONS ,SKILLS AND EXPERIENCE REQUIREMENTS
- 6 Years IT Experience
- 5 Years’ experience in Information Security
- Undergraduate or masters’ degree preferably in one of the following areas Business Management, Information Systems, Computer Science, Engineering, and other related majors
- And /or technical experience working within large IT type environments
- 5+ Years direct incident response, cyber security red team / pen tester experience
- Certifications such as CEH, OSCP, Application Security
Desired Skills:
- Computer Science
- Application Security
- Business Management
- Information Systems
- Engineering
Desired Work Experience:
- 5 to 10 years Investments, Insurance & Assurance
- 5 to 10 years Systems / Network Administration
Desired Qualification Level:
- Degree