Key skills
AWSAzureCloudDockerGoogle Cloud PlatformKubernetesSDLCTerraformGCPGoogle CloudCI/CDCollaboration
About this role
Role Overview
- Define and implement security strategies for applications
- Collaborate with development teams to integrate security practices from the beginning of the software development lifecycle
- Conduct architecture, code, and design reviews to identify potential vulnerabilities and security issues
- Develop and promote security standards and best practices across the development team
- Security Champion
- Provide technical guidance and security training to development teams
- Be familiar with tools for automated quality validation in the CI/CD pipeline such as SAST, DAST, SCA and Secret Scanning
- Monitor trends and developments in security threats and continuously update protective measures
- Develop creative solutions to complex security problems that balance business needs and risks
- Use your security experience and intuition to hunt for threats in corporate and production environments
- Define security architectural standards, together with Engineering and Product teams, to be used in the construction and operation of the systems we build
- Ability to create plans that define an architectural standard for new systems and include a viable technical roadmap for migrating legacy systems
- Identify vulnerabilities and assess their associated risk levels, helping to prevent attacks
- Participate in security incident analysis and response, driving continuous improvement of our processes and practices
- Provide training, awareness and collaboration with development teams to adopt secure programming practices and software architectural patterns
Requirements
- Bachelor's degree.
- Solid experience in AppSec/DevSecOps, integrating security into the SDLC (Shift Left) in partnership with development, engineering and product teams.
- Proficiency in securing the CI/CD pipeline using tools such as SAST, DAST, SCA and Secret Scanning, including defining automated gates/controls.
- Ability to review architecture, design and code, identify and classify vulnerabilities by risk, and support mitigation (including participation in incident response when necessary).
PREFERRED:
- Experience with Threat Modeling and defining security architectural standards (references/blueprints) for new systems.
- Experience with cloud, containers and IaC (e.g., AWS/Azure/GCP, Docker/Kubernetes, Terraform) and their security controls.
- Experience acting as a Security Champion (or similar program), delivering ongoing training and awareness for engineering teams.
Tech Stack
- AWS
- Azure
- Cloud
- Docker
- Google Cloud Platform
- Kubernetes
- SDLC
- Terraform
Benefits
- Equal opportunity
- Safe, respectful and welcoming environment