Job Abstract

• Acquire and interpret business requirements and functional specifications to create security non-functional requirements.
• Work with the security architects to validate potential architectures through techniques like threat modeling.
• Maintain knowledge of best security practices through training, research, involvement with local IT security groups, and collaboration with internal cybersecurity teams.
• Identify areas for improvement by recommending the use of reusable code libraries introduced in standard build/deploy pipelines.
• Assist development teams in updating the CMDB records to reflect current state.
• Validate that OS, middleware, and images are being scanned for vulnerabilities at regular intervals and any reported vulnerabilities are tied back to the appropriate application(s).
• Work with development and QA teams to ensure the use of secure coding practices and verification methods.
• Work with dev-ops teams and engineers to integrate security solutions into continuous delivery frameworks.
• Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.
• Work with delivery teams and product owners to reduce application security risks by assisting with code remediation before production delivery.

• Work with architects and developers to design optimal security practices when developing new application functionality.

• Support and maintain automated application security testing within the devops pipelines.
• Provide input in updating security standards on an annual basis.

Ensure that all applications are using effective security monitoring, and work with the endpoint security team to test configurations.