IT​/Tech, Cybersecurity

Position: JOB-6671

Job Description

POSITION SUMMARY

Lead product and engineering teams through adoption of Dev Sec Ops principles to identify and remediate vulnerabilities, promote knowledge and train on secure development practices, drive ongoing improvements in security practices, and foster a community of cybersecurity awareness. Partner with technology and cybersecurity leadership to identify and implement initiatives to improve security practices. Responsible for collaboration with product and development teams to ensure identification and remediation of vulnerabilities and implementation of new cyber practices including the completion of security-related training.

Deliver periodic updates to varying levels of leadership to raise visibility to ongoing cyber risk and progress towards adoption of cyber practices. Drive a community of security awareness by coordinating with security champions across the development teams, to review and share best practices and areas of opportunity.

ESSENTIAL JOB FUNCTIONS

Leads interactive activities on cyber best practices and coaching of stakeholders across product and development teams and within the security organization

Identifies and promotes security best practices and controls across the organization

Designs, builds and defends scalable, secure, and robust secure engineering processes program

Leverage various CI/CD pipelines and tools to identify, assess, and advise on the remediate of vulnerabilities

Reviews periodic vulnerability scans and works on creating reports that will communicate the result to leadership

Key Responsibilities

MINIMUM POSITION QUALIFICATIONS

5+ years of experience in an IT development / Dev Ops role or related fields with working knowledge of Java, Node Js, GoLang, .Net

Strong communication, presentation skills with experience working with varying levels of technical and business leadership

Experience with CI/CD pipelines and ALM tools necessary to conduct vulnerability scans, curate results, identify risk, and facilitate remediation

Be able to speak to containerization and virtualization and orchestration. Working with Terraform, Kubernetes, and Docker or alternatives like Podman to guide teams to best practice

Cloud certifications Azure Security Engineer, Azure Solutions Architect, Azure Administrator, or like in GCP or AWS

Reporting, Excel, Business Intelligence platform experience

Understanding of controlled data and compliance requirements related to pci-dss, hipaa, sox, ccpa / gdpr