Can you talk to developers and work with teams to ensure the SDLC is secure? Can you do secure code reviews or use SAST tools? If you want to be a crucial part of a Cyber team that are constantly evolving then please read on.
The Role: Working with a highly technical and very innovative environment, you'll be joining a team that provides security services to a wider group, within an enterprise. The role will be working closely with engineers and developers, using agile methodologies to build innovative digital assets.
You will be working with various tools, standards and processes using both devsecops and traditional development to assist in the building things securely.
As an Applications Security Specialist, you will play a critical role in supporting a Secure Development Lifecycle (SDLC) and embedding a great security development culture into development teams. This will include creating a culture of security awareness within the broader digital teams, creating and maintaining the necessary cybersecurity standards, end to end consulting engagement, security CI/CD tools integration through to SAST Scanning, vulnerability review with CVSS and developer secure coding education.
As a big part of the role you will be educating and creating a culture of security awareness with the technology teams and the wider business. Setting standards. Understanding tools. Implementing change. And presenting to teams.
You will need to understand how to talk to developers and engineers to do this role effectively.
Experience Required:
To be successful in this role, you have proven experience in a similar role where you have performed security code reviews manually and/or with code scanning tools like Snyk or Checkmarx, and you have exposure to multiple security domains.
- SAST/DAST application vulnerability scanning tools into DevOps CI/CD pipelines
- Interpreting code vulnerability assessments with tools like Checkmarx/Synk, cxSAST and classifying vulnerabilities with CVSS
- Security related to cloud-based technologies, especially MS Azure, Google and Amazon AWS
- Solid understanding of core cyber security principles associated with all levels of the OSI stack, including OS, DB, Hypervisor, Application, Cloud, Web Application and e-commerce architectures.
- Confidence and experience investigating code-level vulnerabilities in programming languages including Java, C#, javascript, Python, Swift and Objective-C
This is a great chance to join a business currently booming and growing through a cyber security transformation within the digital space.
To get more information please contact cwhyte@decipherbureau.com