The mission of the individual in this role is to leverage their strong understanding of enterprise-level knowledge and/or expert knowledge to mitigate cyber security risk through the protection of container and Function as a Service workload. They will actively work with the business, Digital & Technology, and other partner organizations to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection/monitoring capabilities globally. Leads and executes complex initiatives that drive problem resolution. As a senior member of the team, this individual will work with progressive development teams with a mindset toward being agile and solving problems iteratively.
•Be a broker of security, being able to sell the benefits of security, while being mindful of the needs of development teams all over the world
•Understand the concepts of assessing risk, rather than just saying "No". Be able to find a way to make development teams successful, while still ensuring secure practices
• Configuring, and administrating technologies for our product teams including SAST, DAST, OSA, secrets management, etc...
•Help software development teams to understand, and remediate security findings
•Construct threat models with development teams
•Participate in development team sprint planning to raise awareness of security concerns
•Work with development teams throughout the entire SDLC to ensure code is secure by design, and all the way through production deployment.
•Help identify and educate Security Champions within development groups
•Assist in the development of internal security policies, procedures, and guidelines
•Be able to quickly come up to speed on new and emerging technologies/cloud services, and understand how to establish at least a baseline of security for them
Have well-founded opinions and be willing to express your disagreement when something doesn't pass the 'smell test' for you.
Shape the direction of the program team moving forward. May provide formal supervision to individual employees within single functional or operational area. Recommends staff recruitment, selection, corrective action and termination. Prepares and delivers performance appraisals for staff. Mentors and coaches team members to further develop competencies. Leads by example and models behaviors that are consistent with the company's values.
•Advanced understanding of DevOps practices, and CICD pipelines
• Advanced understanding of application security testing tools for SAST, DAST, OSA, etc.
•Advanced experience with either AWS or Azure
•Strong experience with containers and orchestration platforms (Kubernetes, Mesos, etc.)
•Strong experience with Kubernetes as well as managed deployments such as EKS and AKS
•Strong experience integrating application security into Agile teams
•Strong experience in threat modeling
•Intermediate knowledge of Infrastructure as Code (Terraform, Ansible, etc.)
• Bachelor's degree (BA/BS) in a related field of work
o or equivalent combination of education and experience (equivalent work experience = 2 years of related experience for every year of higher-level education).
• Experience with GCP or AliCloud
• Understanding of modern software development practices