• Expertise in security domains:
Experience with secure development lifecycle framework practices
Familiarity with best practices in security related software processes (password protection, authentication methods, secure coding, etc.) and standards (OWASP, NIST, PCI, etc.)
Familiarity with application security tools (SAST, DAST, 3rd party security review, etc.)
• Minimum 3 years of software development related experience
• Higher education in Computer Science, Software Engineering, Information Technology or related domains
• Working experience in a medium / large corporate environment
• Familiarity with different functions within a product team
• Practical knowledge of software technologies and concepts such as:
Front End vs. Back End development
Software related communication and formats (HTTP/S, REST, SOAP, JSON)
Clients (Mobile, Desktop)
• Expertise in security domains such as Checkmarx, Micro Focus Fortify, IBM AppScan
• Proficiency of Python, C++, Mobile (Android / iOS)
• Proficiency of Java, JS, experience as penetration tester
• Working experience in a software company.
• Working experience in a large, geographically dispersed Organizations and decentralized Security Model.
• Security trainings and certifications:
CCSK, CCSP, CEH, CISA,
CSSLP, CISSP, CISM, OSCE/P
• Familiarity with OS and DB hardening procedures (Win Server / CentOS / RHEL / Oracle)
• Familiarity with cloud environments (AWS / Azure)
• Cooperate with other teams within Global Security group to achieve mutual goals
• Evangelize security within company and be an advocate for customer trust
• Represent the security group and form working relations with development teams to promote all Global Security group’s teams.
• Provide security controls and threat modeling for a product architecture and its underlying development environment and production environment in relation to AAA (Authentication, Authorization and Accountability) and CIA (Confidentiality, Integrity and Availability).
• Assess the security of in-house developed applications (both corporate facing and customer facing) through design reviews, code reviews, static analysis and penetration testing (either in-house or by external vendor) and assist other team members to perfect their skills in these activities.
• Evaluate surrounding aspects of the application security such as production administration, CI/CD processes, secret management, monitoring for security events.