Patrianna is a super fast-growing product development company, headquartered in Gibraltar with colleagues around the world.
We are looking for exceptional, smart talent striving to be number one. Motivated and capable of scaling up business functions at pace through domain expertise and a desire to continuously improve and grow with the company.
Key responsibilities — what you’ll be doing:
- Advise the application security leadership on best practices and standards around application security tools with main focus to unify vulnerability reporting, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, and free from security defects, by design
- Assess security tools currently used within the various business Software Development Life Cycle processes to identify business requirements, and rationalize the tools set
- Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
- Draft documentations for the Secure-SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers ensuring the style is palatable and easy to navigate
- Assess impact of new publications from the security industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the company’s AppSec programs
- Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency, and effectiveness of current processes, etc.
- Standardize code weakness analysis processes
- Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Security
Candidate specification — What we’d like to see from you:
- 5 years+ DevSecOps and Secure-SDLC work experience
- DevSecOps automation, or similar is preferred
- Post-secondary education or equivalent experience as a DevSecOps Engineer
- Develop/enhance and implement the Secure-SDLC framework
- Design, implement, and rollout DevSecOps automations and tool chain
- Implement sensors to collect data on key metrics for statistics and reporting
- Serve as the subject matter expert in Secure-SDLC and DevSecOps
- Advise on the processes and standards that are designed to implement a company’s Application Development Security Policy
- Experience in designing Secure-SDLC processes and relevant tooling to support the processes
- Experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.
- Technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.
- Proactive, positive, team player, problem solver
- Highly competitive salary, based on experience and capabilities
- 30 days off per year + bank holidays
- Regular team social events
- Summer and winter global gathering
- Plus the opportunity to join a fast-growing business where the sky’s the limit.