Application Security Managing Consultant (DevSecOps).docx
Application Security Managing Consultant (DevSecOps).docx
الوصف الوظيفي
Introduction
Threat Intelligence competency helps to lead the growth and management of all facets of the business, primarily by using this global position and perspective to assist the local geographies. This requires demonstrating thought leadership, sales leadership and delivery leadership in the core security domains: End-to-End Security Solutions, Networking, Software Defined Security, Infrastructure, Security Operations, and Threat Intelligence Security. Must be willing to travel 50 – 75% which includes international travel.
Your Role and Responsibilities
In this role you will perform application security assessments, code reviews, Software Development Life Cycle (SDLC) and DevSecOps security consulting in a customer environment. You will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process, and you will be a resource for the client in establishing and expanding the base of client knowledge in application security.
Projects May Include
- Performing application Threat Modeling using STRIDE, Attack Trees, PASTA or VAST.
- Working with DevSecOps toolset,
- Implementing automated security testing in the CI/CD pipeline,
- Design and implement DevSecOps architecture,
- Establishing DevSecOps and “Secure by Design” processes.
- Performing application security risk assessments.
- Creating gap analysis and client improvement program recommendation.
Candidates Must Have Core Professional, Consulting And Leadership Skills
- The ability to lead and facilitate discussion with large groups.
- Demonstrated business writing and presentation skills.
- Comfortable working in a project based, client serving model.
- Ability to work in a matrix management model.
Required Technical and Professional Expertise
A successful candidate will likely possess a minimum of 7 years’ experience in some or all of these qualifications:
- Experience with threat modeling and security risk assessment,
- Experience with DevSecOps toolset and architecture,
- Experience in Cloud Platforms including Azure, AWS and GCP,
- Deep understanding in Application vulnerabilities,
- Experience with DevSecOps and Secure by Design programs,
- Experience with OWASP tools and methodologies,
- Knowledge in application development and coding in modern languages,
- Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint).
- Experience with static analysis tools (e.g., Appscan, SNYK, Veracode, Fortify).
Preferred Technical and Professional Expertise
- Certification, including DevSecOps Engineering certification from DevOps Institute or DevSecOps Professional from Practical DevSecOps preferred
الوصف الوظيفي
تفاصيل الوظيفة
- منطقة الوظيفة
- الدوحة, قطر
- قطاع الشركة
- خدمات الدعم التجاري الأخرى
- طبيعة عمل الشركة
- غير محدد
- نوع التوظيف
- غير محدد
- الراتب الشهري
- غير محدد
- عدد الوظائف الشاغرة
- غير محدد