Application Security Managing Consultant (DevSecOps).docx

6 سبتمبر، 2022

0 8 2 دقائق

الوصف الوظيفي

Introduction
Threat Intelligence competency helps to lead the growth and management of all facets of the business, primarily by using this global position and perspective to assist the local geographies. This requires demonstrating thought leadership, sales leadership and delivery leadership in the core security domains: End-to-End Security Solutions, Networking, Software Defined Security, Infrastructure, Security Operations, and Threat Intelligence Security. Must be willing to travel 50 – 75% which includes international travel.
Your Role and Responsibilities
In this role you will perform application security assessments, code reviews, Software Development Life Cycle (SDLC) and DevSecOps security consulting in a customer environment. You will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process, and you will be a resource for the client in establishing and expanding the base of client knowledge in application security.

Projects May Include

Performing application Threat Modeling using STRIDE, Attack Trees, PASTA or VAST.
Working with DevSecOps toolset,
Implementing automated security testing in the CI/CD pipeline,
Design and implement DevSecOps architecture,
Establishing DevSecOps and “Secure by Design” processes.
Performing application security risk assessments.
Creating gap analysis and client improvement program recommendation.

Candidates Must Have Core Professional, Consulting And Leadership Skills

The ability to lead and facilitate discussion with large groups.
Demonstrated business writing and presentation skills.
Comfortable working in a project based, client serving model.
Ability to work in a matrix management model.

Required Technical and Professional Expertise
A successful candidate will likely possess a minimum of 7 years’ experience in some or all of these qualifications:

Experience with threat modeling and security risk assessment,
Experience with DevSecOps toolset and architecture,
Experience in Cloud Platforms including Azure, AWS and GCP,
Deep understanding in Application vulnerabilities,
Experience with DevSecOps and Secure by Design programs,
Experience with OWASP tools and methodologies,
Knowledge in application development and coding in modern languages,
Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint).
Experience with static analysis tools (e.g., Appscan, SNYK, Veracode, Fortify).

Preferred Technical and Professional Expertise