- Strong global presence|Good Career Advancement
- Further secure our applications by investigating threats and assist development teams to quickly and easily develop new, secure code.
- Triage and resolve security vulnerabilities in the application layer and work with engineering teams to find and implement solutions
- Participate in and lead a range of application security activities from Business-as-usual (BAU) application security assessments to organizational changing project enhancements.
- Lead application security assessments using static analysis (SAST) and third party scanning techniques; including the use of on premise security testing tools and vendor services.
- Develop, build, implement and support automated integration solutions for tools in scope of DevOps and Automation.
- Ensure applications are thoroughly security tested using industry best practices prior to promotion to production.
- Research and keep up to date of application security emerging threats /technologies/trends.
- Influence and steer the direction of QTS Application Security Roadmap.
- Conduct application design reviews and guide engineers in building secure microservices that are in-line with our best practices and architecture Educate key organizational stakeholders (e.g. developers, security consultants, executives) on application security matters and impacts on the organization.
- Effectively advising teams/projects ongoing and successfully coaching aspiring technical experts.
- Manage and deliver risk programs and initiatives.
- Solid understanding of key risks and the adequacy of the controls in place.
- Ability to deal with ambiguity and work within a maturing IT Risk Framework
- Thrive on the challenge to be our best, progressive thinking to keep growing, and working to deliver trusted advice to help our clients thrive and communities prosper.
- We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
- Ability to make a difference and lasting impact
- Work in a dynamic, collaborative, progressive, and high-performing team
- Flexible work/life balance options
- Opportunities to do challenging work
- 2-5 years of demonstrated application development experience in modern programming languages (e.g. Java, .NET, C/C++, JavaScript, JQL, LINUX Shell Script, VB Script, HTML, SQL scripting, Python, Groovy)
- Must have the desire and willingness to learn/focus in the field of application security.
- Strong understanding of web and mobile application architecture and development principles.
- Exposure to application security best practices such as secure coding, security testing techniques.
- Technical experience with either: SVN, MS TFS, Jenkins, GitHub, UCD, JMeter, CONFORMIQ, SonarQube, SoapUI, Docker, Nexus.
- Strong communication and organizational skills, ability to multitask and manage time effectively.
- CISSP, CSSLP, CEH, GWAPT, GSSP certifications an asset.
- Knowledge of OWASP, SANS or other security-related practices.
- Hands on application security assessment experience using BlackDuck/Sonatype NexusIQ, IBM AppScan, Web Inspect, Burp Suite, HPFortify or other security assessment tools.
- Understanding of Financial Regulatory and Industry requirements. Understanding of risk frameworks (NIST, CoBIT, ISO)
- Act as IT Risk SME for governance committees to direct and suggest approval for program/project decisions.
- Design, Build, and operate Controls that will effectively help manage IT & Business Risk.
- Non- IT risk generic skills such as project management, service delivery.
- Proficient in Technology & Cyber Risk domains with good understanding of RBC tool sets and ability to identify process effectiveness and gaps in pre-existing processes.
- Sound knowledge in one or more of tech and cyber risk disciplines e.g. Data Management, Service Continuity Management, Supplier/Third Party Management, Privacy etc.
- Diversified and practical experience across all relevant technology risk subjects (i.e.: App Security, Controls Testing, Infrastructure, Risk & Compliance, Regulatory landscape etc.).
Vacancy posted 8 days ago
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior DevOps Security Engineer. Be the first to apply!