Senior DevOps Security Engineer

Full-time

Confidential

  • Strong global presence|Good Career Advancement

About Our Client

Global Banking Shared Services with a Tech Hub in leading technologies among the banking sectors in the world.

Job Description

Reporting to the Global Head of Application and Cyber Risk - Capital Markets IT Risk, DevOps Security Engineer will provide technical leadership and execution in the area of cyber and application security services for the business and development teams. You will act as the subject matter expert to application developers and executives in terms of cyber and application security best practices, tools, processes and landscapes.

Responsibilities

You would also provide technical input on current, interim and target state Application Security roadmap and be part of the exciting project management team to execute various Cyber and Application Security projects to introduce and enhance application security capabilities. PRIMARY RESPONSIBILITIES:

  • Further secure our applications by investigating threats and assist development teams to quickly and easily develop new, secure code.
  • Triage and resolve security vulnerabilities in the application layer and work with engineering teams to find and implement solutions
  • Participate in and lead a range of application security activities from Business-as-usual (BAU) application security assessments to organizational changing project enhancements.
  • Lead application security assessments using static analysis (SAST) and third party scanning techniques; including the use of on premise security testing tools and vendor services.
  • Develop, build, implement and support automated integration solutions for tools in scope of DevOps and Automation.
  • Ensure applications are thoroughly security tested using industry best practices prior to promotion to production.
  • Research and keep up to date of application security emerging threats /technologies/trends.
  • Influence and steer the direction of QTS Application Security Roadmap.
  • Conduct application design reviews and guide engineers in building secure microservices that are in-line with our best practices and architecture Educate key organizational stakeholders (e.g. developers, security consultants, executives) on application security matters and impacts on the organization.

Authorities, Impact, Risk

  • Effectively advising teams/projects ongoing and successfully coaching aspiring technical experts.
  • Manage and deliver risk programs and initiatives.
  • Solid understanding of key risks and the adequacy of the controls in place.
  • Ability to deal with ambiguity and work within a maturing IT Risk Framework

Key Relationships

  • Thrive on the challenge to be our best, progressive thinking to keep growing, and working to deliver trusted advice to help our clients thrive and communities prosper.
  • We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
  • Ability to make a difference and lasting impact

Working Conditions, Compliance

  • Work in a dynamic, collaborative, progressive, and high-performing team
  • Flexible work/life balance options
  • Opportunities to do challenging work

The Successful Applicant

Required

EDUCATION AND/OR EXPERIENCE:

  • 2-5 years of demonstrated application development experience in modern programming languages (e.g. Java, .NET, C/C++, JavaScript, JQL, LINUX Shell Script, VB Script, HTML, SQL scripting, Python, Groovy)
  • Must have the desire and willingness to learn/focus in the field of application security.
  • Strong understanding of web and mobile application architecture and development principles.
  • Exposure to application security best practices such as secure coding, security testing techniques.
  • Technical experience with either: SVN, MS TFS, Jenkins, GitHub, UCD, JMeter, CONFORMIQ, SonarQube, SoapUI, Docker, Nexus.
  • Strong communication and organizational skills, ability to multitask and manage time effectively.

Preferred

  • CISSP, CSSLP, CEH, GWAPT, GSSP certifications an asset.
  • Knowledge of OWASP, SANS or other security-related practices.
  • Hands on application security assessment experience using BlackDuck/Sonatype NexusIQ, IBM AppScan, Web Inspect, Burp Suite, HPFortify or other security assessment tools.
  • Understanding of Financial Regulatory and Industry requirements. Understanding of risk frameworks (NIST, CoBIT, ISO)

Competencies

Behavioural

  • Act as IT Risk SME for governance committees to direct and suggest approval for program/project decisions.
  • Design, Build, and operate Controls that will effectively help manage IT & Business Risk.
  • Non- IT risk generic skills such as project management, service delivery.

Technical

  • Proficient in Technology & Cyber Risk domains with good understanding of RBC tool sets and ability to identify process effectiveness and gaps in pre-existing processes.
  • Sound knowledge in one or more of tech and cyber risk disciplines e.g. Data Management, Service Continuity Management, Supplier/Third Party Management, Privacy etc.
  • Diversified and practical experience across all relevant technology risk subjects (i.e.: App Security, Controls Testing, Infrastructure, Risk & Compliance, Regulatory landscape etc.).

What's on Offer

Hybrid working model

Contact: Isaac Culas

Quote job ref: JN-042024-6386934 Github, .NET, gwapt , Groovy, Svn, Html, Jmeter, Javascript, Docker, Ibm Appscan, Sonarqube, Cissp, Nexus, Python, Java, Ceh, Soapui, Sql Scripting, Jenkins, SANS, Burp Suite, Ucd, Owasp, Vb Script, Csslp
Vacancy posted 8 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior DevOps Security Engineer. Be the first to apply!

subscribeToSimilarBanner
Sign up to access all features of our service
  • Job search
  • Favorites
  • Create a CV
    New
  • Subscriptions