Responsibilities:
- Drive tailored SDL practice into specific engineering.
- Consult architect on security requirements and utilize best practices to meet them.
- Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction.
- Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions.
- Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.
- Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS.
- Help prepare reports at appropriate levels of confidentiality for stakeholders to view.
- Responding promptly and in detail to customer-sponsored penetration tests.
- Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs.
- Build automation around testing tools and techniques.
- Tailor communication to a variety of audiences and perspectives and anticipates issues to prevent conflict.
- Work with the Product teams and Cloud Infrastructure and Platform teams to lead initiatives and develop and build security utilities and tools.
- Translate Standards and Regulatory based controls to Engineers do they understand what needs to be done.
- Build and maintain a robust infrastructure/platform/product security roadmap to meet customer demands and regulatory mandates.
Required Qualifications:
- Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or 4 years of equivalent experience.
- 3+ years of experience in application/product security in a cloud environment.
- Strong knowledge of CI/CD and automation tools (Chef, Git, Jenkins) and Infrastructure/Security as Code.
- Strong knowledge of Identity management and identity federation (SAML, Oauth).
- Strong knowledge of virtual infrastructure and containerization technologies.
- Experience designing and implementing security controls in cloud platforms such as AWS, Azure and alike.
- Must be available for on call for potential security response.
- Experience with the application of risk identification and evaluation techniques.
- Experience with broad set of information security technologies and processes within an IaaS, PaaS, and SaaS.
Preferred Qualifications:
- A Master's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math).
- Contribute to and lead discussions and communications within the team and outside, including customers and other business units.
- Partner with product owners in requirement gathering and vetting.
- Foster a collaborative and cooperative team environment, encouraging input and participation from all members.
- Significant experience in cryptography, network security or systems security.
- Distributed computing, clusters, virtualization, high availability, load balancing.
- Experience in embedded (Edge compute) security, IoT Security and Operational Technology (OT) security.
- Experience in large enterprise and cloud environments.
- Skilled at explaining complex technical issues in terms understandable by the business.
- Excellent written and verbal communication skills, especially experience with executive-level communications.
- Experience with web-based applications and/or web services-based applications, especially at massive scale.
Travel: Occasional travel is required (COVID pending)
Company Reg. No.: 201131609D | Licence No.: 11C4684 | EA Reg No.: R 1440978