Security Developer
Description:
Identifies security vulnerabilities, continuously attempting to “break” software & systems; proposes & helps code solutions to cybersecurity problems.
Responsibilities
Designs, develops, and integrates new security features and updates into existing products and ensures security is maintained throughout the product life-cycle
Provides product security engineering recommendations and resolves integration and testing issues
Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities
Promotes security and secure practices and consults non-security experts on all relevant security considerations
Top Skills: 1. GitLab Vulnerability Management (Development of Pipelines, Integrations of Security Scanning Tools i.e. SAST, DAST, Mobile, Secret) 2. Experience with GCP (BigQuery, Cloud Run, GCS, Artifact Registry, Kubernetes) 3. Ability to read and write code (i.e. Python, Node, SQL) to resolve and provide guidance on vulnerability remediation 4. Strong communication (written and verbal) skills and the ability to explain technical concepts to non technical team members 5. Familiarity with Security Governance and Policy Development
Project Description: Strengthening Client's applications vulnerability posture by supporting developers across CXT with remediation of critical vulnerabilities. Work will encompass:
1. Engaging Teams: Providing support and insights on critical and high vulnerabilities through the Application Security Remediation (ASR) procedure. Serving as a subject matter expert for a security champions program and guiding team members through threat modelling processes
2. Development of controls, governance, monitoring of Application Security Processes and defining/writing/implementing security standards for secure development practices across the organization
3. Reporting & Data: Ensuring accurate ownership of GitLab projects and cleaning up attack surface data. We'll also document the vulnerability management procedure with clear governance and a RACI.
4. Tooling & Coverage: Expanding vulnerability coverage with Jira integration, Sonatype scanning, mobile app scanning, and binary scanning. All findings will be visible in real-time dashboards.
5. Upgrading Pipelines: Migrating from the existing compliance pipeline to a new, documented pipeline execution policy