Cyber Security Software Engineer - CI/CD - IAM - Triage security - Prisma - GCP - SAST - GitHub
Posted on Apr 25, 2021 by Nexere Consulting Limited
Cyber Security Software Engineer is required to work on a 6 monthly rolling contract covering projects across Benelux & DACH region(s). The Cyber Security Software Engineer will have at least 8 years experience of working across multinational projects within a Cyber Security software engineering team. Consultants from a Telecom, Manufacturing, Retail background will be highly advantageous. This role is more of a coaching/facilitating role rather than a doing role.
The ideal candidate will:
- Work with Engineering Domain Manager/PEMs to identify ways of working with cyber security activities, IT Control Objectives and risk. (ex. visualization, EDM, PEM and EM review expectations).
- Be ready to help teams work with and prioritize with security findings.
- Assist with finding owners and a path forward for cross-team security issues.
- Identify when escalation is needed to address systemic issues.
- Experience helping teams assess security posture and assisting in prioritizing next steps.
- (For a short time until we have a system set up): Keeping track of which activities are necessary for a team and helping them to coordinating the setup of target, relevant activities.
- Cyber Engineer for Software Engineering
- Knowledge of Agile development strategies (ex. Lean, Kanban, Scrum, etc.)
- Experience with GitHub and working knowledge of gitflow
- Threat modelling experience with a variety of methodologies and willingness to adapt approach
- Experience automating security scanning into CI/CD pipelines (experience with GitHub actions and/or CloudBuild preferred)
- Experience triaging security scan results (secrets scanning, SAST (Polaris), SCA (Blackduck), cloud configuration (Prisma), Container and IAM scanning (Twistlock)
- Experience with securing cloud resources (experience with GCP preferred)
- Software security specific knowledge:
- Secrets management
- IAM (OAuth2, AD)
- API (endpoint) management
- Knowledge of different security considerations for applications that run in:
- Containers (Kubernetes, Openshift, AppEngine)