Principal Security Implementation Lead
Posted on Dec 31, 2021 by Request Technology - Robyn Honquest
PRINCIPAL, SECURITY IMPLEMENTATION LEAD
Looking for a Security Implementation Lead. You will be analysing, triaging, solutioning vulnerabilities, identified via Black Duck and Veracode Scanning.
*Open to sponsorship must have at least two years left
*Hybrid 2 days in office 3 days remote
What we Offer:
- A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
- A hybrid work environment, up to 3 days per week of remote work
- Tuition Reimbursement to support your continued education
- Student Loan Repayment Assistance
- Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
- Generous PTO and Parental leave
- Competitive health benefits including medical, dental and vision
What You'll Do
- As a Principal, Security Implementation Lead you will be part of a team responsible for analysing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities with respect to The OCC environment.
- To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
- Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
- Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
- Report to senior management on status, next steps, risks, dependencies
- Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
- Interacting with project teams to seek implementation and completion of security requirements
- Documenting processes based on established guidelines
- Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (eg authentication)
- Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
- Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
- Other job-related duties as assigned.
- Understanding of Kanban and/or Agile methodologies.
- Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
- Self-starter - takes the initiative to research, learn and deliver. Anticipates the play.
- Team player - humble, collaborative, and focused on making sure the entire team succeeds.
- Familiarity with common software vulnerabilities (eg OWASP Top 10) and their remediation
- Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
- Ability to follow established processes
- Ability to juggle several high visibility projects
- Ability to read code in mainstream programming languages such as Python, C#, Java
- Knowledge and experience with Security scanning tools such as Black Duck and Veracode
- Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
- Knowledge of Product Owner role. Product Owner certification is a plus.
- Practicing Knowledge of Kanban/Scrum team mechanics with hands-on experience
- Certification of some type of Project/Program management is a plus.
- A total experience in technology and security landscape for 11 to 15 years is required.