Product Security Lead

ProcessMAP is looking for Product Security Lead who will be responsible for guiding, implementing, monitoring, and managing security principles and best practices across all the products of the business line, as well as working with the Cyber Security team across the business. This role will be an invaluable addition to current and growing Cyber Security arsenal, driving change, and a cyber secure work culture. 

What you will be doing

• Cultivate security culture with your product technology and business colleagues. Products that have the right security culture will strive to prioritize sustainable controls and driving real risk reduction outcomes. Strong technical expertise in threat modelling is required, secure architecture design review, application security and cloud security principles. Embed the following security fundamentals such as threat modelling, solutions architecture, secure code review into agile product development by empowering technology teams to ship secure products faster that are secure from the start. Requires proactive integration into Product meetings for full understanding, and to set security expectations early in the process.
• Know your products across their breadth and depth. Be fluent in your business lines product's strategies and roadmaps as well as its key investment programs. Be aware of how product sits within the overarching strategy, and family portfolio. Identify unfamiliar technology components, capabilities, and business concepts and be self-motivated to learn all about them, applying critical thinking to identify hidden issues along the way. Be a subject matter expert in knowing the cyber risk posture of the entire Products.
• Be your product's security thought leader. Learn from your product and cybersecurity teams and share best practice in both directions. Be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains. Responsibility for adding to the Risk Register where required and following up on these actions. Main point of contact for sales account managers in reference in specific customer queries around security penetration testing, and able to identify and progress solutions.
• Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes.

About You:

• Experience with cloud technologies in high availability environments.
• Reading, interpreting and being able to deliver a business level report of penetration reports.
• Willingness to ask questions / question current practices in search of better solutions.
• Knowledge and experience of cloud architecture/design, security challenges, and solutions.
• Strong project management skills for managing multiple products, testing, and reporting.
• Experience in Network, Windows, and Linux security.
• Basic programming/scripting skills.
• Strong analytical skills.
• Strong communication skills.
• Must be willing to participate in, and be able to pass, a comprehensive background check.
• Experience in Vulnerability Management including configuring, running, and analyzing scans (Nessus preferred).
• Experience in Web Vulnerability Management (OWASP Top 10, CWE Top 25).
• Experience in SIEM configuration, analysis, and reporting.
• Experience with IPS/IDS and Data Loss Prevention tools, configuration, and analysis.
• Experience with threat analysis and reporting.
• Must be able to take occasional customer facing calls to discuss customer requirements including customer audits where needed.
• Participate in tooling requirements and fully integrate business lines into any new tooling processes.
• Understanding of CVEs, and risk priority Desirable skills.
• Community recognized security certificates CEH, CISM, SANS (GSEC, GCIA, GCED, GCIH), CISSP.
• Exposure to or knowledge of compliance standards such as FedRAMP, ISO 27001, SOC2/3, Cyber Essentials, and/or PCI compliance.
• Exposure to or knowledge of DevOps/Agile development methodologies.
• Incident Response/Forensics experience including evidence/artefact preservation.
• Experience integrating security checks and validation into a CI/CD pipeline.
• Amazon AWS experience.
• AWS Certified Security - Specialty.
• Data analytics/reporting experience.
• Penetration Testing experience and understanding of the generated results.
• Experience using Jira.