Information Security Engineer - DevSecOps & Validation

Responsibilities

In this role in the DevSecOps Validation Function (under the TechOps group), you will partake in all aspects related to the development and implementation of the Vulnerability Management Program for the organization in which you will handle initiatives such as, but not limited to, Secure Software Development Lifecycle (SSDLC), DevSecOps practices, vulnerability assessments and

penetration testing of infrastructure, mobile and applications as well as reporting and driving closure of vulnerabilities in coordination with relevant stakeholders

You will keep abreast with the latest events pertaining to the Global Cyber Security Threat landscape so as to consider critical Cyber Security stack upgrades for the organization on priority and closely work with Security Engineering to pilot, shortlist and implement the required tools to meet the Cyber Security objectives from a DevSecOps Validation standpoint

You will review and sign-off on all relevant IT and IoT changes and/or exception requests with respect to the organization s Vulnerability Management posture and manage exceptions to the same where applicable

You will track and extend / revoke exceptions in a timely manner so as to ensure exceptions are only utilized on a business-need-to-have basis

You will ensure control coverage and effectiveness in all solution rollouts in a systematic fashion

You will monitor the Vulnerability posture of the organization and report to the relevant stakeholders as needed

Knowledge expectations

You come with up to 5 years of working experience in Information Security

You come with a strong knowledge and implementation experience in various areas of vulnerability management such as, but not limited to, tiered application architectures, web applications, APIs, mobile applications, end-to-end application development lifecycle, Secure Software Development Lifecycle (SSDLC), DevSecOps practices, infrastructure, mobile and application vulnerability assessments and penetration testing, Common Vulnerabilities and Exposures (CVEs), OWASP Top 10 vulnerabilities, Application Security Verification Standards, MITRE ATTCK Framework, SAST, DAST, IAST, Red Team etc.

You have hands-on experience of various tools such as Qualys, Rapid7, SAST, DAST, IAST capabilities from industry leading security vendors (e.g.: GitHub, Micro Focus, Checkmarx, Veracode etc.), Synopsys Coverity, Synopsys Black Duck, GitGuardian, Nmap, Nessus, Wireshark, Burp Suite, Metasploit, Kali Linux, John The Ripper, Aircrack etc.

You have hands on experience in software languages such as, but not limited to, Python, GoLang, Perl, Shell, Power Shell, .NET, C, C++, Java, JavaScript, SQL Scripting, PHP etc.

You have a wide array of knowledge and implementation experience in the following areas, such as but not limited to application of Security to Systems, Storage, Compute, Cloud, Networks, Virtualization, Software and OT.

Required education and certifications

You are an Engineering graduate, have an equivalent or higher education

You have acquired one or more of the following certifications - OSCP, CEH etc.