DTICI_Software Product Security_Principal Consultant-T7

Tasks

Cloud & App Security Engineer

No of years’ experience required: 6 to 10 years

Have understanding of Cloud Security & Application Security. Has hands-on experience and is able to drive end to end product security. Also is able to work within a team environment and is able to guide, assist & work towards securing products/Software/applications developed, hosted & operated.

Job Role: You play a key leadership role in assisting software development teams in securely architecting/operating their software applications by aligning to the SE secure software development principles, industry standard methodologies, and compliance and privacy requirements. Interface with application development team to champion and ensure adoption of security standards/best practices and remediate security gaps. Lead Cloud Security domain’s such as (security automation, Container Security, Azure Infrastructure Security). Perform application threat modelling based on STRIDE/DREAD model, use C4 data model architecture to identify the trust boundaries and security gaps to create application risk profile and remediation recommendations. Ability to assess the current processes, identify improvement areas and suggest the technology solutions. Always look for opportunities to optimize, automate and secure the daily workflow. Perform application threat modelling based on STRIDE/DREAD model, use C4 data model architecture to identify the trust boundaries and security gaps to create application risk profile and remediation recommendations. Ability to assess the current processes, identify improvement areas and suggest the technology solutions. Candidate should be from security background with automation skills.

Qualifications

Skills that we are looking for: Solid understanding and experience with securing public cloud deployments and distributed systems using Azure and understanding of security challenges involved in deploying Cloud Applications. Experience with threat model, network security, cryptography, authentication, authorization and RBAC. Performed DevSecOps tool integration, IaaC preferred. Proficient in any one programming language (e.g. Golang, Python,Powershell). Identify security flaws, vulnerabilities and misconfigurations in infrastructure, Cloud including PaaS, IaaS. Perform Container and Kubernetes Security Assessments from build to deployment and Prioritize remediation with guidance. A good knack for automating infrastructure security as much as possible. Knowledge on Web/infrastructure security assessments (pen tests, security checks). Vulnerability discovery and variant hunting. Using the best available and most appropriate methodologies, including threat modeling, penetration testing, security design analysis, fuzzing, SAST and DAST, etc., you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, perform variant hunting looking for larger patterns, conduct qualitative and quantitative analysis over those patterns, and drive solutions upstream in a data-driven, shift-left fashion Expert level knowledge regarding multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references, and others, and the ability to communicate about them to technical and non-technical audiences Knowledge and understanding of Python, Java, SQL, JavaScript, NodeJS, etc. is a huge plus. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10. Ability to do manual source code review, visualize the root cause and deep dive without the automation tools. Experience working and configuring Static application sec

Arbeitsort