Application Security Engineer (DevSecOps)
Our clients are faced with external pressures on an unprecedented scale. The ability to translate strategy into reality is key to their enhanced business performance. As an advisory professional, you will be focused on helping them achieve this goal.
Your key responsibilities:
As an Application Security Engineer, you will assist our clients with defining, rolling out and implementing DevSecOps within their processes, teams and tooling. This is a role where you will aim to embed security in every part of the development process, leveraging automated tools and workflows within the CI/CD release process.
Skills and attributes for success:
- Define DevSecOps implementation strategies tailored to the client’s needs, engaging with the various takeholders
- Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments
- Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in their applications
- Perform source code reviews using SAST
- Assist with implementing and designing automated security checks within the CI/CD
- Analyze penetration testing reports and provide a mitigation strategy to prevent the issue from occurring in the first place (left shifting)
- Consistently deliver quality client services and manage expectations of client service delivery.
- Drive high-quality work products within expected timeframes and on budget.
- Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.
- Stay abreast of current business and industry trends relevant to the client's business.
- Develop and maintain long-term relationships and networks with clients and internal stakeholders
- Demonstrate deep technical capabilities and professional knowledge.
- Possess in depth business acumen and demonstrate ability to quickly assimilate to new knowledge.
- Review and Assess controls associated with Operational Technologies and IoT (Internet of Things) security
- Remain current on new developments in advisory services capabilities and industry knowledge.
To qualify for the role you must have:
- A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent
- Have at least one year of relevant working experience in a release management or development job
- Knowledge in application security testing
- Knowledge in understanding of Agile, Waterfall, DevOps, infrastructure as code
- Able to program or script
- Strong interest in the field of information security
- Creative, independent with good problem-solving skills
- Strong analytical, interpersonal, communication and writing skills
- Willingness to travel on overseas assignment as the need arises
Ideally, you’ll also have:
- Professional certifications such as CSSLP, SCRUM, Fortify Certification
- Experience with cloud platforms such as AWS, Azure or OpenShift
What we look for:
Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. An effective communicator, you’ll be a confident team player that collaborates with people from various teams while looking to develop your career in a dynamic organization.