Organization Unit Purpose: The unit\xe2\x80\x99s primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber/ information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.
Responsibilities
Primary/General Job Purpose:
Encourage \xe2\x80\x98Shift Left\xe2\x80\x99 Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
Assessments \xe2\x80\x93 Act as a DecSecOps engineer to Perform security assessment, gap analysis to provide appropriate remediations to the teams for implementing the
Key Skills \xe2\x80\x93Container Security, Machine Learning and Analytics Security Review, Security Code review, API security, Platform security for open-source technologies for Platform as a Service technologies, Python / R knowledge.
Qualifications
Security Assessment Skillset:
Machine Learning security assessment skillsets \xe2\x80\x93 Code review for Python based code and sound knowledge on Machine learning and AI using python.
Good understanding of Keras, Tensorflow and other AI related frameworks.
Excellent knowledge of embedding security into CI/CD pipelines using Jenkins, Argo CD.
Excellent with docker / K8s based containers.
Should have minimum experience of 2 years in managing security for Onpremises Kubernetes cluster. Knowledge on Cloud K8S clusters would be an added advantage.
Good with Security assessment for big data platform \xe2\x80\x93 Cloudera platform.
Should have hands-on experience in security review of queue management systems such as Kafka.
Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
Holistic thinking; must balance security and functionality using practical demonstrable examples.
Must also contribute to and implement \xe2\x80\x9cgood architecture principles\xe2\x80\x9d to lower technical debt.
Assertive personality; should be able to hold her/his own in a project board or work group setting.
Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
Ability to work under pressure and meet tough/challenging deadlines.
Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.
Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint.
Has strong decision making, planning and time management skills.
Can work independently.
Has a positive and constructive attitude.
Experience : 3-8 years
Education
Bachelor\xe2\x80\x99s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar.
GeneralInformationSecurity: CISSP, OSCP, CEH, CISM/CISA or similar
General Cloud Security: CCSK /CCSP or similar
Kubernetes Security: CKA / CKS
SpecificCloudSecurity: AWS/Azure/GCP/Oracle Solution/Security or similar
Network Security: CCNA, CCNP, CCIE
Must have minimum 4 years of experience in an information security function with good background in information technology, stakeholder management and people management.
Minimum 3 years of experience, as a Security Engineer especially in Cloud Native environments.
Deep foundational knowledge of Containerized environment and CI/CD pipeline.
Expert at the technology and frameworks in his/her area of expertise, and coach other architect on development standards and best practices.
Good understanding of Microservice based architecture (Technical).
Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security.
Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical).
The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
The Analyst / Engineer can understand and interpret potential issues found in source or compiled code.
The Analyst / Engineer has automation skills/capability in the form of scripting or similar.
The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.
Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories.
The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance.
The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.
The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports.
Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team. Good negotiation skills will be desirable.
Must have good judgment skills to decide on an exception approval.
Ability to enforce improvements when necessary, using Influence rather than Policing measures.
Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders.
Knowledge of application of Agile methodologies/principles such as Scrum or Kanban.