Skills we want to recruit for:
- Technical resources who have Secure designing / development experience
- In depth coding / programming experience and knowledge of main languages needed
- Exposure to application security testing tools (SAST/DAST/IAST) such as Fortify, Contrast etc.
- Executive interaction experience; exposure to driving best practices with key stakeholders.
- Demonstrated ability to drive organizational change and work with multiple business units of a large organization to effect change
GPG Info
- Division: DT-Global Cybersecurity
- Business Unit: GCISO-Cyber Strategy
- Department: GCISO-Business Information Security
- Hiring Initiative: Cyber
- Service Area: 185 – DT-Global Cybersecurity
- FTE: 0901625459
Job Description - Role Responsibilities
As a Analyst within the Business Information Security area, you’ll work closely with both technical and non-technical stakeholders within an assigned line of business or technology enablement area providing the best possible support across a range of application based, risk, and risk mitigation disciplines. Along with having knowledge of industry-accepted best practices, the Analyst is expected to ensure that all applications aligned to their customer adhere to the firm’s internal cybersecurity policies, standards, escalating any non-compliance up to the associated Business Information Security Officer (BISO). Successful candidates should showcase the capability to effectively influence and cultivate relationships with diverse stakeholders.
This role is responsible for overseeing the security posture of all their assigned business/technology area’s applications by ensuring secure coding best practices are defined, understood, and embedded from the start and that all associated development processes have requirements validated via appropriate security evaluations and testing. Other responsibilities will span from monitoring and managing application code vulnerabilities (e.g., penetration testing, code scanning, etc.), patch/configuration vulnerabilities and code quality etc., to identifying areas of opportunity, and defining and driving improvement plans, going as far as contributing to carrying out code updates and promoting focused security releases.
Responsibilities include:
- Serve as a trusted advisor to solution architects, developers, technical risk analysts and others on information security principles, standards, and best practices. Understand the ins and outs of their assigned customers, gain familiarity with priorities and be an advocate for them.
- Playing a leading role in assessing system development practices from a cybersecurity perspective, helping to ensure the work being done by developers reduces the chances of vulnerabilities being introduced.
- Continually review application security vulnerabilities to identify trends and to define ways to address them, such as recurring insecure coding practices etc.
- Oversee and help drive the design and implementation of application security controls in support of compliance requirements using secure design and development methodologies.
- Support the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements.
- Work closely with the internal cybersecurity teams who provide application security testing services (IAST/SAST/DAST) and Application Architecture best practices to ensure communication of aligned work/initiatives are appropriately communicated to their assigned customers.
- Strive for process improvement and automation; help development and operations team build automation for repeatable Cyber related vulnerability management activities.
- Maintain awareness of evolving security threats and inform development, business, and risk stakeholders.
- Provide application-specific security subject matter expertise to their assigned customers.
- Evaluate the likelihood and impact of application vulnerabilities; develop and drive mitigation approaches.
- Lead, coach, and mentor project teams to incorporate security into enterprise and client-facing applications.
Job Description - Qualifications
We value a diverse range of skills and experiences. While proficiency in all listed qualifications is strongly desired, we encourage candidates who may not meet every criteria to still apply, as we believe in the potential for unique perspectives and talents to contribute to our team.
- Knowledge of application security testing tools and techniques (SAST, DAST, IAST etc.) including secure code training products
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST
- Maintains awareness of application security vendor products and evolving technologies
- Experience evaluating the likelihood and impact of application vulnerabilities.
- Experience with Visual Studio Team Services (VSTS), Fortify, Veracode and other security testing tools preferred, including penetrating testing.
- Experience developing and communicating security best practices and roadmap.
- Experience with Agile practices, SCRUM, Microsoft SDL, and STRIDE.
- Familiarity with SOC 2 principles; specifically in application security preferred.
- Solid capabilities across multiple security domains such as identity and access management (IAM), public-key encryption, API management, security information and event management (SIEM), incident response, threat & vulnerability management
- Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32, Cloud Control Matrix (CCM) desired
- Ability to create technical solution documentation quickly and succinctly.
- Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.).
- Excellent communication, listening and facilitation skills
- Problem-solving, organizational, and critical-thinking skills
Education & Experience:
- 2+ years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.