- Provide security consultancy, technical guidance, expertise, and solutions.
- Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks.
- Help application team in developing and implementing security test and verification scripts for testing and validating security controls/issues.
- Able to engage and execute security vulnerability scanning activities (VAPT/SAST/DAST/MAST activities etc) & triage security findings.
- Define scope and review the results of security tests, reviews, and audits to ensure security assurance is achieved.
- Identify and assess cyber risks in the application and network.
- Perform threat modelling on security-critical applications.
- Recommend and drive cyber security solutions and initiatives to improve the cyber security of the organisation.
- Deliver security projects, such as the implementation of security software, POC of DevSecOps tool and create rules/scripts that help identify latest security issues
- Ensure clients' compliance policies/procedures are met through ongoing security reviews, audits, and exercises.
- Improve DevSecOps implementation and provide assistance to developer in understanding the vulnerabilities reported by the tool
- Bachelor's degree in computer science, or any equivalent
- Around 2 years' experience in DevSecOps
- Good understanding of Application Vulnerability
- Should be able to provide Mitigation and Remediation Steps to engineering team to fix these vulnerabilities.
- Should also know the impact of each vulnerability so that they can calculate the risk to the organization accordingly
- Able to perform Secure Design Review and identify potential security risk DevSecOps.
- Familiar with Gov standard of security posture including planning and running Security Compliance Check, Security Vulnerability Scanning
- Familiar with IM8 policies
- Familiar with SSO, OpenID Connect(OIDC)/ Security Assertion Markup and Multi-Factor Authentication (MFA) Framework
Cristina Malabuyoc Malijan EA License No. 02C3423 Personnel Registration No. R1111547