Why is this role important to us:
We view security as a mandatory capability of any work process involved in software development and operation. Those capabilities are constantly evaluated and improved to meet ever-increasing demands. Join our security team and support us in continuously improving all aspects of providing secure software solutions and services.
As the Security Tech Lead, you will support a development department of 900 people improving our secure software development life cycle across products and services. You will be part of a team that engages in both secure design and process development.
We are hiring into a broad area of responsibilities where we can and will design a job according to your profile and interests.
For instance, you can focus on technical design and quality assurance. This includes security testing, penetration testing, secure design, secure standards, and threat modeling. You can also focus on process and policy management including risk assessment in case your interests are more on the governance side.
What you will be responsible for:
This versatile job will place you as a key defender of our digital environment, formulating vital security strategies that ensure our infrastructure’s steadfastness and endurance. Here’s how you’ll make a difference:
- Cybersecurity Mastery: Utilize your expertise with tools like Azure, Defender for Cloud, and Sentinel to enhance our security frameworks.
- Strategic Security Leadership: Develop and implement security strategies that align with our business priorities, ensuring the safety and compliance of our operations.
- Innovative Problem Solving: Spearhead initiatives to mitigate risks associated with cyber threats, including ransomware through innovative security solutions.
- Stakeholder Engagement: Work closely with IT and engineering teams to integrate security practices seamlessly into our development and operational workflows.
- Continuous Improvement: Drive continuous enhancements in our security measures, staying ahead of potential threats and maintaining compliance with industry standards.
Your role will be crucial in ensuring that our client remains a secure, innovative leader in financial services, directly contributing to our strategic priorities and long-term success.
Your Background Could Include
To excel in this position, having a variety of the following skills will be greatly advantageous:
- Offensive Security Techniques: Proficiency in ethical hacking, penetration testing, and red team exercises to proactively identify and address vulnerabilities.
- Engineering Expertise in Secure Software Development: A background as an engineer with a focus on secure software development, incorporating secure SDLC practices to ensure that all software is built with security integrated from the ground up.
- Platform Engineering and Automation Proficiency: Experience in platform engineering, including infrastructure management and automation, ensuring efficient and secure deployment of cloud-based services.
- Security Compliance Expertise: Familiarity with industry standards such as GDPR, SOC 2, or ISO, and experience in implementing compliance measures.
- Threat Modeling and Risk Analysis: Skills in conducting thorough threat models and risk analyses to effectively forecast potential security issues and strategize appropriate defenses.
What you will be responsible for (depending on your interest):
- Acting as a technical lead and subject matter expert for our secure application code development, cloud-based infrastructure, and network security.
- Promoting and assisting in reviewing code to enforce security, which includes reviewing pull requests and providing guidance to development teams.
- Constantly re-evaluating threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues.
- Developing technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services.
- Participation in enhancing a security strategy focusing on cloud-based infrastructure, networks, and applications, supporting security certifications and audits.
- Developing security requirements through designing and building prototypes or proofs of concept.
- Participating in building scalable detection systems and security-focused telemetry tools.
- Working directly with development teams to establish and enforce security best practices, process improvements and effective security controls for new and existing products.
What we value:
- Significant experience in secure software development and architecture in two or more languages.
- Relevant experience as a Security Engineer – building security into a SaaS delivery pipeline.
- Significant experience in application-level vulnerability testing, e.g., Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, and Insecure Cryptographic Storage.
- Experience with code-level security auditing and automated static code analysis from a secure software development point of view.
- Experience with common vulnerability scanning and reporting tools, e.g., SonarQube, Mend, Black Duck.
- Knowledge of a broad range of attack vectors and exploits, e.g., API, OS, database, network, and Front End.
- Knowledge of cloud computing services, deployment architecture, cloud operations (we use Azure), security, automation, and orchestration.
- Knowledge of cybersecurity frameworks and related industry practices such as NIST, FFIEC, and OWASP.
- Experience in performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies