Security Champions work collaboratively on products and services within the DevSecOps Teams, supporting the Team to deliver secure products and services as well as to deliver the outputs as set by the business. They are involved in the iterative development of products and services during sprints and in all sprint activities e.g. sprint planning, daily stand-ups, sprint reviews and retrospectives.
Arbeitgeberprofil
Technology center of a multinational telecom company.
Verantwortlichkeiten
Control and tracking of IT security measures within cloud environments.
Examination of security requirements within the demand process for corporate and technical security.
Protection of physical and intellectual assets, i.e. ensurrance that proper security and safety measures are in place.
Evaluation of audit and vulnerability findings including risk assessment
As part of these activities, Security Champions ensure that appropriate measures are taken to check compliance with an adequate level of security in company’s processes, products and services. They ensure that identified risks and weak points are identified and dealt with.
Security Champions:
Advocate and follow Security Policies and Standards but are not Security experts.
Are the Security SPOC for their Team.
Coach their team about company/group Security policy.
Ensure, consider and implement Security in all Team activities including sprint planning, daily stand-ups, sprint reviews and retrospectives.
Report Security Risks and Incidents to the NCIS Security Chapter Lead.
Contribute to a set of Security-specific user stories and must engage with the Product Owner to add Security user stories into their Team’s product and service backlog.
Work with the Product Owner to track, monitor and advise on the prioritization of Security user stories.
Work to find the right balance between ensuring that Security user stories are prioritized for the Team and that the Team can prioritize other user stories as and when required.
Works with the NCIS Security Chapter Lead to identify risks in the Teams and inform the Risk Owner and the NCIS Security Chapter Lead of any potential Security risk. They suggest mitigation strategies for any Security issues that arise in the Teams.
Inform and update their Teams about changes or updates to company Security Policies and Standards e.g. guidelines, blueprints, architectural patterns and software development.
Inform the NCIS Security Chapter Lead about how any documentation, designs or patterns provided by Global Cyber Security could be adapted to suit local patterns.
Anforderung
Comprehensive understanding of cloud IT security components.
Experience with IT security standards or best practices.
Good written and spoken English knowledge.
Soft Skills:
High communication and social skills.
Analytical and organizational skills.
Confident demeanor and assertiveness.
Autonomous, diligent and solution-oriented working.
Willingness for regular further training.
Nice to have: (at least 2 of the following would represent a great advantage)
Previous experience related to security in cloud environments or cloud migrations.
Experience in Risk Management & Consulting.
Good understanding of DevSecOps environment (especially CI/CD, SAST, DAST)
Gook knowledge about Cybersecurity concepts, tools and processes (including: IPS/IDS, Risk assessment, Vulnerability Scanning/Management/Mitigation, etc.)
Knowledge about various cloud services/platforms ( e.g. IaaS, PasS, AWS, etc.)
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.