Technology Centre of a multinational Telecom company.
- The role is responsible for contributing to a major programme of work to embed security within all company application software development, planning controls to counter emerging threats and address evolving technology. They will support the development of the blueprint of technical security controls, which follow a security as code and shift left approach, as well as their corresponding roadmaps, assessing, and influencing suppliers.
- They will work with the wider Cyber Security Strategy and Secure by Design Architecture team to update and leverage state of the art threat models to define controls, policies and technologies needed to mitigate security risks. They also work across all local markets, Digital and IT as well as Cloud and Software Engineering teams to update and align global DevSecOps, Cloud, Container, API and Artificial Intelligence security standards for the company, and to help them to understand how securely configure CI/CD implementations.
- They will work to understand and improve security of software applications, APIs, cloud and containers, particularly in relation to Security as Code, and interact where necessary with our global vendors. The role provides a sense of balance across the wider Security Architecture team to ensure DevSecOps security controls are implemented to support each other, are measured to demonstrate risk reduction and prepare the company and its customers for the evolving threat landscape.
- Expert knowledge in Application Security and DevSecOps, and the software technologies, programming and development practices that underpin them. Include but not limited to: Cloud Security, Container Security, Application security testing, API Security, Source Code Analysis, Static Application Security Testing, Artificial Intelligence, scripting best practice, Programming Languages, Software vulnerabilities.
- Deep knowledge of at least one of SCA, SAST, Container Security, Cloud Security (AWS, GCP, Azure, OCI), API Security, open source security.
- Working knowledge of the shift-left mindset and vulnerability remediation within developer toolsets and environments such as GitHub.
- Good understanding of automation tooling such as PowerAutomate and PowerBI and work tracking tools such as Azure DevOps, GitHub Actions and use of Artificial Intelligence in software engineering.
- A proven track record, in designing, documenting and deploying a range of DevSecOps security features for a global organisation.
- A proven track turning documents into consumable code snippets or templates e.g. Terraform templates, Python scripts.
- Proven track record of actively contributing to the creation, review and redactions of standard, high level architecture documents and presentations at all levels from very technical to leadership level.
- Security Certifications such as CISSP, CCSP, GSEC.