Cloud & DevOps Product Security Advisor

Location: Bedford MA or Austin, TX, MA, United States
Date Posted: 09-20-2018
Hopkinton, MA or Austin, TX

We are seeking a Cloud Product Security Advisor  This role will be working with several complex products and will lead, mentor and influence them into implementing Secure Development controls in their products.  Specific experience in building security for Cloud-based solutions in an Agile or DevOps environment is required.

Key Responsibilities
  • Proactively advise product teams on secure design and coding considerations
  • Create and/or update threat models for new and existing products, rate risks using CVSS and provide mitigation recommendation to engineers  
  • Translate security risks to business impact
  • Lead Secure design and coding workshops to teach other engineers how to securely design and implement code
  • Contribute to the future versions of Security policy and standards and associated controls
  • Be the Secure Development Lifecycle (SDLC) evangelist and work across company product groups as the subject matter expert on SDLC.

Essential Requirements
  • Master's Degree in Information Security or similar technical field strongly preferred
  • Understanding of prevalent security vulnerabilities such as authentication bypass, command injection and cross-site request forgery, their impact, and their efficient remediation
  • Understanding and hands-on experience of secure software development practices including threat modeling, secure design principles, secure coding, code analysis, and security testing(the candidate should be a demonstrated expert in at least one of these activities and should have functional mastery of the others)
  • Proven experience in building security in Cloud-based solutions, DevSecOps, CD/CI is required
  • Ability to articulate business impact of software security problems translating them into worst case scenarios
Desirable Requirements
  • Knowledge of Containers, Micro-Services and Container Orchestration technologies is a strong plus
  • Competency in secure coding in multiple languages, including at least one scripted and one compiled language
  • Strong understanding in software development methodologies such as waterfall and Agile
  • Industry certifications: GIAC, CISA and/or CISSP, CSSLP desired
  • Knowledge of Containers, Micro-Services and Container Orchestration technologies is a strong plus
  • Ability to work with diverse and global teams.
this job portal is powered by CATS