Principal Security Implementation Lead

08 Aug 2024

Vacancy expired!

PRINCIPAL, SECURITY IMPLEMENTATION LEADLooking for a Security Implementation Lead. You will be analyzing, triaging, solutioning vulnerabilities, identified via Black Duck and Veracode Scanning. Open to sponsorship must have at least two years leftHybrid 2 days in office 3 days remoteWhat we Offer:

  • A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
  • A hybrid work environment, up to 3 days per week of remote work
  • Tuition Reimbursement to support your continued education
  • Student Loan Repayment Assistance
  • Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
  • Generous PTO and Parental leave
  • Competitive health benefits including medical, dental and vision

What You'll Do
  • As a Principal, Security Implementation Lead you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions.

Responsibilities:
  • To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
  • Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
  • Interacting with project teams to seek implementation and completion of security requirements
  • Documenting processes based on established guidelines
  • Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
  • Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
  • Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
  • Other job-related duties as assigned.

Qualifications:
  • Understanding of Kanban and/or Agile methodologies.
  • Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
  • Self-starter – takes the initiative to research, learn and deliver. Anticipates the play.
  • Team player – humble, collaborative, and focused on making sure the entire team succeeds.
  • Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
  • Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
  • Ability to follow established processes
  • Ability to juggle several high visibility projects
  • Ability to read code in mainstream programming languages such as Python, C#, Java

Technical Skills:
  • Knowledge and experience with Security scanning tools such as Black Duck and Veracode
  • Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
  • Knowledge of Product Owner role. Product Owner certification is a plus.
  • Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
  • Certification of some type of Project / Program management is a plus.
  • A total experience in technology and security landscape for 11 to 15 years is required.

  • ID: #44700535
  • State: Illinois Chicago 60290 Chicago USA
  • City: Chicago
  • Salary: $175,000 - $195,000
  • Job type: Permanent
  • Showed: 2022-08-08
  • Deadline: 2022-09-17
  • Category: Security