Vacancy expired!
PRINCIPAL, SECURITY IMPLEMENTATION LEADLooking for a Security Implementation Lead. You will be analyzing, triaging, solutioning vulnerabilities, identified via Black Duck and Veracode Scanning. Open to sponsorship must have at least two years leftHybrid 2 days in office 3 days remoteWhat we Offer:
- A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
- A hybrid work environment, up to 3 days per week of remote work
- Tuition Reimbursement to support your continued education
- Student Loan Repayment Assistance
- Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
- Generous PTO and Parental leave
- Competitive health benefits including medical, dental and vision
- As a Principal, Security Implementation Lead you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions.
- To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
- Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
- Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
- Report to senior management on status, next steps, risks, dependencies
- Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
- Interacting with project teams to seek implementation and completion of security requirements
- Documenting processes based on established guidelines
- Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
- Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
- Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
- Other job-related duties as assigned.
- Understanding of Kanban and/or Agile methodologies.
- Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
- Self-starter – takes the initiative to research, learn and deliver. Anticipates the play.
- Team player – humble, collaborative, and focused on making sure the entire team succeeds.
- Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
- Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
- Ability to follow established processes
- Ability to juggle several high visibility projects
- Ability to read code in mainstream programming languages such as Python, C#, Java
- Knowledge and experience with Security scanning tools such as Black Duck and Veracode
- Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
- Knowledge of Product Owner role. Product Owner certification is a plus.
- Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
- Certification of some type of Project / Program management is a plus.
- A total experience in technology and security landscape for 11 to 15 years is required.