Secure Development Lifecycle Specialist OIJ73

Secure Development Lifecycle Specialist OIJ73

09 jul
NCC Group

09 jul

NCC Group


Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference, and we want you to join in our mission, as a Secure Development Lifecycle (SDL) Specialist.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business…

The Opportunity

Our Technical Security Consultant team in the UK and Spain is growing - we are looking to speak with innovative Software Developers/Penetration Testers/Technical Security Consultants, looking for experienced individuals in the security of the Software Development Life Cycles (SDLC).

The Secure Development Lifecycle (SDL) specialist will work alongside client development organisations to understand the existing culture, technology and delivery approach and create innovative solutions that aim at increasing the security of the final product. You will come across a variety of technologies, development approaches, tools and products and work with some well-known and widely used software products, making them safer for the users.

With our dedicated lab facilities and break out areas, continuous training and variety of work, regular tech team/research events and annual internal convention NCCCon, we are positive that we can offer what you are looking for next in your career.

The Challenge

As an SDL specialist you will work closely with clients helping to build an application security program and/or a software security initiative. Part of your role will be to:

- Analysis of existing delivery development processes from a security point of view, identifying gaps against industry maturity models (i.e., SAMM) or best practice (i.e. PCI SSF, NCSC SSL).

- Technical review of CI/CD pipelines and DevOps approaches, with focus on security configurations, as well as security technologies (i.e., SAST, DAST, SCA) used in the pipeline and the level of configuration contained.

- Planning, deployment, and rollout of new/improved:

Development processes and/or pipelines tailored for the client technology stack covering technical security assessments.

Security technology such as static and dynamic testing (i.e., fuzzing), software composition analysis, or custom.

- Training clients in different aspect of security in development described in this document

- Assist in the identification, resolution, and documentation of security vulnerabilities and resolution process.

- Provide guidance and mentoring to adjacent teams and team members.

Essential Skills

At NCC Group we are passionate about passionate people; someone who wants to join in our mission of making the world safer and more secure, whilst learning new skills and advancing their career forward.

In terms of technical capability, we are looking for individuals who have experience in the following areas:

- Secure design and architecture (i.e. attack surface analysis, threat modelling)

- Software development / engineering

- Development Operations (DevOps)

- Continues Integration/Continues Delivery (CI/CD)

- Good knowledge of at least one scripting language (e.g. Python, Ruby, Perl, PowerShell)

- Experience in using, configuring, and integrating automated security tools (i.e. SonarQube, Burp Suite Professional, Sonatype Nexus IQ) into CI/CD pipelines

- Experience of working in an agile project environment

- Experience of working in hybrid teams (client and multiple service providers, on-shore and off-shore, for example)

- Knowledge of cyber security principles

- Writing clear and accurate technical documentation

Additionally, any expertise in the areas below, would be extremely beneficial.

- SDL frameworks (e.g. SAMM, PCI SSF, NCSC SSL)

- Software assessment & QA

- A good understanding of Agile, Lean and Waterfall development

- Good understanding of other lifecycle stages (both tools and processes) from a security point of view (requirements, design, implementation, verification, and operation)

- DevSecOps knowledge

- Knowledge of networking

- Knowledge of database management system technologies (both SQL and NoSQL)

- Computer science/software engineering degrees are welcome

El anuncio original lo puedes encontrar en Kit Empleo:

Postulate a este anuncio

Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.

Suscribete a esta alerta:
Escribe tu dirección de correo electrónico, te permitirá de estar al tanto de los últimos empleos por: secure development lifecycle specialist oij73
Publica un nuevo anuncio gratuito
Necesitas publicar un anuncio? Con más de 1 millón de usuarios únicos al mes en corto encontrarás el candidato ideal para tu empresa, ¿qué estás esperando!
Publica ahora

Suscribete a esta alerta