GIS IT Security
Duration: Permanent
Pay rate: $ 90k.
Experience Required
+ 6-8 Years
Roles & Responsibilities
- Partner with various stake holder groups, to promote and build a culture of security and ensure products are designed and built securely.
- Partner with Product Engineering, Legal, and Information Security teams to ensure security & compliance objectives are identified and achieved.
- Partner with product teams across Applied to implement/integrate secure SDLC concepts such as training, security requirements, threat modeling, code/design reviews, and security testing.
- Architect and implement new or updates to product security solutions. Provide technical advice to clients and teams on design, installation, and maintenance of product per security requirements.
- Have experience in performing application security/penetration testing using manual and automated tools.
- Work with a global team to help implement and monitor security controls to proactively identify product security issues.
- Ability to interpret security tools and penetration testing results to stakeholders and provide advice on vulnerability remediation and risk mitigation.
- Should have good understanding of DevSecOps concepts/principles and cloud native services, to enable secure development and deployment of applications in the Cloud.
- Work with Information Security and Information Technology teams to build & maintain controls to manage varied risks including application and cyber risks.
- Work across teams to develop and define project/program information security metrics & dashboards.
- Monitor events, collate and analyze data to assess the environment for product security risk, policy violations, & unusual activity and perform root cause analysis.
Generic Managerial Skills
- Minimum 6 to 8 years of experience in Application and/or product security
- Knowledge of regulatory guidelines and standards such as ISO27001, SEMI Standards, etc.
- A thorough understanding of common application security tools, code libraries and documentation.
- Understanding of threat modeling, security vulnerabilities, attacker exploit techniques, and methods for their remediation.
- Familiarity with the tools for various security activities: Static Code Analysis, DAST Penetration Testing, Intrusion Detection/Prevention, etc.
- Experience with web application penetration testing
- Experience in performing source code review
- Working knowledge of one scripting language and or familiarity with at least one software programming language and a framework is a plus
- Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.
- Certification in any security area is a plus
- Experience working with manufacturing equipment or industrial equipment is a plus
- Experience working in semi-conductor industry is a plus
Skills:
- DAST Penetration Testing
- SDLC
- DevSecOps
- Intrusion Detection/Prevention
- ISO27001, SEMI Standards, etc.
- Static Code Analysis
- Semi-conductor
- SEMI Standards
- scripting language