Job Details

Home

Cloud Security SME - Remote at Remote, Remote, USA

From:

Rahaman Mohammed,

Techgene Solutions LLC

[email protected]

Reply to: [email protected]

Please find the JD below

Job Title: Cloud Security SME

Location: Remote

Duration: 6+ Months

Audit experience in BFS domain is the must.

Job Description

10+ years of experience in Software Security Engineering, or a related field.

Exp in doing Application Security, Network Security and Cloud Infrastructure security Audits.

Exp in understanding of CSA CMM Audit security Model

knowledge of IAM principles, technologies, and best practices.

In-depth knowledge of Azure Cloud architecture, services, and security controls.

Strong understanding and experience with regulatory compliance frameworks like GDPR, HIPAA, PCI DSS, and other relevant industry standards.

Hands-on experience with Azure security tools such as Azure Security Center, Azure Sentinel, Azure AD, and Key Vault.

Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security.

Excellent communication skills, with the ability to convey security concepts to both technical and non-technical audiences.

Strong knowledge of common application vulnerabilities and remediation strategies, including OWASP Top 10.

Hands-on experience with security tools for SAST, DAST, and IAST, as well as vulnerability management platforms.

Preferred Certifications:-

Certified Cloud Security Professional (CCSP).

Prefer to have Audit exp in Banking domain.

Job Responsibilities
:-

Security by Design:
Collaborate with development teams to ensure security is integrated from the outset, including participation in design and architecture discussions.
Conduct threat modeling sessions to identify potential risks and vulnerabilities in new and existing applications.

Secure Software Development Lifecycle (SDLC):
Implement and promote security guidelines and best practices throughout the SDLC to ensure security is a priority at every stage.
Conduct secure coding training for development teams, focusing on preventing vulnerabilities such as those identified in the OWASP Top 10.

Code Reviews and Vulnerability Management:
Perform security code reviews and audits, leveraging tools such as SonarQube, Checkmarx, and Fortify to identify and remediate vulnerabilities.
Manage application security vulnerabilities through tracking, prioritization, and remediation, ensuring timely resolution with development teams.

Application Security Testing:
Implement and manage both manual and automated security testing processes, including:
Static Application Security Testing (SAST): Tools like Veracode, Checkmarx, or Fortify.
Dynamic Application Security Testing (DAST): Tools such as Burp Suite, OWASP ZAP, and Acunetix.
Interactive Application Security Testing (IAST): Tools like Contrast Security.
Coordinate penetration testing engagements, working with internal and external testers to assess security posture.

DevSecOps Integration:
Embed security into the CI/CD pipeline using tools such as GitLab CI, Jenkins, or CircleCI, ensuring security testing is part of the build and deployment process.
Utilize container security tools like Aqua Security, Twistlock, or Sysdig to secure containerized applications.

Collaboration and Cross-Functional Engagement:
Act as a security advisor to development, QA, and product management teams, helping them understand and implement security best practices.
Work closely with DevOps teams to integrate security tools and practices into operational workflows.

Incident Response and Product Security:
Collaborate with security operations teams to address security incidents related to applications and products, providing insights for remediation and prevention.
Lead post-incident reviews, ensuring that lessons learned are documented and communicated to relevant teams.

Compliance and Standards:
Ensure applications are compliant with security standards and regulations such as OWASP, NIST, ISO 27001, and GDPR.
Collaborate with compliance teams to align application security practices with regulatory requirements.

Security Awareness and Training:
Develop and deliver training programs on secure coding, common vulnerabilities, and the importance of security in the development process.
Promote a culture of security awareness across product development teams

Keywords: continuous integration continuous deployment quality analyst active directory rlang
Cloud Security SME - Remote
[email protected]

[email protected]
View All

09:01 PM 05-Mar-25

To remove this job post send "job_kill 2229272" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

mohammed.r@techgene.com wrote:
From:

Rahaman Mohammed,

Techgene Solutions LLC

mohammed.r@techgene.com

Reply to:   mohammed.r@techgene.com

Please find the JD below

Job Title: Cloud Security SME

Location: Remote

Duration: 6+ Months

Audit experience in BFS domain is the must.

Job Description

10+ years of experience in Software Security Engineering, or a related field.

Exp in doing Application Security, Network Security and Cloud Infrastructure security Audits.

Exp in understanding of CSA CMM Audit security Model

knowledge of IAM principles, technologies, and best practices.

In-depth knowledge of Azure Cloud architecture, services, and security controls.

Strong understanding and experience with regulatory compliance frameworks like GDPR, HIPAA, PCI DSS, and other relevant industry standards.

Hands-on experience with Azure security tools such as Azure Security Center, Azure Sentinel, Azure AD, and Key Vault.

Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security.

Excellent communication skills, with the ability to convey security concepts to both technical and non-technical audiences.

Strong knowledge of common application vulnerabilities and remediation strategies, including OWASP Top 10.

Hands-on experience with security tools for SAST, DAST, and IAST, as well as vulnerability management platforms.

Preferred Certifications:-

Certified Cloud Security Professional (CCSP).

Prefer to have Audit exp in Banking domain.

Job Responsibilities
:-

Security by Design:
Collaborate with development teams to ensure security is integrated from the outset, including participation in design and architecture discussions.
Conduct threat modeling sessions to identify potential risks and vulnerabilities in new and existing applications.

Secure Software Development Lifecycle (SDLC):
Implement and promote security guidelines and best practices throughout the SDLC to ensure security is a priority at every stage.
Conduct secure coding training for development teams, focusing on preventing vulnerabilities such as those identified in the OWASP Top 10.

Code Reviews and Vulnerability Management:
Perform security code reviews and audits, leveraging tools such as SonarQube, Checkmarx, and Fortify to identify and remediate vulnerabilities.
Manage application security vulnerabilities through tracking, prioritization, and remediation, ensuring timely resolution with development teams.

Application Security Testing:
Implement and manage both manual and automated security testing processes, including:
Static Application Security Testing (SAST): Tools like Veracode, Checkmarx, or Fortify.
Dynamic Application Security Testing (DAST): Tools such as Burp Suite, OWASP ZAP, and Acunetix.
Interactive Application Security Testing (IAST): Tools like Contrast Security.
Coordinate penetration testing engagements, working with internal and external testers to assess security posture.

DevSecOps Integration:
Embed security into the CI/CD pipeline using tools such as GitLab CI, Jenkins, or CircleCI, ensuring security testing is part of the build and deployment process.
Utilize container security tools like Aqua Security, Twistlock, or Sysdig to secure containerized applications.

Collaboration and Cross-Functional Engagement:
Act as a security advisor to development, QA, and product management teams, helping them understand and implement security best practices.
Work closely with DevOps teams to integrate security tools and practices into operational workflows.

Incident Response and Product Security:
Collaborate with security operations teams to address security incidents related to applications and products, providing insights for remediation and prevention.
Lead post-incident reviews, ensuring that lessons learned are documented and communicated to relevant teams.

Compliance and Standards:
Ensure applications are compliant with security standards and regulations such as OWASP, NIST, ISO 27001, and GDPR.
Collaborate with compliance teams to align application security practices with regulatory requirements.

Security Awareness and Training:
Develop and deliver training programs on secure coding, common vulnerabilities, and the importance of security in the development process.
Promote a culture of security awareness across product development teams

Keywords: continuous integration continuous deployment quality analyst active directory rlang 
Cloud Security SME - Remote
mohammed.r@techgene.com

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]

Time Taken: 0

Location: ,