lead cloud security specialist
Currently, we are looking for a remote Lead Cloud Security Specialist to join our team.
In this position, you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure.
This kind of goal tends to be very challenging and includes lots of various activities: from communicating with the Customer to explaining what IT Security in general and Application Security, in particular, mean, advocating a consistent approach to Security throughout the whole SDLC for both Customer and the Development Team, tracking and helping the Team with Security-related activities, going deep into project details, creation of security-related artifacts, making a contribution into Security Testing, etc.
- Perform Security Audits for ongoing projects: both Architecture and Implementation/Code Review
- Contribute to building Secure Architecture and Design for the new projects or making corrections to the existing ones
- Work as a Security Advisor helping to establish secure development activities in SDLC end-to-end
- Perform Security Training for Development Teams
- Communicate with customers and teams, be able to convey the message about the importance of security, the ways of establishing it, and the wrong ways of enforcing it (e.g., do pen testing before release)
- Communicate with all sub-teams: BAs, Developers, and QAs, building a consistent understanding of Security Requirements, main Threats, Mitigations implemented
- Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers
- Work as a consultant answering particular questions related to security in the development
- Work on Pre-sales making sure Security is addressed properly and taken into account in budget and effort estimations
- 5+ years of experience in Security Development
- Knowledge of at least one Security Development methodologies (e.g., Microsoft SDL, OWASP CLASP, etc.)
- Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modeling, Security Code Review
- Deep understanding of the nature of security threats, their classification
- Knowledge of the most common implementations of the Threats (e.g., XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS, etc.) and how they match the general classification
- Understanding of main security principles, such as multi-layered protection (Defense in Depth)
- Understanding of main areas of protection (Security, Privacy, Availability) and levels of defense (networking, infrastructure, OS, Application)
- Understanding of mitigation mechanisms for every type of threat (e.g., validation, sanitizing, crypto-operations, etc.)
- Good knowledge of Security Features and Mechanisms provided by at least one OS (e.g., Windows, Linux, Android, iOS, etc.) and development platform/technologies (e.g., Java, .NET Framework, databases, etc.)
- Familiarity with existing Security Standards (e.g., PCI DSS, HIPAA, NIST, Common Criteria, etc.) and what it means to implement compliance with them
- Familiarity with the tools for various security activities: Static Code Analysis, Pen Testing, Intrusion Detection/Prevention, etc.
- Understanding of basic principles of infrastructure security and penetration testing
- The ability to use the tools to perform actual attacks is a plus
- Certification in any security area is a plus
- English level B2+
looking for something else?
Find a vacancy that works for you. Send us your CV to receive a personalized offer.