Intermediate Security Developer to identify security vulnerabilities and propose code solutions to cybersecurity problems for a financial client

Our client is seeking an Intermediate Security Developer to identify security vulnerabilities and propose code solutions to cybersecurity problems for a financial client

Must haves:

• 5+ years of experience as a Security Developer
• Experience with GitLab Vulnerability Management (Development of Pipelines, Integrations of Security Scanning Tools i.e. SAST, DAST, Mobile, Secret)
• Experience with GCP (BigQuery, Cloud Run, GCS, Artifact Registry, Kubernetes)
• Ability to read and write code (i.e. Python, Node, SQL) to resolve and provide guidance on vulnerability remediation
• Strong communication (written and verbal) skills and the ability to explain technical concepts to non-technical team members
• Familiarity with Security Governance and Policy Development

Nice to haves:

• experience in the banking / financial industry

Responsibilities:

1. Engaging Teams: Providing support and insights on critical and high vulnerabilities through the Application Security Remediation (ASR) procedure. Serving as a subject matter expert for a security champions program and guiding team members through threat modelling processes

2. Development of controls, governance, monitoring of Application Security Processes and defining/writing/implementing security standards for secure development practices across the organization

3. Reporting & Data: Ensuring accurate ownership of GitLab projects and cleaning up attack surface data. We'll also document the vulnerability management procedure with clear governance and a RACI.

4. Tooling & Coverage: Expanding vulnerability coverage with Jira integration, Sonatype scanning, mobile app scanning, and binary scanning. All findings will be visible in real-time dashboards.

5. Upgrading Pipelines: Migrating from the existing compliance pipeline to a new, documented pipeline execution policy