Senior Security Engineer to support DevSecOps team focusing on security in SDLC with secure design review, threat modelling, secure code reviews, penetrat

Our Public Sector client is seeking a Senior Security Engineer to support DevSecOps team focusing on security in SDLC with secure design review, threat modelling, secure code reviews, penetration testing, security controls- 0143416

12 months contract, 3 days/week in Office, 40 hrs work week

Must Have:

• 7+ years of experience as Security Engineer in progressively complex roles focused on security engineer
• Industry certificate related to security engineer role i.e. CISSP, CEH, etc.
• In-depth knowledge of SCA/SAST/DAST, Threat Modelling, Security controls across all layers of application infrastructure, and Penetration testing for web applications
• Undergraduate degree in Computer Science or STEM (Science, Technology, Engineering or Math)

Responsibilities:

• Perform threat modeling for identification and mitigation of security threats as part of product/application design and architecture.
• Perform secure code reviews, secure design reviews, and penetration (black and white box) testing for applications/products.
• Perform SCA/SAST/DAST analysis using industry tools, Embed the tools and security processes into CI/CD pipelines
• Create and maintain Azure security policy to ensure the secure deployment of cloud components/applications/platforms
• Performs design, development, integration, and sustainment of security building blocks that provide confidentiality, integrity, availability, authentication, and non-repudiation for software products built by DevOps teams.
• Manages vulnerability management and risk management processes through the system development lifecycle (planning, design, development, testing, release)
• Defines the security controls, performs user stories for security consults for applications/product teams based on solution design and security requirements of a product.
• Supports security quality and assurance of products using various security test tools. Performs validation and tuning of security testing tools to provide accurate and actionable results.
• Coordinates with members of a DevOps team to provide guidance in the development and integration of secure design practices into the product development lifecycle.
• Delivers training to DevOps developers on secure coding practices and hacking techniques to embed knowledge of security into the development process.
• Drives the selection, POC, implementation and operational deployment of new security technology solutions to ensure the security (confidentiality, integrity and availability) of business data related to the DevOps development lifecycle.
• Ensures application and infrastructure architectural solutions are secure, and compliant with policies and standards.
• Performs security monitoring of solutions through the development lifecycle and participates as a subject matter expert in security incident response scenarios