Security Expert

USG Professionals focuses on project sourcing, interim management, and recruitment & selection, within the expertise areas of ICT, HR, Legal, Finance, Facility, Engineering, and Science.

As a company, we choose an authentic and inclusive approach where you, as a professional, have the space to take ownership and feel comfortable and happy in your job.

We aim to be a future-proof organization through innovative tools like USG EASY, unique training programs such as 'Start 2 Freelance,' and through knowledge sharing on our podcast channel and innovation meetups.

Download the USG EASY app, apply in 1 click, and follow your application process step by step

Support security in dev. team, lead, coach and update team on security

Status reporting, identification of next actions & responsibilities

Build out automated/scalable “shift left” approaches to code security including SAST/DAST within code pipelines

Reduced MTTR Increased adoption and code coverage of security testing in CI/CD pipelines Implemented effective fail build policies Embedded threat modelling as a standard practice

Act as "lead" security champion to stimulate a broader community of security champions within the existing TME development members

Proposals for suitable TME members for future security champions within each dev team. Proposals for actions to build security champions program within TME.

Collaborate with other "Security Champions" & application security experts

Information sharing, advice, documented knowledge transfer (e.g. best practices, check sheets, requirements)

Be a point of escalation for dev team to Cyber Security as required.

Information sharing, advice, documented knowledge transfer (e.g. best practices, check sheets, requirements)

Improve security of ongoing and new development(s)

Increased software security in local teams evidenced using SAMM (Software Assurance maturity Model)

Threat modelling of developments / projects

Threat model and resulting mitigation requirements / specifications

Profile/Background - come from a disipline of:

? Application Security ?Pen Testing ? Experience of Secure Software Development Lifecycle as e.g. developer, architect

Needed Skills: ? Experience of programming in at least one language ? Ability to identify and advise on remediation of software security vulnerabilities ? Ability to perform threat modelling with development teams ?Ability to explain technical content to inexperienced &/or not technical & security personell Desirable Skills: ? Familiarity with application security frameworks and standards such as SAMM, BSIMM and NIST SSDF ? Kubernetes and Container security knowledge ? Cloud Security knowledge (AWS, Azure, GCP)

Desirable Qualifications: ? CSSLP, OSCP, OffSec

Additional information about expectations for Application Security Expert:

1. Deadline Management: Ensure vigilance in meeting deadlines, and in cases where this is not feasible, promptly inform the relevant development teams to discuss extensions or escalate the matter if deadlines cannot be met.

2. Proactive Issue Resolution: Anticipate potential challenges arising from scheduling conflicts or gaps in security awareness, and take pre-emptive actions to mitigate and prevent such issues.

3. Status and Risk Communication: Regularly report on task status and potential risks, and raise any concerns with management in a timely fashion.

4. Task Tracking: Accurately maintain a task list in Jira to facilitate the escalation of tasks that are at risk of being late.

5. Effective Communication: Maintain regular, efficient, and effective communication with internal Customers, management, and development teams.

6. Security Expertise: Demonstrate a deep understanding of security requirements, know where to find detailed information, and act as a knowledge resource for development teams.

7. Adherence to Standards: Familiarize oneself with and adhere to CyberSecurity's internal standards & follow them.

8. Standard Development: Identify gaps in existing standards, propose new standards, and advocate for their implementation.

9. Development Support: Support/enforce the security of developments, even in challenging situations or when facing resistance from development teams.

10. Multi Project Support: Need to be able to work on and track multiple projects / concerns "simultaneously"

Experience The candidate will be able to demonstrate past experience - Application Security and / or Pen testing. - Work in a large and complex environment

- Hybrid working is accepted