IT Security Officer - OWASP Top 10 - Investment Banking
IT Security Officer required for top Investment Bank to promote and support security best practices in software Development Lifecycle of development teams.
- Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process
- Familiarity with common security vulnerabilities (e.g. OWASP Top 10)
- Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them.
- Excellent knowledge of programming best practices, design patterns, etc.
- development experience, preferably in Microsoft Visual Studio, .NET and Java
- Experience of specific security products and technologies: CA Siteminder, 2 factor authentication, Kerberos / SAML authentication solutions
- Experience of the development lifecycle within .NET, C# and/or Java projects
- Hands-on penetration testing experience
- Experience with source code analysis products (HP/Fortify)
- Knowledge of Web Application Firewalls: how to apply them and to define effective custom rules
- Competent in technical interviewing
This is an exciting opportunity to work with interesting security challenges in an environment with many different development platforms, communications technologies, and advanced trading systems.
The role encompasses a number of activities & responsibilities:
- To promote and support security best practices in software Development Lifecycle of development teams. Will involve working with developers to integrate tools such as source code analysis into their build environments and to assist with the identification, tracking, and remediation of vulnerabilities.
- To actively engage with development community (executive committees, team meetings) to evangelize security best practices and ensure that security requirements receive sufficient attention.
- To prioritize and schedule penetration testing performed by application security team. To challenge the results and ensure remediation options are appropriate and implemented in a timely manner.
- To provide expertise on discovered vulnerabilities and to mediate / arbitrate disputes between developers and an offshore security testing teams
- To drive, track, and assist application development teams comply with the Application Security baseline. Work with development and application security teams on subjects such as strong authentication, encryption, data protection / leakage, etc.
- To strengthen development practices and improve overall development security through the highlighting of good practices and development methodologies.
Adlam Consulting operates as an Employment Agency & an Employment Business Applicants must be eligible to work in the specified location