Security Engineer
Security Engineers will play a key role in implementing and championing client’sSecurity By Design agenda, to minimise application security risks and avoid security deployment errors. Security Engineers will implement security architecture blueprints / patterns and standards and secure engineering principles, and will oversee and support the implementation of secure coding and development practices throughout SuperTribes.
Key Responsibilities
- Champions Security by Design in Engineering
- Develops and maintains own supertribe’s secure coding standards
- Implements security architectures, design principles, best practice security engineering methods
- Works with other developers / engineers to ensure security is built into active development design; establishing security requirements, completing and reviewing threat models
- Performs security testing and validation to create and maintain secure products and cloud solutions
- Self-assesses and manages operational conformity
- Provides security design advice to commercial and product teams, ensuring that security requirements are established for the development of new and enhanced services.
Key Skills Required
- Strong technical background, with a firm understanding of enterprise systems
- Good understanding of SDLC and modern development methodologies
- Strong knowledge and experience of relevant coding language/s
- Good cryptography implementation expertise
- Working knowledge of common security architectures (e.g. TOGAF, SABSA, OSA) and security architecture standards
- In depth understanding of security threats, attack patterns, common and emerging security vulnerabilities and how they manifest themselves in different types of environments and applications
- Strong knowledge of OWASP Top 10, NIST/ CSC, CIS, SANS Top 25 etc.
- Understands the legal and regulatory environment within which the business operates and has knowledge of relevant security related legal and regulatory requirements
- Threat modelling experience
- Strong communication skills
- Basic knowledge of information security risk management methodologies and best practices.
Person Specification
- Inquisitive mind, critical thinker, excellent problem solving skills
- Strong attention to detail
- Tenacious nature, works well under pressure
- Is practical, able to apply theoretical / academic principles in a practical, consumable manner
- Fast learner – committed to continual learning, willing to expand skill set and rapidly understand new technologies
- Creative and pragmatic, always seeking to achieve the best achievable outcome
- Works in a collaborative way, respects the views and ideas of others
- Works in a straight-forward and inclusive way and is non-political
- Is tenacious, in the pursuit to delight our users.
- Strives for excellence in all they do and always look to improve our service and product
- Regularly seeks to turn ideas into action and injects creativity into every touch point
- Questions common practice to challenge the norm
- Has a can-do attitude and a positive viewpoint
- Takes ownership and always delivers against what is agreed.
Qualifications
And Experience
- High level information security, engineering and architecture knowledge and experience (5+ years)
- Relevant security architecture professional qualification, such as CRISC, CSX-P, SCP, CAP, CCSLP or other equivalent qualification
- Membership relevant professional body / industry group
- Previous experience of secure engineering and testing.
