Principal, Security Implementation Lead
Summary
As a Principal, Security Implementation Lead you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities with respect to The OCC environment.
You would be a good candidate for this role if you like:
- Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
- Work very closely with other product owners and development leads of other scrum teams to influence and prioritize security remediation effort for delivery
- Manage the security vulnerabilities across the enterprise for Open Source Libraries and track the remediation plan for identification to closure across different teams
- Report to senior management on status, next steps, risks, dependencies
- Learning about new technologies and their secure implementation and build remediation strategy for open source libraries
- Capturing security vulnerabilities, building remediation, and assisting product teams to remediate these.
- Researching problems and solving the root cause instead of just the current symptoms
- Sharing your knowledge with others
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
- Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
- Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
- Report to senior management on status, next steps, risks, dependencies
- Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
- Interacting with project teams to seek implementation and completion of security requirements
- Documenting processes based on established guidelines
- Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
- Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
- Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
- Other job-related duties as assigned.
Supervisory Responsibilities:
Qualifications:
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
- Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
- Understanding of Kanban and/or Agile methodologies.
- Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
- Self-starter – takes the initiative to research, learn and deliver. Anticipates the play.
- Team player – humble, collaborative, and focused on making sure the entire team succeeds.
- Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
- Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
- Ability to follow established processes
- Ability to juggle several high visibility projects
- Ability to read code in mainstream programming languages such as Python, C#, Java
Technical Skills:
- Knowledge and experience with Security scanning tools such as Black Duck and Veracode
- Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
- Knowledge of Product Owner role. Product Owner certification is a plus.
- Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
- Certification of some type of Project / Program management is a plus.
- A total experience in technology and security landscape for 11 to 15 years is required.
Education and/or Experience:
- Bachelor’s or Master’s Degrees in Computer Science, Information Systems or other related field. Or equivalent work experience.
Certificates or Licenses: