המקום בו המומחים והחברות הטובות ביותר נפגשים
In this role, you will:
Design, develop and maintain the Security posture of the enterprise level application/s
Work with various development process tools including threat modeling, compliance, test automation, and vulnerability technologies
Responsible for partnering and providing security advisory services to product managers and Senior Management to ensure that applications that we develop are secure and meet the healthcare objectives
Provide technical and process expertise for Privacy & Security throughout activity life cycle.
Conduct or support conduct of, security risk assessments, risk gap analyses and remediation plan development
Security Compliance maintenance and assurance
Promote design-in of security to products, platforms, services and processes
Manage the security vulnerabilities and risks across different applications including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure) and facilitate vulnerability mitigation
Develop and support conduct of training and awareness initiatives in the areas of privacy and security
Preparation of business cases for the implementation of control and compliance programs
Support formulation of data security / privacy related proposal text and RFP response
Managing adaptation and implementation of security and privacy programs in a complex, technology-oriented organization
Identify business needs and/or customer sensitivities in the realms of security, risk, and compliance and develop solutions or services around those needs
Coach and mentor engineering / DevOps teams to evaluate security tools, develop proof-of-concepts, and integrate tools into the DevOps pipeline
Coach and mentor secure design, coding and testing initiatives
Manages the design, development, implementation, and operations of all security technologies for business unit's information security functions
Responsible for interpreting privacy and security regulatory guidelines from different countries and guiding the organization on implementation for meeting
Communicate in a concise and effective manner changes to be implemented to the organization
Create / Review documentation for conformance to a set of privacy and security requirements
Qualification & Experience:
Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with 12+ years of development and security experience which includes application security, mobile security, network security, OS security, Cloud Security, IoT Security
Desired Skills:
Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
Experience in designing security solutions and threat modeling
Experience in Security tooling and ideation of tools which eases Pen Test/Product Security needs
Hands-on experience in review of Static Code Analysis reports and ability to discuss with development teams for true positives.
Hands-on experience in review of Software Component Analysis reports and ability to discuss with development teams for true positives.
Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).
Experience and knowledge of penetration testing methodologies and tools.
Conducting information security analyses, audits, and reviews
Experience in Automation of pen test scenarios using Python or any other languages.
Willingness to learn new technologies and work on security for varied products.
Experience with Mitre and NIST Frameworks
Solid security expertise in Containers, Kubernetes, Cloud Native Solutions and should be able to guide team in security solutioning and Pen Testing
Should have experience in transforming DevOps to DevSecOps with exposure to tools, processes, governance
Should guide junior members in team in Pen Testing, Vulnerability Assessment, Tooling, Security Solutioning
Mandatory to have atleast one security certifications like OSCP/CCSP/CISSP
Experience of Information security assessment in healthcare sector/ IoT / Embedded Security
Experience with NIST 800-53, CIS/STIG OS and container benchmarks
Ideal candidate would have worked on the software development initially and then graduated in to either -Software/Lead/security assessments ensuring security in the product design
Knowledge of information system architecture and security controls (e.g., firewall and border router configurations, wireless architectures, specialized appliances)
Sound implementation Knowledge of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
Inclusion and Diversity
Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support
משרות נוספות שיכולות לעניין אותך