– Design implement and transform the clients development life cycle in line with a developed maturity roadmap focused on reducing enterprise risk through Threat Modeling.
– Design and implement solutions that meet complex requirements and consistently meet client expectations.
– Expertise designing and building security capabilities in scripts and code; and deploying infrastructure in code, always bringing a vision on how to approach a higher level of maturity on Crypto Agility practices and methodology.
– Design, develop, test, implement and advise the customer on various elements of a technical solution.
– Engage in business development and proposal generation activities.
– Understand enterprise security solutions such as WAF, IPS, Anti-DDOS, and SIEM.
– Demonstrated understanding what it means to draw out customer needs and deliver practical outcomes addressing those needs.
– Understanding architectural implications of meeting industry standards such as PCI DSS, ISO 27001, CNSA Suite 2.0 and NIST frameworks.
– Familiarity with SCA, SAST, DAST and IAST tools.
– Strong understanding of application security frameworks (e.g., OWASP Top 10, NIST) and ability to apply them in real-world environments.
– Familiarity with DevSecOps practices, including how security integrates into CI/CD pipelines and secure software development lifecycles (SDLC).
– Knowledge of programming languages (Java, Python, .NET) and a good understanding of common security vulnerabilities like SQL Injection, XSS, CSRF, etc.
– Experience with application security tools (OpenText Fortify, Veracode, Checkmarx, Synopsys or similar solutions).
– Help to create security architecture systems that protect against any exposures or attacks.
– Help to prioritize vulnerabilities patches and cryptograph approaches to ensure higher level of maturity.
– Knowledge of cryptographic primitives and how to use crypto toolkits securely.
– Understanding of systematic encryption, public key encryption, digital signatures and message authentication codes.
– Knowledge of NIST standards and recommendations for classical and post-quantum algorithms.
– Knowledge of public-key and symmetric algorithms (such as AES-256, RSA, ECDSA) and their respective risks and vulnerabilities in post-quantum scenarios.
– Knowledge of hash-based signatures (LMS and XMSS) for software and firmware signing.
– Ability to develop and implement a crypto-agility strategy that allows for a fast and effective transition between cryptographic algorithms as threats and technologies evolve.
– Understanding of the basic concepts of quantum computing, such as superposition and entanglement, and the associated security challenges.
– Experience with network security, encryption of data in transit and at rest, and protection of critical infrastructures.
– Experience in quantum security risk assessment and mitigation planning.