17 oct
SOS Trabajo
Bogotá
Responsible for analysis, design, and implementationcoordination for tool and service designs within the cloud security& identity domain.
Securing software built and maintained byPopular. Work closely with in-house software development teams andvendors / third-party organizations to ensure that security, privacy,and compliance requirements are planned for, designed, and builtinto software applications.
In addition to securing software, willbe expected to understand cloud computing principles, includingvirtualization, containerization, microservices, and serverlesscomputing.
Risk management, security, container security,Kubernetes security, IAM security, network security, encryption,secrets management, data protection & securing CI / CD.
It's keyto maintain industry and cyber knowledge to optimize and alignPopular's application security processes and systems throughout theSoftware Development Lifecycle.
Essential Duties andResponsibilities - Complete hands-on experience with Terraform,Packer, Ansible, Json for hardening images and CI / CD pipelines.
Deep knowledge of securing APIs and Microservices platform. -Hands-on experience with IAM Policy as code; OPA (Open PolicyAgent);
Cedar AWS open-source policy agent. - Expertise in Dev-Ops,CI / CD, and full life cycle management. - Experience working inDevSecOps, including knowledge and experience enforcing a securesoftware development lifecycle (Github, Gitlab, Jenkins, Ansible,Chef, Puppet).
- Experience using scripting languages (Python,Powershell, Bash, etc.) to parse machine-generated data, interactwith REST APIs, and automate repetitive tasks.
- Identify solutionsfor common security problems while participating as a securityspecialist in an agile Application Security team.
- Work onsecurity reviews,
building relationships with software architects,developers, and engineers. - Design and develop accelerators,security APIs, pipeline security automation.
- Develop and embedsecure design patterns, coding standards, education, and cultureinto the development community. - Build, deploy, and automatecomprehensive application security testing capabilities.
- Application security assessments, including code reviews,architecture reviews, threat modeling, and penetration testing.
- Act as an advocate and resource for secure software development andapplication security practices in all application life cyclephases.
- Promote API security design principles and perform APIsecurity reviews. - Assist in cyber incident triage, includingdetermining scope, urgency, and potential impact,
identifying theapplication code's specific vulnerability.
Make recommendationsthat enable expeditious remediation. Education Bachelor's degree incomputer science, computer engineering, information systems,software engineering, or related field.
Experience - 5 years ofexperience working in security aspects of software engineering in acomplex technology environment.
Certifications and Licenses Thefollowing Certifications and Licenses are preferred but notrequired : - CISSP, CISM, and AWS.
Knowledge, Skills, and Abilities(KSA'S) - Strong business acumen : ability to understand the needsand concerns of business stakeholders and colleagues and respondpromptly and effectively to stakeholder requests.
Ability toconduct analysis on work procedures, business results,
andrecommend changes to improve the effectiveness of the business'smanagement.
Strong technical acumen : knowledge of InformationSecurity and Information Technology concepts. Ability to writetechnical instructions using programs and technology.
Robustknowledge of applicable local and federal laws, regulations, andguidelines. - Communication skills : effectively interact withinternal and external stakeholders.
Ability to foster trustingrelationships with colleagues and clients. Highly developed writtenand verbal communication skills, strong ability to communicateideas (storytelling).
Present numerical data effectively. Superiorcommunication and interpersonal skills. Excellent report-writingand presentation skills.
Polished in preparing presentations,summaries, and reports for all audiences.
- Analytical skills : Stays focused on main issues, prevents irrelevant issues ordistractions from interfering with timely completion ofassignments.
Collects, researches, and complements data;synthesizes complex or diverse information. Demonstrates attentionto detail; applies design principles;
generates creative solutions.Strong quantitative, research, and analytical skills. Experiencewith data analysis, persuasive and informative writing, workloadmanagement, and process management.
Problem Solving : Identifiesand resolves problems in a timely manner; develops alternativesolutions. - Project Management : Ability to prioritize and workwith multiple projects and tasks with minimum supervision;
self-direct and task switch between strategic and tacticalinitiatives regularly.
Capacity to achieve results according toplan ensuring the expected quality.
Excellent organization capacityto define priorities, meet deadlines, and flexible to change.Knowledge on project coordination, identification of businessneeds, work plan, budget control, time management, resourceallocation, team management, and status reports.
Must demonstrateleadership, logic, and reasoning skills. - Operational / RegulationsProcesses : Knowledge on budget administration, resourcesallocation, organizations policies, and regulations.
Ability toestablish, conduct, and track operational processes properly. -Computer and Technological Skills : Proficient in MS Office 365.
Experience with data management tools such as Power Pivot, PowerBI, among others is desired. Ability to achieve results byproviding innovative ways of working with operational andtechnological considerations.
Knowledge of computer flow charts andprogramming logic and codes. #J-18808-Ljbffr