23 oct
SOS Trabajo
Bogotá
Responsible for analysis, design, and implementation coordination for tool and service designs within the cloud security & identity domain. Securing software built and maintained by Popular. Work closely with in-house software development teams and vendors/third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications.
In addition to securing software, will be expected to understand cloud computing principles, including virtualization, containerization, microservices, and serverless computing. Risk management, security, container security, Kubernetes security, IAM security, network security, encryption, secrets management,
data protection & securing CI/CD. It's key to maintain industry and cyber knowledge to optimize and align Popular's application security processes and systems throughout the Software Development Lifecycle.
Essential Duties and Responsibilities
- Complete hands-on experience with Terraform, Packer, Ansible, Json for hardening images and CI/CD pipelines.
- Deep knowledge of securing APIs and Microservices platform.
- Hands-on experience with IAM Policy as code; OPA (Open Policy Agent); Cedar AWS open-source policy agent.
- Expertise in Dev-Ops, CI/CD, and full life cycle management.
- Experience working in DevSecOps, including knowledge and experience enforcing a secure software development lifecycle (Github, Gitlab, Jenkins, Ansible, Chef, Puppet).
- Experience using scripting languages (Python, Powershell, Bash, etc.) to parse machine-generated data, interact with REST APIs, and automate repetitive tasks.
- Identify solutions for common security problems while participating as a security specialist in an agile Application Security team.
- Work on security reviews, building relationships with software architects, developers, and engineers.
- Design and develop accelerators, security APIs, pipeline security automation.
- Develop and embed secure design patterns, coding standards, education, and culture into the development community.
- Build, deploy, and automate comprehensive application security testing capabilities.
- Application security assessments, including code reviews, architecture reviews, threat modeling, and penetration testing.
- Act as an advocate and resource for secure software development and application security practices in all application life cycle phases.
- Promote API security design principles and perform API security reviews.
- Assist in cyber incident triage, including determining scope, urgency, and potential impact, identifying the application code's specific vulnerability.
Make recommendations that enable expeditious remediation. Education Bachelor's degree in computer science, computer engineering, information systems, software engineering, or related field. Experience
- 5 years of experience working in security aspects of software engineering in a complex technology environment.
Certifications and Licenses The following Certifications and Licenses are preferred but not required:
- CISSP, CISM, and AWS.
Knowledge, Skills, and Abilities (KSA'S)
- Strong business acumen:
ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests.
Ability to conduct analysis on work procedures, business results, and recommend changes to improve the effectiveness of the business's management.
- Strong technical acumen: knowledge of Information Security and Information Technology concepts.
Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
- Communication skills: effectively interact with internal and external stakeholders.
Ability to foster trusting relationships with colleagues and clients. Highly developed written and verbal communication skills, strong ability to communicate ideas (storytelling). Present numerical data effectively.
Superior communication and interpersonal skills. Excellent report-writing and presentation skills. Polished in preparing presentations, summaries, and reports for all audiences.
- Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments.
Collects, researches, and complements data; synthesizes complex or diverse information. Demonstrates attention to detail; applies design principles; generates creative solutions. Strong quantitative, research, and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.
- Problem Solving:
Identifies and resolves problems in a timely manner; develops alternative solutions.
- Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly.
Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Knowledge on project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management, and status reports. Must demonstrate leadership, logic, and reasoning skills.
- Operational/Regulations Processes: Knowledge on budget administration, resources allocation, organizations policies, and regulations.
Ability to establish,
conduct, and track operational processes properly.
- Computer and Technological Skills: Proficient in MS Office 365.
Experience with data management tools such as Power Pivot, Power BI, among others is desired. Ability to achieve results by providing innovative ways of working with operational and technological considerations. Knowledge of computer flow charts and programming logic and codes. #J-18808-Ljbffr
IT
▶️ Aplica ya! Cloud Security incidents Engineer
🖊️ SOS Trabajo
📍 Bogotá