WHAT YOU WILL DO WITH US:
- Research, identify, report and analyze and triage vulnerabilities that could affect Ivalua’s Platform and its supporting infrastructure, and determine its severity, exploitability and corrective action recommendations, summarizing and reporting results.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to identify and communicate security vulnerabilities to the R&D and project teams
- Perform code reviews and manual pentesting of the application to detect security vulnerabilities
- Maintain and report progress on the state of application vulnerabilities and escalate as necessary to ensure vulnerability issues are closed and handled in a manner consistent with Ivalua standards
- Work closely with the business, support and R&D teams to provide input and guidance on development of planned remediation plans and strategies to solve identified vulnerabilities
- Collaborate with R&D teams to evolve software assurance processes to address security risks, and help teams learn and adopt shift-security-to-left practices.
- Drive compliance support and improvements over time through the management/coordination, analysis and tracking of vulnerabilities discovered through customer, internal or external audits, products or collaborations.
- Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design.
- Improve and automate cybersecurity processes and solutions for application vulnerability reviews and testing activities including those within the CI/CD pipelines.
- Deliver training and documentation on Security Development Lifecycle to engineering/development teams
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
- 2 + years’ hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps).
- 3+ years expertise in performing various security audits in web applications (pentests, code reviews)
- Coding Experience in Scripting & programming languages (such as C++, .NET, SQL, etc.)
- Experience with the most common security tools (BurpSuite, SQLMap, Hydra etc.)
- Experience using Agile software development
- Experience implementing, managing, and supporting a vulnerability management program (process and technology).
- Experience and knowledge of implementing or operating a DevSecOps ecosystem and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs.
- Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation.
- Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.
- An Information Security qualiﬁcation or evidence of starting to work towards e.g CSSLP – Certiﬁed Secure Software Lifecycle Professional, CEH - Certified Ethical Hacker, OSCP - Offensive Security Certified Professional , or similar certiﬁcation.
- Ability to think critically, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask
- Team player attitude
- Good capacity to handle pressure
- Ability to prioritize, work under pressure and meet deadlines
- Excellent problem-solving skills
- Communicate clearly and concisely with others, orally and in writing
- Detail-oriented and organized, able to pay attention to procedures and create proper documentation
WHAT WE CAN DO FOR YOU:
- An innovative and stimulating work environment
- Great training and career development
- You will work with a diverse and global team made up of exceptionally passionate, talented and motivated colleagues who are established leaders in their field
- Regular social events, team sports or musical activities (under normal conditions)
- We pride ourselves in customer experience, Agility, Pragmatism, Positive attitude and enthusiasm, Team play, Continuous learning and Improvement and accountability