Secure SDLC & Security Engineer

 In

Güvenlik
Ankara, İstanbul
Posted 1 sene ago

The position in a nutshell

We are looking for a Senior Secure SDLC & Security Engineer, will be about maintaining and improving Secure SDLC processes of different development teams. The candidate will work closely with development teams to ensure all applications are built according to Secure SDLC process from day one and follow best practices. Ideally you will have a solid security background and development skills. Your ability to keep up to date on all new security challenges and work with our teams to develop protection SDLC processes is key.

Key Responsibilities

  • Code review different applications from security perspective and provide feedback to development teams
  • Review/Approve/Validate SSDLC Compliance
  • Identify and Coordinate role-based training programs with various development teams
  • Review, tune, and set policies within static and dynamic security analysis tools
  • Working closely with development teams to build threat models
  • Improve software security guidance including role-based training programs, training material, best practices, secure coding checklists, guidelines, reusable code/libraries etc.
  • Automate security testing at scale by implementing tools
  • Participate in setting up, configuring and maintaining security tools on CI/CD infrastructure

Qualifications & Experience

  • Bachelor’s Degree in Computer Engineering or a related technical discipline, or the equivalent combination of education
  • Minimum 6 years of experience in Software Development and/or Security related positions
  • Programming experience with at least one object-oriented modern language
  • Stays current with latest cyber security threats and vulnerabilities
  • Strong understanding of common networking protocols (e.g. TCP/IP, Ethernet, DNS, HTTP, TLS)
  • Strong knowledge of Threat modeling, MS SDL, OWASP, common DAST and SAST tools and SSDLC process
  • Understand the SSDLC policies/procedures/templates and coach development teams to use the correct templates/SSDLC processes
  • Core experience and knowledge in application and infrastructure security testing
  • Experience with modern static and dynamic security testing tools
  • Experience in setting up and maintaining CI/CD processes using tools like Git, GitlabCI, Jenkins, etc.

Nice to have

  • Holding an Offensive Security/ CISSP or DevOps related Certificate
  • Familiarity with Nutanix or KVM virtualization technologies
  • Familiarity with web application frameworks, API and micro services

Job Features

Job CategoryMühendislik

Apply Online

A valid email address is required.