Description
Security Engineer - CISSP, Digital
Main Responsibilities:
We are seeking experienced security engineers for penetration-testing and consulting on digital products in an agile environment.
A successful candidate will work within several multi-disciplinary agile teams to deliver a high-quality product.
Everyone in this team will be responsible for quality, however this role will have a stronger focus on continuously improving and applying security vulnerability and penetration testing in line with continuous integration.
You will be required to challenge and propose changes to existing processes where they do not contribute to the rapid delivery of a secure service.
Essential Skills:
- Ability to work closely with development teams to ensure secure coding is baked in to web applications and architecture
- Ability to carry application and infrastructure vulnerability and penetration testing
- Understanding of virtualisation and cloud technologies
- Ability to build automated testing to align with continuous integration
- Understanding of open source technologies, including web development frameworks and infrastructure.
- Security Testing Tools, both manual and automated
- Open Web Application Security Project (OWASP)
Desirable skills
- Crest or CHECK certifications (team leader or team member)
- Certified Ethical Hacker (CEH)
- CISSP or similar familiarity with security architecture
- Worked in Agile environments
- Physical Security
- Social Engineering
- Static program analysis
- Fuzz testing/fuzzing
Key Focus Areas:
- Applying security vulnerability and penetration testing on Digital products developed with Agile methodologies and continuous integration
- Consult with teams to ensure security is built in at all stages of a product's life cycle.