Application Security Consultant

Role overview:

Working for a global System Integrator (SI), we are looking for a candidate with areas of expertise in Application Security, working in Agile teams and having good communication skills to bridge the technical and business stakeholders around a risk based conversation for the client. Needs to be a self-starter and able to take the initiative on addressing the challenges of building the appropriate security controls in the applications whilst keeping the approach pragmatic from a risk perspective.

Key Responsibilities:

Product Management

• Manages aspects of the product lifecycle enabling the product to meet the needs of customers/users and achieve financial or other targets.
• Acts as product owner for one or more lower-value products or services; prioritises product requirements and owns a product backlog.
• Analyses market and/or user research, feedback, expert opinion and usage data to understand needs and opportunities.

Change Management & Release Management

• Assesses, analyses, develops, documents and implements changes based on requests for change.
• Assesses and analyses release components.
• Provides input to scheduling. Carries out the builds and tests in coordination with testers and component specialists maintaining and administering the tools and methods – manual or automatic – and ensuring, where possible, information exchange with configuration management.
• Ensures release processes and procedures are maintained.

Business& Requirement Analysis

• Investigates operational requirements, problems, and opportunities, seeking effective business solutions through improvements in automated and non-automated components of new or changed processes.
• Assists in the analysis of stakeholder objectives, and the underlying issues arising from investigations into business requirements and problems, and identifies options for consideration.
• Works with stakeholders, to identify potential benefits and available options for consideration, and in defining acceptance tests.
• Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.
• Contributes to selection of the requirements approach for projects, selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.
• Defines and manages scoping, requirements definition and prioritisation activities for initiatives of medium size and complexity.
• Facilitates input from stakeholders, provides constructive challenge and enables effectiveprioritisation of requirements. Reviews requirements for errors and omissions.
• Establishes the requirements base-lines, obtains formal agreement to requirements, and ensures traceability to source.
• Investigates, manages, and applies authorised requests for changes to base-lined requirements, in line with change management policy.

Key Skills:

• Experience in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.
• Strong understanding of enterprise-level information systems and technology architectures, expertise in network security, cryptography, virtualization, cloud security concerns.
• A solid understanding of ISO2700X, PCI-DSS, ITIL is a must.
• Technically aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models.
• Ability to provide a clear framework for performance to direct reports or to project teams
• Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
• Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
• Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
• Ability to work in a fast-paced environment with different international cultures.
• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
• Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
• Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.

Technical Experience / Qualification:

• 8+ years of progressive work experience in at least three of the following domains: Security and Risk Management; Asset Security; Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; Software Development Security.
• 3-5 years of experience in managing a team
• CISSP, CISM or similar certification desired
• CISSP-ISSAP, OSCP, TOGAF Certified, SABSA Chartered Security Architect Certifications, CCSP, AWS Certified Solutions Architect certifications are a plus
• Strong knowledge of Cloud, CI/CD Pipeline Components
• Expertise in the deconstruction of application stacks associated with bare-metal, SaaS, and PaaS architectures
• Understanding of how to detect and remedy security issues associated with OWASP Top 10
• A track record in systems integration, solutions modelling, services design is desired.

Further info:

• Competitive Basic / day rate
• Germany

To apply:

Please either register your CV and complete the information fields requested or send your CV to referencing LCL112 and your current salary

#J-18808-Ljbffr