• Provide design and best practices in building secure DFINITY Infrastructure
• Execute audit against the distributed system, including CI/CD, staging, and production environments (when Production is ready)
• Develop security tools e.g. automating key rotations, auto-recovery
• Be a security ambassador for the Infra, IT and data center teams
• Creates DFINITY bug bounty program i.e. (bugcrowd, hackerone, etc.) 
• Manage and support 3rd party and internal pen test teams i.e. (NCC Group, Bishopfox, etc.)
• Conduct and manage testing and whitehat efforts
• Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. 
• Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors.
• Improve system security with vulnerability monitoring and intrusion detection systems

Skills: Infrastructure Security Design, Auditing Distributed Systems, Security Tool Development, Security Ambassadorship, Bug Bounty Program Creation, Penetration Testing Management, Testing and White Hat Efforts, Code Review and Analysis

• Conduct ongoing security analysis of IT architecture and designs, facilitate and perform various security tests and reviews of code, products, services and infrastructure (DFINITY data centers).
• Guide software development teams through the Security Development Lifecycle (SDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems.
• Extend to providing input on application design, secure coding practices, log forensics, log design, and application code security.
• Support and manage product security process activities including threat and attack tree modelling, security requirements definition with research team, and develop cyber test planning and penetration testing.
• Collaborate with engineering/development teams to evolve SW assurance process to address security risks, identify and eliminate bugs that may have been missed in the review process.
• Use Everything-As-Code methodologies to ensure traceability, configurability, immutability, repeatability, and governability.
• Implement automation for repeatable software assurance tasks, maintain and optimize cyber security test suites, and proactively work to reduce manual SwA activities.
• Identify appropriate hardware and software design changes to deliver cyber secure systems and assist IT, datacenter, Infra and product teams to quantify residual product cyber risk.
• Identify cyber threats and help IT, datacenter, Infra and product teams design, deliver and deploy secure systems.
• Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.

Skills: Security Analysis, Security Testing, Security Development Lifecycle (SDL), Application Security, Product Security Management, Collaboration and Communication, Automation and Everything-As-Code (EAC), Cyber Threat Identification

• Expertise in large-scale application security design and implementation across key pillars of Secure SDLC-Initiation, Acquisition, Design/ Development, Implementation, and Operation / Maintenance and Disposal.
• Security-by-Design approach to secure/govern secure software development activities that seeks to minimize systems vulnerabilities and reduce the attack surface through designing and building robust application security architecture.
• Expertise to identify security vulnerabilities and misconfigurations of systems and validate mitigation procedure
• Co-work with developers to identify the right set of application security tools to reduce cost, while improving security posture through proven methods and techniques
• Co-work with System architects during the critical phases such as Security Planning and Risk Assessment, Critical Security Design Review, System Security Acceptance Testing, and Pen-Test.
• Documentation of important application security aspects throughout the lifecycle of the system, ensuring that security was fully considered during all phases
• Co-work with Solution Architect team to recommend / Govern the critical application security milestones such as review Security Architecture and Control, Source code review, Pentest and Continuous Monitoring
• Be part of product life cycle in order to verify high security standards for both the application and the infrastructure
• Review product and architectural design documents, perform threat modeling, define safeguards and security requirements
• Act as a technical focal point in the cloud and workload security domains
• Develop security controls and processes for products developed and deployed in cloud environments.
• Introduce new solutions in cloud and workload security
• Work alongside architects, developers, system administrators and other tech leads in the company

Skills: Application Security Design, Security-by-Design Approach, Vulnerability Identification and Mitigation, Collaboration with Developers, Collaboration with System Architects, Documentation and Lifecycle Management, Recommendation and Governance, Cloud Security Expertise.

• Provide security advisory services to business and engineering teams related to system design, engineering, and implementation
• Promoting the protection, integrity and confidentiality of customer, vendor, employee, and business data in compliance with organization policies and applicable regulations/laws
• Ensure solutions are aligned effectively with Mission Lane’s evolving security direction and posture while acting as a security subject matter expert
• Analyze detailed design components as well as high-level architectural plans, contributing to decisions within the Cloud based on policy guidelines and security best practices
• Responsible for assessing, deploying, configuring, and maintaining configuration baselines within the AWS and GCP cloud environment. Including setting up and managing access to cloud resources.
• Responsible for leading and directing security implementation throughout the system development lifecycle across the complete stack (i.e. data, network, transport, session, presentation, and application)
• Manage the engagement of security in the development lifecycle, including working with technology architecture team to ensure systems and products are designed in a secure way
• Manage vulnerabilities in the development CI/CD lifecycle including designing and implementing policies
• Validate remediation of security issues and vulnerabilities in the CI/CD lifecycle
• Be knowledgeable about potential vulnerabilities of cloud environment and container deployment systems
• Collaborate across multiple teams to strategically translate security requirements to the Cloud environment
• Collaborate with Engineering to launch the Architecture Review Board to manage the strategy for assets and architecture for the company including managing the asset inventory process
• Manage and implement a privileged access tool

Skills: Security Advisory Services, Data Protection Compliance, Security Expertise, Cloud Security, Configuration Management, Security Implementation Leadership, Secure Development Lifecycle (SDLC), Vulnerability Management

• Provide high-quality documentation of processes and guidelines, developing artifacts that depict the security gaps and corresponding recommendations for security solutions
• Collaborate with DevSecOps to develop automated security validation and control automation
• Document the security architecture and architectural decisions related to security
• Stay abreast of security trends and new technologies that will enhance Mission Lane’s current and future data security architecture including industry threat intelligence resources (FS-ISAC, etc)
• Develop and publish metrics and dashboards demonstrating security posture and event activity
• Facilitate the design of configuration baselines and identify gaps and create detailed recommendations
• Create and advocate security awareness education to facilitate the prevention of security issues and vulnerabilities and ensure secure coding practices are followed
• Advise and contribute to the development of security policy and procedures
• Support the company’s commitment to protect the integrity and confidentiality of systems and data
• Be action-oriented, and take ownership of outstanding items and ensure delivery
• Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement. 
• Apply those learnings to design and implement solutions

Skills: Documentation Skills, Automation Skills, Security Architecture Expertise, Continuous Learning, Metric Development, Gap Analysis and Recommendations, Security Awareness Education, Policy Development

• Contact and senior expert for security-related topics for the RandD division.
• Master existing security products, and improve and identify opportunities to enhance defense capabilities.
• Develop and maintain the security and privacy architecture and control standards
• Lead security remediation risk-based program
• Integrate with existing agile processes and incorporate cyber security gates and controls inherently in product development processes
• Maintain the balance between security and operational efficiencies
• Have and maintain expert knowledge of Infosec industry trends and developments and advise the CISO on changes to the threat landscape
• Identify and propose improvements to the organization’s security posture
• Lead and coordinate Security Audits for on-going projects from Architecture, Process, Risk and Testing etc
• Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development
• Perform Application Security Trainings for Development Teams
• Contribute to building Secure Architecture and Design for the projects
• Communicate with customers and teams, be able to convey the message about the importance of Secure Software development Life Cycle, the ways of establishing it
• Cooperate with all sub-teams BAs, Developers, Qas to build a consistent understanding of Security Requirements, main Threats, Mitigations implemented
• Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers

Skills: Mastering Security Products, Security Architecture and Control Standards, Risk-Based Security Remediation, Agile Integration, Threat Landscape Awareness, Security Posture Improvement, Security Audit Coordination, SDLC Integration

• Provide guidance on application security architecture, DevSecOps best practices and solutions to help business units to build and deliver solutions that meet CGI security requirements
• Develop threat models and maturity assessments that can be used to integrate CGI security requirements into projects and operations
• Create an application security observability framework to enable greater GSOC visibility by identifying best practices for logging within common application architectures
• Define and conduct application security threat and risk assessments with methodology for all deployed solutions with ability to integrate into development pipelines
• Conduct Secure SDLC workshops and working groups to facilitate a globally consistent set of security baselines for application security
• Advocate for AppSec and DevSecOps from research conducted into modern threats and new technologies such containerization and serverless computing
• Liaise with other security architects and global business units to communicate CGI security practices and processes
• Support identification, training, and partnership with champions for security across CGI to build a security first culture
• Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
• Support development of training related to application security, security architecture, threat modeling, and secure coding

Skills: Application Security Architecture, DevSecOps Best Practices, Threat Modeling and Risk Assessment, Application Security Observability, Secure Software Development Lifecycle (SDLC), Advocacy and Communication, Collaboration and Liaison, Training and Mentorship

• Provide design and best practices in building secure DFINITY Infrastructure
• Execute audit against distributed system, including CI/CD, staging and production environments (when Production is ready)
• Develop security tools e.g. automating key rotations, auto-recovery
• Be a security ambassador for the Infra, IT and datacenter teams
• Creates DFINITY bug bounty program i.e. (bugcrowd, hackerone, etc.)
• Manage and support 3rd party and internal pen test teams i.e. (NCC Group, Bishopfox, etc.)
• Conduct and manage testing and whitehat efforts
• Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. 
• Reviews of in-house developed code, as well as review of technologies provided by third party vendors.
• Improve system security with vulnerability monitoring and intrusion detection systems

Skills: Infrastructure Design and Best Practices, Auditing Distributed Systems, Security Tool Development, Security Advocacy, Bug Bounty Program Management, Penetration Testing Management, Testing and White Hat Efforts, Technical Analysis and Code Review, System Security Improvement

• Conduct ongoing security analysis of IT architecture and designs, facilitate and perform various security tests and reviews of code, products, services and infrastructure (DFINITY data centers).
• Guide software development teams through the Security Development Lifecycle (SDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems.
• Extend to providing input on application design, secure coding practices, log forensics, log design, and application code security.
• Support and manage product security process activities including threat and attack tree modelling, security requirements definition with research team, and develop cyber test planning and penetration testing.
• Collaborate with engineering/development teams to evolve SW assurance process to address security risks, identify and eliminate bugs that may have been missed in the review process.
• Use Everything-As-Code methodologies to ensure traceability, configurability, immutability, repeatability, and governability.
• Implement automation for repeatable software assurance tasks, maintain and optimize cyber security test suites, and proactively work to reduce manual SwA activities.
• Identify appropriate hardware and software design changes to deliver cyber secure systems and assist IT, datacenter, Infra and product teams to quantify residual product cyber risk.
• Identify cyber threats and help IT, datacenter, Infra and product teams design, deliver and deploy secure systems.
• Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.

Skills: Security Analysis and Testing, Security Development Lifecycle (SDL), Application Security Expertise, Threat Modeling and Security Requirements Definition, Collaboration and Communication, Automation and Everything-As-Code Methodologies, Cybersecurity Metrics and Continuous Improvement, Hardware and Software Design Changes for Cybersecurity.

• Conduct security design reviews and threat modeling to existing and new software products and features developed internally, as well as for different 3 rd party and open source technologies.
• Provide vulnerability remediation guidance and mentoring to product development software engineers.
• Drive security solution design for the security architecture framework (e.g., credential management, access provisioning, authentication and authorization, data security, network security, application security, infrastructure security, security monitoring, and operations security)
• Define and evangelize application security best practices.
• Deliver system security architecture diagrams and security architecture specifications per security architecture standards.
• Design applications, integrations, and automation to improve security operations and governance.
• Support deployment of automated security tools throughout the development lifecycle.
• Maintain an active understanding of industry practices for secure software development and incident response.
• Work with different entities in the enterprise to ensure compliance with corporate rules.
• Take an active part in the company architectural forums and provide the security perspective in new initiatives and projects.
• Explore about relevant regional or information related regulations and there relevancy to the product line.
• Research of new technologies, architectural trends and security practices.
• Training and mentoring peers, Dev and DevOps engineers.

Skills: Security Design Review and Threat Modeling, Vulnerability Remediation Guidance, Security Solution Design, Application Security Best Practices, System Security Architecture, Security Operations Automation, Deployment of Automated Security Tools, Industry Awareness and Compliance

• Advanced understanding of security protocols, cryptography, and security
• Certifications CISM, CISA, ISSAP, ISSEP Considered subject matter expert in the area.
• Strong knowledge of multiple technologies, platforms, and programming languages.
• Solid understanding of Systems Development Life Cycle models.
• Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
• Strong critical thinking, analytical skills and attention to detail
• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments, and provide technical guidance to a security team
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects Intimate knowledge of current and trends with security solutions to be able to integrate with controls and safeguards
• Familiar with emerging technology and the effect on designing security controls, such as Containerization, Artificial Intelligence, Office 365, Robotics, Mobile, Cloud (public, private and hybrid for Infrastructure as a Service (IAAS, Amazon Web Services (AWS) or Microsoft Azure), 
• Platform as a Service (PAAS), Software as a Service (SAAS)
• Understanding of network protocols and ability to develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
• Understand programming language and technologies to write code, complete programming and performs testing and debugging of applications Java/J2EE, C#, API/web services, scripting languages
• Familiar with relational database management system (RDBMS) such as MS SQL Server or Oracle.
• Strong understanding of Cloud and Application Security Best Practices, Azure and O365 experience preferred. 
• Intimate knowledge of current and trends with security solutions to be able to integrate with controls and safeguards
• Strong knowledge of security frameworks including NIST, ISO 27001, CIS, CSA, MITRE ATTandK etc.

Qualifications: BA in Information Security with 5 years of experience

• Experience with Agile software development methodologies and tooling such as Jira and Confluence Experience with DevSecOps Principles and Tooling Expertise with secure coding practices
• Knowledge of common attack scenarios and how to protect against them (i.e. OWASP Top 10)
• Scripting ability in PowerShell, python Strong understanding of at least 1 programming language such as .C#, Java, Python
• Understanding of Threat Modelling and how to identify specific security requirements for a project Knowledge of Azure and 0365 development practices
• Strong knowledge of API development and security practices
• Working on multiple platforms (e.g., Salesforce with third-party applications) and across multiple clouds with multiple security software packages
• Designing application security using security standards such as National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), OAuth2, Security Assertion Markup Language (SAML), Multi Factor Authentication etc.
• Adept skills in developing and implementing SAST, DAST, and/or IAST tooling
• Domain expertise in designing applications and architectures for enterprise systems to secure sensitive information and prevent data leakage
• Good experience working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J, etc.
• Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc)
• Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make software applications demonstrably more secure and robust.
• Good understanding of common information security management standards, frameworks, and laws / regulations e.g. BSIMM, ISO 27001, GDPR, etc.
• Experience of open source security tools and how they could be used in an enterprise

Qualifications: BA in Computer Science with 4 years of experience

• Experience in cyber security or experience as a developer from a cyber-oriented company.
• Relevant security and development certifications (CISM, CISSP, OSCP, CEH) – an advantage.
• Expertise in security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies.
• Strong understanding of security architecture best practices, standards, and frameworks.
• Ability to handle complexity and multitasking
• Ability to work in a fast-paced, rapidly evolving company environment
• Experience working in cloud-based infrastructure and thorough understanding of specific security characteristics.
• Ability to work independently and in a team
• Sense of ownership and pride in performance and its impact on the company’s success
• Strong problem solving and analytical skills
• Fluent English and innovative thinking
• Experience working in a global environment
• Outstanding communication, presentation, and interpersonal skills
• Desire to success, enthusiasm, “can do” approach, and true will to be part of something big

Qualifications: BS in Cybersecurity with 3 years of experience

• Experience testing applications and services on the cloud (AWS preferred)
• Should have good knowledge on compliance offered by cloud providers
• Should be able to pull compliance reports from cloud portals
• Expertise in web application penetration testing and web services (API) penetration testing , mobile application security testing
• Experienced in vulnerability Assessments using Automated Scanners such as Nessus/Qualys and Manual Security Testing Kali Linux / Metasploit and other infrastructure security testing tools
• Experience with application architecture reviews, Threat modelling, Static Code Reviews and cloud security assessments
• Ability to interact with project teams to understand the security requirements and come up with solutions
• Knowledge on OWASP Top 10 and SANS Top 25 and ability to map the vulnerabilities identified against the standards
• Familiarity with web application vulnerability scanners (Acunetix /HP Web Inspect/IBM AppScan etc and with source code analysis tools (Fortify/Checkmarx/Vera code/Klocworks)
• Experience in using manual VAPT tools like Burp suite/ZAP/CSRF Tester etc.

Qualifications:BA in Data Science with 6 years of experience

• Good client interaction and presentation skills
• Experience in Security Pre-Sales and ability to handle a team
• Should be able to train team members in appsec activities
• Application security Architect,Designing,SAST,DAST,
• Good understanding of secure software development lifecycle processes across technologies.
• Differentiate between classic security services and cloud security services
• Ability to communicate with the project teams and explain the vulnerabilities identified
• Understanding of DevSecOps / CI/CD Integration and Agile Security testing methodology
• Knowledge on network architecture reviews would be helpful
• AWS or Azure Security Engineer certification

Qualifications: BS in Software Engineering with 4 years of experience

• Strong of Coding Skills and willing to deep dive into the code
• Experience in Demonstrable experience in Application perimeter defence (Internet facing)
• Experience in Demonstrable experience in mobile and web application vulnerability/security -OWASP top 10,SANS 25,mobile OWASP-10,attacks on REST, Microservices etc.
• Proactive implementation of Security strategy and architecture in addition to high level and low level design for
• Mobile app security, Threat modelling, Micro Services security
• Work with Solution Architect, work with the team and get it implemented
• Must have played the role of a full stack developer
• Experience in Understanding of Security Testing tools - Burpsuite, Blackduck, CHECKMARX already implemented. New tools to be onboard aligning with BP standards to ADO
• Dynamic Analysis - DAST, Static Analysis - SAST
• Understanding Security maturity
• Understanding of Python to showcase boards.

Qualifications: BS in Mathematics with 7 years of experience

• Passion to develop in the field of Security
• Understanding of at least one Security Development methodology (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc)
• Good understanding of Threat Modeling, hands-on experience with at least one Threat Modeling Tool
• Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
• Understanding of security threats classification
• Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.) and how they match the general classification
• Understanding of main security concepts and principles
• Understanding of main areas of protection and levels of defense
• Familiarity with the tools for various security activities Static Code Analysis, Pen Testing, Intrusion Detection/Prevention etc
• Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
• Understanding of mitigation mechanisms for every type of threats
• Familiarity with existing security standards and regulations and experience of requirements implementation
• Understanding of basic principles of infrastructure security and penetration testing
• Ability to use the tools to perform actual attacks

Qualifications: BA in Information Systems with 2 years of experience

• Experience including architecture and software development roles.
• Broad expertise across multiple products and technologies.
• Experience engaging with both technical development teams and non-technical stakeholders.
• Excellent English communication skills, both written and spoken.
• Knowledge of AWS and GCP security frameworks and services.
• Knowledge of VoIP, communications and collaboration applications.
• Security expertise in the application of security concepts and technologies to product architecture and software development.
• Experience with regulatory and industry compliance requirements (e.g. GDPR, PCI, HIPPA, FIPS).
• Professional security certification (e.g. CSSLP).
• Formal and self-directed training is available for technologies, products and security standards.

Qualifications: BS in Computer Engineering with 3 years of experience

• Knowledge of AWS Identity and Access Management service to ensure only the right privileges are permitted
• Experience with Service Mesh and building Envoy proxies with security policies
• Knowledge of AWS Security Hub and Control Tower 
• Knowledge of network security 
• Experience in IAM, Application Security, Cloud Platform Security, Cyber Defense / Cyber Security, GRC, Data Privacy and Protection
• Ability to build and maintain mainstream security systems on cloud platforms, including but not limited to user operation audit systems, security event alert systems
• Experience with defensive technologies and can use WAF, network firewall and other components to block attacks
• Skills in intrusion detection, event tracing, log analysis, and big data threat detection
• Linux functional script coding capabilities, such as Shell, Python, etc.
• Experience working with Jenkins, Kafka, ELK, AWS Cloud, Kubernetes, Docker, EC2, EKS, Azure, Harbor, Vault, MySQL, Gitlab, MongoDB, CA Layer7

Qualifications: BA in Network Security with 1 year of experience

• Responsible for Security architecture  and progressive information security experience across various information security/information technology risk management domains
• IT experience (including hands-on knowledge of network and distributed systems) and a sound understanding of networking concepts
• Performing risk assessments including experience with SAST/DAST/IAST tools, Vulnerability Remediation, Controls Mapping, Audit Protocols, Applications, Databases, Virtual Networks, Servers, Domains, SaaS, Cloud, Encryption, Firewalls, DLP, IAM Solutions, and security testing. 
• Some experience with IAST and RASP tools
• Experience coordinating third party penetration testing and working with development teams and product teams to drive remediation of findings. 
• Some experience performing penetration testing is preferred.
• Experience implementing security tools (i.e. Kenna, Qualys, Palo Alto Twistlock, Checkmarx (SAST), Acunetix (DAST), Contrast (RAST), Black duck (SCA)) and integrating them with workflow and development platforms (i.e. Jira, Jenkins, etc.).
• Experience implementing application security best practices in public cloud environments (GCP/AWS/Azure) in alignment with ISO 27k, CSA, ISF, NIST, OWASP, SANS and CIS top 20 compliance.
• Strong experience in public cloud solutions, services and practices including containers PaaS, IaaS, and SaaS products and services.
• Understanding of network design principles with and knowledge of virtualized environments and implementation of security controls in a virtual infrastructure.
• IWork with development teams to ensure that an appropriate assessment of security risks is performed. 
• A mix of technical capabilities as well as the know-how to provide security oversight for complex applications and articulate security concepts to developers
• Strong communication and presentation skills. Ability to present complex compliance issues in an easy-to-understand manner for executive management.

Qualifications: BS in Information Technology with 10 years of experience