Job Summary:

• Develop security practices leveraging cutting edge technologies
• Implement best practices, standards and a road map for security-by-design
• Create policies, standards and procedures and think and act strategically. 
• Train and mentor other Security and Technology team members
• Work with architects, principal engineers and compliance leaders to ensure we delivery and operate secure applications
• Review application and enhancement designs and code to ensure teams are following security standards and best practices
• Select or design and deliver secure, re-usable application components, services and libraries
• Partner with a cross functional group of subject matter experts to design and execute strategy
• Have the opportunity to be hands-on, working side by side with people to get things done
• Publish Build-To and review the As-Built documentation for current and new security and compliance related design concepts and standards.
• Provide insightful data to guide decision making and offer proactive solutions.
• Stay abreast of trends and advances in application and security solutions and monitor changes that affect information security and compliance.
• Research, design, and advocate new technologies, architectures, and security products that will support security requirements.
• Evaluate and recommend new and emerging security standards, products and technologies.
• Operate a computer and communicate via telephone

Skills on Resume: 

• Expertise in Security Technologies (Hard Skills)
• Security-by-Design Implementation (Hard Skills)
• Policy Development (Hard Skills)
• Team Leadership and Mentorship (Soft Skills)
• Collaboration and Communication (Soft Skills)
• Code Review and Compliance (Hard Skills)
• Component Selection/Design (Hard Skills)
• Strategic Thinking and Decision Making (Soft Skills)

Job Summary:

• Conducts evaluations and testing of application security in all Mathematica systems
• Supports operations of vulnerability management and remediation
• Troubleshoots escalated application security service desk tickets
• Performs incident response and the remediation or mitigation of security incidents
• Explains application vulnerability report items to development staff
• Stays up to date on application security issues
• Creates Threat Models of web applications
• Develops and maintains applications to monitor security of Mathematica systems
• Understands security of applications running on cloud infrastructure (Amazon Web Services (AWS), Azure, or other SaaS or PaaS, etc.)
• Understands CI/CD pipelines like Jenkins and how they fit into a DevSecOps model

Skills on Resume: 

• Application Security Testing (Hard Skills)
• Vulnerability Management and Remediation (Hard Skills)
• Troubleshooting Skills (Hard Skills)
• Incident Response (Hard Skills)
• Communication and Collaboration (Soft Skills)
• Continuous Learning (Soft Skills)
• Threat Modeling (Hard Skills)
• Security Monitoring and Automation (Hard Skills)

Job Summary:

• Drive cloud security engineering conversations representing product teams and aligning with VP of Security and customers
• Actively assess existing product architecture, identifying security issues and prioritizing fixes.
• Engineer and implement new Cloud security tools that tie into a DevSecOps processes.
• Work with governance, compliance, and risk management teams to ensure software products and its AWS or Azure environment consistently meets the compliance requirements for certification.
• Work with the Cloud Operations teams and product teams in the definition and implementation of security standards and best practices.
• Design and build an API Gateway to prevent exposure of functional endpoints
• Integrate the API Gateway to downstream authentication and authorization systems
• Provide a global API Gateway solution and associated runbooks
• Evangelize an API First mentality
• Work with application experts to reimagine the architecture with cloud, security in mind

Skills on Resume: 

• Cloud Security Engineering (Hard Skills)
• Architecture Assessment (Hard Skills)
• DevSecOps Implementation (Hard Skills)
• Compliance and Risk Management (Hard Skills)
• Security Standards and Best Practices (Hard Skills)
• API Gateway Design and Implementation (Hard Skills)
• Authentication and Authorization Integration (Hard Skills)
• Evangelizing API First Mentality (Soft Skills)

Job Summary:

• Assist in breaking down monoliths to microservices
• Integrate secrets management to prevent the exposure of credentials
• Utilize tools such Veracode to promote writing secure code and static analysis
• Design and produce sequence diagrams for user management, authentication, and authorization scenarios
• Implement single-sign-on and multi-factor authentication
• Work with container platform experts to integrate container image scanning
• Improve devops pipeline with automated security testing
• Provide mentorship to other IT engineers, analyst and administrators
• Provide regular status reporting to key stakeholders on the overall cloud security, including plan execution and risk identification, prioritization and triage.
• Assist with build vs buy decisions and how to break down the pros and cons of various options.
• Stay up to date on initiatives across the industry and the enterprises to help leadership effectively prioritize.

Skills on Resume: 

• Microservices Architecture (Hard Skills)
• Secrets Management (Hard Skills)
• Security Code Analysis (Hard Skills)
• Sequence Diagram Design (Hard Skills)
• Authentication and Authorization (Hard Skills)
• Container Security (Hard Skills)
• DevOps Automation (Hard Skills)
• Mentorship and Communication (Soft Skills)

Job Summary:

• Advises IT and Security leaders in evolving Tech Data’s security strategies, technologies and processes. 
• Responsible for security architectures and effectiveness as security-by-design 
• Design security solutions, plan and implement security technologies 
• Perform risk assessments of internal services and 3rd parties, drive remediation and improvements 
• Matures the ISMS, security policies, standards and procedures, performs MandA due diligence 
• Prepares and delivers security trainings to IT and Business colleagues 
• Manage automated secure coding tools and processes (SAST, DAST,IAST)
• Produce security reports pertaining to application security vulnerabilities.
• Build, maintain, and enforce application security development policies, proceduresand standards
• Maintain current knowledge of security threats and vulnerabilities that could impact products and technology stack components, and help product teams identify solutions that meet security requirements.
• Provide subject matter expertise on secure design and coding practices, assist in building and rolling out related guidelines and standards, perform manual source code reviews for high risk components
• Build secure code library (security code snippets, common libraries, cryptographic libraries)
• Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
• Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls.

Skills on Resume: 

• Security Strategy Advisory (Soft Skills)
• Security Architecture Design (Hard Skills)
• Security Solution Planning and Implementation (Hard Skills)
• Risk Assessment and Remediation (Hard Skills)
• Information Security Management System (ISMS) Development (Hard Skills)
• Security Training Delivery (Soft Skills)
• Management of Automated Secure Coding Tools (Hard Skills)
• Security Reporting and Analysis (Hard Skills)

Job Summary:

• Design and develop in-depth security architecture and perform threat modelling for products and services of Merck.  
• Define secure system development lifecycle and product security maturity model.  
• Develop security controls and processes for products/services developed and deployed in cloud and on-promise.
• Define coding standards across application and data security
• Define a standardized set of security requirements, and align with internal Merck policies and meet external compliance/regulatory requirements like GxP, GDPR etc.
• Lead the reviews of the security architecture defined and application designs, and review audit source codes.
• Stay relevant and lead innovation in application security best practices.
• Coach the application development teams on secure system development lifecycle and security best practices  to upskill the security expertise of application developers.
• Work in a dynamic environment and handle multiple priorities.

Skills on Resume: 

• Security Architecture Design (Hard Skills)
• Threat Modeling (Hard Skills)
• Secure System Development Lifecycle (SDLC) (Hard Skills)
• Product Security Maturity Model (Hard Skills)
• Cloud and On-Premise Security (Hard Skills)
• Coding Standards and Security Best Practices (Hard Skills)
• Compliance and Regulatory Alignment (Hard Skills)
• Innovation and Leadership (Soft Skills)

Job Summary:

• Application security analysis, including code and architecture review, analysis of data flows, and penetration testing
• Consulting with engineering teams on the design, development, and operation of the Mindstrong service 
• Acting as a security liaison between Engineering and the company
• Building tools to automate and integrate application security testing and assurance 
• Functioning as an internal advocate and resource on secure software engineering and application security practices 
• Identifying security-focused metrics for collection and analysis
• Launching Mindstrong’s vulnerability disclosure and bug bounty programs
• Providing specific risk assessment and remediation guidelines 
• Helping handle and triage findings from security tools, including static and dynamic scanners

Skills on Resume: 

• Application Security Analysis (Hard Skills)
• Consultation with Engineering Teams (Soft Skills)
• Security Liaison Role (Soft Skills)
• Tool Development and Automation (Hard Skills)
• Internal Advocacy for Secure Software Engineering (Soft Skills)
• Metric Identification and Analysis (Hard Skills)
• Vulnerability Disclosure and Bug Bounty Programs (Soft Skills)
• Risk Assessment and Remediation Guidance (Hard Skills)

Job Summary:

• Operationalize a robust cybersecurity program focusing on the cloud application side of the IoT conversation.
• Report to the Product Security Lead and provide support for all areas of product cybersecurity including secure by design strategies, risk management, testing, training, and product incident response.
• Implement and improve a strong product cybersecurity program
• Advise product development teams regarding security principles, secure architecture, the implementation of cybersecurity controls, the design and coding of security-related features, and the secure delivery and deployment of applications.
• Hands on application security assessments including use of static, dynamic and interactive tools
• Use and integrate into CI/CD pipeline commercial and open source tools to achieve security goals
• Perform vulnerability triage to prioritize issues, eliminate false positive, articulate issues to developers and provide the best practices and governance for remediation
• Assist with security testing of products, including internal penetration testing and working with third-party security assessment and pen testing companies.
• Collaborate with and train developers and infrastructure teams to remediate vulnerabilities and develop best practices
• Responds to product security questionnaires and key contributor to PSIRTs
• Identify new and emerging security tools and practices for implementation
• Participate in ISAOs (Information Sharing and Analysis Organizations) and H-ISAC
• To fulfill this role, a regular cadence of study in cybersecurity and attendance at conferences

Skills on Resume: 

• Cybersecurity Program Operationalization (Hard Skills)
• Product Security Expertise (Hard Skills)
• Program Improvement (Soft Skills)
• Security Advisory and Guidance (Soft Skills)
• Application Security Assessment (Hard Skills)
• CI/CD Integration (Hard Skills)
• Vulnerability Management (Hard Skills)
• Collaboration and Training (Soft Skills)

Job Summary:

• Working in a rapidly moving microservices ecosystem that supports a wide variety of languages and build tooling. 
• Driving the adoption of these security tools and techniques into all development teams. 
• Work effectively, not just within own team but also with other development teams both locally and in other timezones
• Partner with application service teams to develop and implement application security standards, patterns and guidelines that support ongoing deliveries and balance risk and business benefit;
• Collaborate on development of secure solutions, patterns and frameworks to address security risks and threats
• Embed secure-by-design and secure-by-default into standard working practices and technologies
• Continuously review the design and effectiveness of application security controls and develop a program of continuous security improvement relating to SDLC 
• Support and grow the maturity of application security and architecture through partnerships on Workday key business deliverables.
• Improve in-house security tooling and solutions
• Educate, and support Workday to understand the changing application security threat landscape.
• Stay ahead of industry technology and business trends. Actively drives product technology and engineering process innovation to help Workday be a leader in Security

Skills on Resume: 

• Proficiency in Microservices Ecosystem (Hard Skills)
• Application Security Expertise (Hard Skills)
• Cross-Team Collaboration (Soft Skills)
• Security Standards Development (Hard Skills)
• Secure Solution Development (Hard Skills)
• Security Integration (Hard Skills)
• Continuous Security Improvement (Hard Skills)
• Innovation and Education (Soft Skills)

Job Summary:

• Help the broader Security Engineering team to define and integrate Security Architecture standards for the rest of the organization. 
• Know this can’t be done in a bubble and are ready to roll sleeves and work with Engineering peers.
• Have consultation and education for Phreesia Engineering. 
• Help educate and provide answers to sometimes challenging security questions.
• Build (both visually and via documentation) threat models and work to standardize the process across Phreesia
• Become intimately involved in helping to design a large-scale transition Phreesia is undertaking to CI/CD pipelines and help design to security best practices on  container release platforms.
• Review most critical applications and technology stack from the ground up. 
• Familiar with things like GitOps, Container Release infrastructure, Kubernetes, and container ecosystems (yes, all the pieces around K8s) at least conceptually and help understand and define point controls.
• Dig into code to seek deep understanding. 
• Help to perform risk analysis of new and current build projects

Skills on Resume: 

• Security Architecture Standards Development (Hard Skills)
• Collaboration and Teamwork (Soft Skills)
• Consultation and Education (Soft Skills)
• Problem-solving and Communication (Soft Skills)
• Threat Modeling (Hard Skills)
• CI/CD Pipeline Security (Hard Skills)
• Technology Stack Review (Hard Skills)
• Technical Proficiency and Code Analysis (Hard Skills)