Security Consultant

What you will do:

• Collaborate with the relevant stakeholders on a continuous basis to ensure security-by-design principles are defined, implemented and continuously improved.
• Develop and implement effective security testing strategies by leveraging cutting edge security research through upskilling self and team, staying up to date on security research and applying them effectively to the overall Customer application security assurance program.
• Implementing and developing effective secure coding practice strategies to counter traditional and modern attacks affecting Customer digital assets by educating the software developer community, Awareness workshops and drive implementation of industry best practice.
• Develop and implement DevSecOps principles by automating security activities, including but not limited to, static analysis, dynamic analysis, container security, orchestration security.
• Provide security advisory to product grooming sessions with software developers, scrum masters and technical product owners to prioritize security backlogs, offer technical expertise on new requirements and ensure the delivery of privacy and security by design principles.
• Understand, articulate, evaluate and design solutions to complex business problems and apply appropriate technologies while following security engineering best practices.
• Collaborate with a diverse audience such as business stakeholders, Customer leadership and the Engineering Chapter to highlight and bring about change that improves the level of Cybersecurity practices that affect Customer.
• Lead the technical Cybersecurity expertise within the dnata international portfolio to support diverse security requirements while maintaining a high-level overview of activities.

• Thorough knowledge of OWASP (The Open Worldwide Application Security Project) Top 10 (Web & Mobile)
• Clear understanding of network and web related protocols (including but not limited to, TCP/IP, UDP, IPSEC, HTTP)
• Strong fundamentals of application design concepts - Security-by-design in application
• Clear understanding of network and web related protocols, including but not limited to, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols
• Knowledge of technologies including but not limited to reverse proxies, Web Application Firewalls,
• CI/CD, API gateways, SAAS
• Comprehensive understanding of (IT) Risk Management processes
• Proficient in using & implementing open source and commercial tools to scale security
• Experience in threat modelling, vulnerability discovery and vulnerability management processes
• Experience in Bug Bounty processes or similar experience
• Ability to understand business requirements and translate them into technical requirements.