经验不限
学历不限
最近更新
398人关注
职位描述
该职位还未进行加V认证,请仔细了解后再进行投递!
职位描述:
purpose of your role
application securitygroup is responsible for ensuring that fidelity applications are designed, developed and deployed securely.the role will involve working closely with development groups to ensure secure design, development and implementation of services and components. assenior engineer, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.
this position will focus on security of new services to support business functionality. the role will involve working closely with development groups to securely design, develop and implement services and components.
the role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out security assessments i.e. requirement review, design review and code review. this role would also demand interaction with fidelity vendors to conduct risk assessment.the job involves working closely with development groups,applicationarchitecture, (information security officer) so that the applications are compliant with fil information security standards.
the successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. fil systems are implemented in a wide range of technologies based on architectural standards.
key responsibilities
·review software applications for potential security vulnerabilities by conducting application security reviews i.e. requirements review, design review and code review, vendor risk assessment.
·liaison with developers, architects, project managers and vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
·understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
·be “hands on” with technology and to contribute to the design, development and support of projects with the security recommendations.
·impart security awareness and training to developers and architects
·review design and development artefacts to ensure security quality in the products being developed.
·evolve security review processes in accordance with information security standards and market best practices.
·contribute to enterprise architecture in definition of the technology stack and various standards and guidelines for development teams.
·protect fidelity information assets by promoting the understanding and acceptance of information security policy and standards.
·provide diligent and competent service to customers by delivering an impartial and accurate service with integrity, honesty and in accordance with the information security policy and standards
·create and maintain code review issues dashboard. track and push the remediation of legacy defects.
·the candidate shouldbe contributing in global code review related material update. the suggestions or improvement ideas should come from daily’s work, retrospective meeting and project experience.
·periodically check the fortify rules upgrade; evaluate new tools used by india team and perform any necessary practices.code reviewershould be capable for sharing his experience insecure codingtraining.
·code reviewer should beresponsible for research code level defence solution for common owasp issues and provide necessary training todeliveryteam.
·devsecops is an inevitable trend. automated static code scan is a goalofglobalapplication securityteam andhavebeen implementedacrossindiaand apac.this role should be also responsible for supporting security champion maintain sast task in ci/cd pipeline.
experience and qualifications required
·about 5+ years of industry experience with exposure to end to end software development lifecycle both in waterfall and agile methodology.
·proven expertise in web technologies (java/j2ee/struts/web2.0/rest api/)
·sound knowledge in application security mechanisms such as authentication, authorization, session management, cookies management, data validation, error handling and encryption
·preferably, working knowledge of open-source and commercial sast (static application security testing) and dast (dynamic application security testing) scanners: fortify, zap, burp suite, appscan etc.
·having secure coding experience, familiar with security related framework module like: spring security.
·strongunderstanding of the underlying protocols and data used as the basis for the security monitoring service, including: http, https, sql, and tcp/ip.
·hands-on experience withone ofci/cd tools: jenkins, team city and bamboo.
·experience and strong understanding of security principles and standards implementations, such as federation (saml), web services (soap, rest),
·experience of windows and unix operating system platforms. experience of database and sql skills preferred technologies
·familiarity with scripting (i.e. shell, perl, ruby or python.)
·good communication skill and solid influencing skills.
·ability to work within an international team.
·self-motivated, flexible, with a ‘can do’ attitude.
·structured and methodical in problem solving
·an ability to work under pressure and to tight deadlines.organised with good attention to detail with a natural ability to prioritise workload and objectives.
·preferably, banking or financial firm workingexperience.
·certifications iso 27001/ cissp/ceh will be an added advantage
微信分享
purpose of your role
application securitygroup is responsible for ensuring that fidelity applications are designed, developed and deployed securely.the role will involve working closely with development groups to ensure secure design, development and implementation of services and components. assenior engineer, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.
this position will focus on security of new services to support business functionality. the role will involve working closely with development groups to securely design, develop and implement services and components.
the role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out security assessments i.e. requirement review, design review and code review. this role would also demand interaction with fidelity vendors to conduct risk assessment.the job involves working closely with development groups,applicationarchitecture, (information security officer) so that the applications are compliant with fil information security standards.
the successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. fil systems are implemented in a wide range of technologies based on architectural standards.
key responsibilities
·review software applications for potential security vulnerabilities by conducting application security reviews i.e. requirements review, design review and code review, vendor risk assessment.
·liaison with developers, architects, project managers and vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
·understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
·be “hands on” with technology and to contribute to the design, development and support of projects with the security recommendations.
·impart security awareness and training to developers and architects
·review design and development artefacts to ensure security quality in the products being developed.
·evolve security review processes in accordance with information security standards and market best practices.
·contribute to enterprise architecture in definition of the technology stack and various standards and guidelines for development teams.
·protect fidelity information assets by promoting the understanding and acceptance of information security policy and standards.
·provide diligent and competent service to customers by delivering an impartial and accurate service with integrity, honesty and in accordance with the information security policy and standards
·create and maintain code review issues dashboard. track and push the remediation of legacy defects.
·the candidate shouldbe contributing in global code review related material update. the suggestions or improvement ideas should come from daily’s work, retrospective meeting and project experience.
·periodically check the fortify rules upgrade; evaluate new tools used by india team and perform any necessary practices.code reviewershould be capable for sharing his experience insecure codingtraining.
·code reviewer should beresponsible for research code level defence solution for common owasp issues and provide necessary training todeliveryteam.
·devsecops is an inevitable trend. automated static code scan is a goalofglobalapplication securityteam andhavebeen implementedacrossindiaand apac.this role should be also responsible for supporting security champion maintain sast task in ci/cd pipeline.
experience and qualifications required
·about 5+ years of industry experience with exposure to end to end software development lifecycle both in waterfall and agile methodology.
·proven expertise in web technologies (java/j2ee/struts/web2.0/rest api/)
·sound knowledge in application security mechanisms such as authentication, authorization, session management, cookies management, data validation, error handling and encryption
·preferably, working knowledge of open-source and commercial sast (static application security testing) and dast (dynamic application security testing) scanners: fortify, zap, burp suite, appscan etc.
·having secure coding experience, familiar with security related framework module like: spring security.
·strongunderstanding of the underlying protocols and data used as the basis for the security monitoring service, including: http, https, sql, and tcp/ip.
·hands-on experience withone ofci/cd tools: jenkins, team city and bamboo.
·experience and strong understanding of security principles and standards implementations, such as federation (saml), web services (soap, rest),
·experience of windows and unix operating system platforms. experience of database and sql skills preferred technologies
·familiarity with scripting (i.e. shell, perl, ruby or python.)
·good communication skill and solid influencing skills.
·ability to work within an international team.
·self-motivated, flexible, with a ‘can do’ attitude.
·structured and methodical in problem solving
·an ability to work under pressure and to tight deadlines.organised with good attention to detail with a natural ability to prioritise workload and objectives.
·preferably, banking or financial firm workingexperience.
·certifications iso 27001/ cissp/ceh will be an added advantage
微信分享
注:联系我时,请说是在大连人才网上看到的。
工作地点
地址:大连河口区大连-沙河口区
求职提示:用人单位发布虚假招聘信息,或以任何名义向求职者收取财物(如体检费、置装费、押金、服装费、培训费、身份证、毕业证等),均涉嫌违法,请求职者务必提高警惕。
职位发布者
HR
fil(大连)科技有限公司
-
互联网·电子商务
-
500-999人
-
公司性质未知
-
大连市沙河口区软件园东路21号软件园12号楼6楼
