HAYS

Stanowisko:

Automated Security Scanning Analyst - Containers

Lokalizacja:

Kraków

małopolskie

Opis stanowiska podany przez pracodawcę:

Automated Security Scanning Analyst - Containers
Kraków
NR REF.: 1188763

Your new company

You will join global IT consulting company that specialises in transformational management and technology. After joining the organisation, you will be supporting their clients from banking industry, in particular in cybersecurity area. Your expertise will help the client to build digital solutions that will allow customers to bank quickly, simply and securely.

Your new role

You will become part of the international team that will be reporting to Global Head of Security and collaborating with business development team and Cybersecurity peers to build secure technology products and services to enable early identification and remediation of security vulnerabilities.Your responsibilities will include:

Defining and driving scanning product vision, strategy/road map and metrics; balancing requirements around usability, productivity, security and scale to create optimal experiences for engineering application teams.
Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes and procedures.
Defining and maintaining scanning tool configuration, ruleset and policy and revising as required to minimise false positive ratios.
Leading and executing the creation, review and maintenance of security scanning quality assurance approach and related documentation.
Planning and executing project roadmaps to; enhance functionality and/or remediate identified security scanning product gaps.
Monitoring new product and technology trends, risk and threat intelligence feeds to advance company’s security capabilities while balancing an excellent user experience.
Driving development work to integrate company’s systems
Data analysis to identify patterns and trends in security related findings
Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational & Resilience Risk, CCO Technology, Cybersecurity Risk & Control Strategy and Cybersecurity Business Engagement.

What you39ll need to succeed

Experience in DevSecOps including Agile and Waterfall Software Development Life Cycle.
Experience in Cloud and/or Container Security review and Vulnerability assessment
Experience in Cloud and Kubernetes
Experience on integration & automation of various security technologies preferably Container Security Scanning (CONT) including Infrastructure scanning (INFRA), tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications.
Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
Some experience in development work utilising a programming language, preferably Python
Professional IT Security qualifications and/or certification.
An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
Experience of working in international and diverse environments.
Experience in engaging with business, technology, regional and regulator stakeholders.
Ability to prepare concise presentations and updates for senior management.
Experience/ understanding of threat modelling and third party security assessments would be beneficial.
Fluency in English