The role of the Cyber Security Specialist is to be part of our Agile cross functional teams, as an embedded Security expert. Within the team you will play a critical role, introducing and promoting Security best practice right from the software design phase.We are committed to an environment of Continuous Deployment and Integration and our Cyber Security specialists identify and challenge security risks and issues throughout the process. The right candidate will have a proven background in IT security, within modern Agile cloud based architecture and development environments.The successful candidate will be a critical link between the IT Security and DevOps team, closely managing the rate of deployment against strategic security and business risks. You will be providing expertise and undertaking risk assessments on numerous sprints, projects, prioritizing and managing multiple projects at any one time. You will work with the wider IT security team and engage their knowledge where appropriate.
Your responsibilities will include:
Provide guidance and help to IT delivery teams thus ensuring that Saltver delivers secure solutions to its customers
Collaborating with IT development teams and other Saltver teams working closely in a DevOps and agile development process. Support the Secure Software Delivery Life Cycle (SDLC) ensuring developers are coding in-line with security standards, practices and industry best-practice
Interface between the development teams and relevant IT Security teams
Integrate into the development process, attending scrums and owning security use cases and stories
Advise appropriate teams (IT Security, IT Risk) on residual risk on completion of projects
Supporting initial risk assessment process and providing consultancy and guidance
Responsible for undertaking application security risk assessments as part of development projects. This entails using a threat modeling methodology to identifying threats which could affect the Confidentiality, Integrity and Availability of the data and components in scope.
Providing support for automated application security tooling working with IT Security as necessary
Work as a Global team and collaborate with IT Security colleagues in other regions when undertaking security risk assessments to share knowledge and working practices
Challenge and create new ways to meet security controls which are more effective in DevOps and agile working.
Interpret and advise on the results from security testing to both technical and non-technical audiences
Delivering the right customer outcomes for the product, service provided related to Successful, Failed, frequency of releases
Shortest possible time from Idea to Live
Number of incidences caused by Change and the mean time to recover from incidents,
Providing support and expertise across multiple DevOps teams
Maintain Platform stability
Ensure defects in Dev are minimal and controlled
Overseeing effectiveness of controls to ensure compliance with Saltver Information Security policies and standards.
Qualifications The ideal candidate for this role will have the below experience and qualifications:
Strong experience within IT and in particular proven IT Security and/or IT audit or controls experience
Experience working in a DevOps environment
Experience working with AGILE projects
Demonstrable interest in IT Security
Experience working in IT Security or IT Audit
Proven experience of motivating others to deliver exceptional performance and long terms results
Excellent written and spoken communication skills with experience of successfully influencing others, negotiating effectively and winning over audiences with compelling and persuasive presentations
Built effective networks both internally and externally and created opportunities for others to work collaboratively
Dealt effectively with highly complex commercial information and business challenges to create strategic business plans which effectively deliver results
Promoted and led best practice in risk and compliance management in a similar organisation
In addition to the details listed above, the ideal candidate will have:
Professional certifications in Information Security (CRISC, CISSP, CISA) is desirable but not essential
Experience of IT architecture and how it fits together to deliver an enterprise IT System
The base location of this role will be Karachi, Pakistan.Saltver is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.