We are looking for a DevSec Ops to take a leading role in design, development and implementation cybersecurity solution within the aviation sector. Further information below:
Responsibilities:
Define overall security solution strategies based on customer requirements.
Analyse applications to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts.
Ensure that security is introduced earlier into the software development life cycle (SDLC).
Write comprehensive security assessment reports for developers and management.
Collaborate with a team of security experts and work in a lab environment.
Propose mitigations for the security vulnerabilities identified in Thales solutions.
Perform security reviews of requirements, design specifications, and code.
Analyse design constraints, analyse trade-offs and detailed system and security design, and consider life cycle support.
Build, test, and modify product prototypes using working models or theoretical models.
Design and develop cybersecurity or cybersecurity-enabled solutions.
Design or integrate appropriate cybersecurity capabilities into overall system designs.
Develop and execute system testing and validation procedures and documentation.
Develop architectures or system components consistent with technical specifications.
Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.
Requirements:
8 years of proven relevant industry experience.
Experienced in computer architecture, network, web technologies, Operating Systems or embedded systems.
Understanding and experience on various cybersecurity technologies on Microservices and DevSecOps practices.
Understanding and hands-on experience in API security, Supply Chain validation (SCA), SRE, Service mesh, CI-CD pipeline and various tools used.
Familiarity with SSDLC (Secure Software Development Life Cycle) process, OOP (Object Oriented Programing), Microservices and Serverless Functions, Container orchestration systems (Docker, Kubernetes).
Experience translating regulatory requirements into operational and technical control objectives.
Knowledge and understanding in using security tools for investigation, testing and assessment is a plus.
Experience with common RCA frameworks, as well as threat modelling frameworks such as VAST.
Deep understanding of various software security vulnerabilities, threats and attack vectors on different environments, and reverse engineering.
Experience with SAST, DAST, IAST, & RASP tools.
Knowledge of common EA models such as TOGAF or E2A/Zachman. Similarly, familiarity with PM frameworks such as PMP or Prince2.
Experience with modern development practices such as Source Code Management (SCM) and CI-CD tools like git (GitLab), Jenkins, Bamboo, or CircleCI; infrastructure and configuration deployment applications such as Ansible or Terraform; and architectures such as Red-Black/Green-Blue deployment environments.
Experience working with Capability or Security Maturity Model frameworks, such as O-ISM3 and C2M2.
Knowledge of software development and engineering models (e.g., Waterfall, Agile, Spiral, Lean IT).
Familiarity with cloud technologies - Any of the 3 major cloud vendors & cloud-native apps is a nice to have.
Development experience is a plus (scripting, application development, etc.).
Passion for learning new technologies and a desire to tackle hard technical problems.