• The Systems Security Development Specialist is responsible for evaluating the security of programs and applications.
• Must be involved in the full software development life cycle.
• Determine the required security controls.
• Assist with software design reviews.
• Define functional and/or performance test cases.
• Perform a risk assessment when a system, program or application is subject to change.
• Perform secure code reviews.
• Identify and implement security mechanisms to solve problems in software development.
• Perform software quality assurance testing.
• Implementation of security procedures to solve the problems identified during the acceptance phase of the program.
• Conduct vulnerability assessment activities prior to application deployment.
• Evaluate and communicate software testing results with the design team and stakeholders.
• Develop documentation for software programming and development, safe software/system testing and validation.
• Develop and implement an application security program across the organization with periodic reviews to assess effectiveness.
• Develop secure encryption standards and procedures drawn from leading security practices and industry standards across all platforms.
• Develop a project risk rating process for leadership and reporting on SDLC rigor (eg threat modelling), which will be part of the SDLC process.
• Perform security assessments on applications when they are in staging mode and submit a risk assessment report to application owners before they are deployed in production.
• Define a framework for testing IT applications/operational processes whereby regular reviews and mandatory checkpoints are conducted against defined criteria before the design is completed.
• Develop the code integration process where code signing is continually implemented and integrated into the SDLC process and apply code obfuscation where applicable.
• Perform security assessments on applications in production.
• Review IT/OT security controls for applications targeted by cyber threats.
• Maintain a central repository of SDLC operations integrated with regular tracking processes.
• Documentation of the list of requirements where all intellectual property rights and production code are kept in the escrow account.
• Develop guidelines to include application security testing and mobile applications.
• Training of testers in the coding process using security test cases.
• Identification and assignment of personnel responsible for implementing security.
• Develop a process for conducting SAST and DAST activities on all developed applications
• Implementing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify weaknesses and vulnerabilities in applications before they are deployed to production.
• Develop a platform to allow users to report bugs/problems in applications.
• Implementation of WAF to ensure the protection of critical and external company applications.
• Ensure that WAF records are captured, archived and integrated into the SIEM solution.
• Create and maintain an inventory of all IT/OT applications including ratings of importance and sensitivity, reviewed at least once a year.
• Maintain a whitelist of IT/OT applications and application components authorized to be active on a host as well as a list of trusted applications from vendors.
• Conducting periodic surveys to detect deviations from basic configuration standards.
• Schedule Web Application Firewall (WAF) signatures to be reviewed periodically based on changes in application use cases and design changes.
• Develop training materials and implement relevant application strengthening training for all stakeholders.
Knowledge:
• Network components, their operation, and appropriate controls and methods for network security.
• Principles of cybersecurity and privacy as they apply to software development.
• Programming linguistic structures and logic.
• Localized and translated computer languages.
• Critical information systems that are designed with limited technical controls for cyber security.
• Data security standards related to the sector in which the company operates.
• Embedded systems and how cybersecurity controls can be applied to them.
• Intrusion detection and prevention system tools and applications.
• Complex data structures.
• Principles and concepts of local and wide area networks, including bandwidth management.
• Secure Configuration Management Techniques.
• Principles of software debugging.
• Software development models.
• Software Engineering.
• System design tools, methods and techniques, including automated systems analysis and design tools.
• Knowledge of web services.
• Secure encryption techniques.
• Software quality assurance process.
• Develop software in high-level languages.
• Development of programs for UNIX or Linux.
qualifications:
• Bachelor’s degree in Computer Science, Information Systems or related fields.
• More than 10 years of experience in the field of information security.
• 7+ years of software security testing experience.
• ISTQB certifications, or equivalent certifications
• Bachelor’s degree in Computer Science, Information Systems or related fields.
• More than 10 years of experience in the field of information security.
• 7+ years of software security testing experience.
• ISTQB certificates, or equivalent
We are a national group formed on the foundations of social responsibility and building the value gained with hard work and the quality of outputs that contribute to creating a fertile production environment for our valued customers so that they can present their work according to balanced performance standards that ensure continuity and reduce expected risks.