Work closely with software development teams or contractors to ensure secure coding practices are followed throughout the software development lifecycle (SDLC).
Review code for vulnerabilities and recommend secure coding standards.
Conduct security risk assessments on new and existing applications, focusing on potential threats and weaknesses.
Support DevSecOps practices by integrating security into CI/CD pipelines.
Support in integrating the security tools in the CI/CD pipelines.
Ensure compliance with relevant industry standards and regulations (e.g., EU DPR, ISO 27001, NIST).
Collaborate on security documentation, including policies, procedures, and risk assessments.
Educate and train staff on secure development and security best practices.
Requirements
Possess at least a High School diploma
Minimum 10 years of experience in IT.
At least 7 years of experience in dealing with ICT security issues.
Demonstrated experience in conducting comprehensive security assessments of ICT projects and systems, utilizing standards such as ISO 15408 and ISO 2700x or equivalent.
Ability to collaborate with multidisciplinary project teams to ensure consistent application of security policies, measures, and standards across all technology initiatives, systems, and services, both on-premises and in the cloud.
Experience partnering with developers to integrate security checkpoints throughout the Software Development Lifecycle (SDLC), following industry-accepted standards such as NIST SP 800-115 and/or ISO security guidelines.
Proficiency in performing System Security Risk Assessments.
Expertise in preparing and submitting security-related documentation, including vulnerability assessments.
Capability to develop secure coding practices in alignment with organizational strategy and security framework.
Experience in supporting DevSecOps practices by embedding security within CI/CD pipelines, performing code reviews for vulnerabilities, and recommending secure coding standards.
Skill in educating and training staff on secure development methodologies and best practices in security.
Proficiency in English language at a minimum B2 level.
