The successful candidate will be a critical link between the Cyber Security and Digital IT delivery teams, closely supporting the rate of deployment while managing strategic security and business risks. You will be providing expertise and undertaking risk assessments on numerous sprints, prioritising and managing multiple work streams at any one time. You will work with the wider Cyber security team and engage their knowledge where appropriate.

 

What you will be doing:

Provide guidance and help to IT delivery teams in regards to security solutions to enable faster delivery of secure IT SystemsCollaborating with IT development teams and other teams working closely in a DevOps and Agile development process. Support the Secure SDLC ensuring developers are coding in-line with security standards, practices and industry best-practice Responsible for undertaking application security risk assessments as part of development projects. This entails using a threat modeling methodology to identify threats which could affect the Confidentiality, Integrity and Availability of the data and components in scope. Own driving the remediation of security issues (defects), or supporting other risk treatment methods as needed (e.g. risk acceptance) Providing support for automated application security tooling working with Cyber Security as necessaryChallenge and create new ways to meet security controls which are more effective in DevOps and Agile ways of working, by helping IT delivery teams adopt a “shift left” approach to managing securityOverseeing effectiveness of controls to ensure compliance with  Information Security policies and standards. Work closely with delivery teams to develop and monitor security risk remediation programme activities and actions to ensure delivery within acceptable timelinesFocusing on Technology top security risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated Responsible for embedding risk and control management frameworkRole model a positive internal security risk and control culture across Digital IT delivery teams and help shape the climate, tone and environment in which people work

What you will bring to the role:

Proficient in application security testing of Web, Mobile (Android and iOS), and API etc.Ability to assess and identify any possible vulnerabilities in technology being developed prior to implementation Expertise in application Security Testing DAST; experienced in web application, API Security, and mobile application security testing in conformance to various industry standards like OWASP top 10, SANS top 25 etc.Good to have knowledge on programming and scripting skills in languages like Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift etc.Expert level knowledge of tools like Burp Suite, IBM appscan (standard and source), HP Fortify, Postman, SoapUI, Checkmarx, Contrast etc. to perform the security testingConsistently display positive leadership behaviours related to the management and mitigation of risk, including notification and escalation of any concerns and ensuring timely action in relation to points raised by audit, 2LoD and external regulatorsThe jobholder will adopt the Group Compliance Policy by escalating any identified compliance risk in liaison with, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to complyThis will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulatorsRole relevant qualifications, i.e. professional certifications in Information Security (CRISC, CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB) is desirable but not essential Strong grasp of application security tooling, and experience of driving automation within the delivery environment

 

At Globant we believe that an inclusive culture and a diverse environment makes us stronger. We encourage people to have an inclusive spirit as our global footprint expands. We seek to generate a place of inspiration and growth for everyone. A safe space, based on equity as a value, where everyone's careers can be promoted and developed in the same way. There is no innovation without diversity and there is no improvement without plurality.

 

Are you ready?