- Reviewing current system security measures, recommending/implementing enhancements and conducting regular system security review of existing IT systems
- Planning, researching, and designing security architectures including maintaining the security framework architecture documentation
- Designing security architecture elements to mitigate threats as they emerge; establishing disaster recovery procedures and conducting breach of security drills
- Identifying the top cloud architecture solutions to successfully meet the strategic needs of the Bank; regularly evaluating cloud applications, hardware, and software and offer guidance in infrastructure movement techniques including bulk application transfers into the cloud
- Analyzing and identifying security vulnerabilities in source code using both automated and manual static analysis tools and techniques; recommending best practices to integrate and automate application security testing in SDLC
- Delivering secure code review assessment on programming language (with at minimum: React-Native, ReactJS, .NET Core 3.1 (C#), Javascript); train/assist developers in writing secure softwar and remediating existing vulnerabilities; mentor and assist team members in effectively delivering assessments and enhancing skillsets
- Participating to an on-call process to contain cyber security incident, promptly responding to all security incidents and providing thorough post-event analyses
- 10+ years’ experience in enterprise Information Security architecture and IT risk management with a focus on security
- 4+ years of experience in application security including secure code review, web application penetration testing or threat modelling (at minimum: React-Native, ReactJS, .NET Core 3.1 (C#), Javascript)
- 2+ years of experience in secure code review / static application security testing (SAST)
- Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube
- Excellent knowledge of cloud computing technologies, enterprise-class security architecture, performance and reliability, cyber offensive security and cyber threat modeling
- Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code and solid understanding of security protocols, cryptography, authentication, authorization and security
- Excellent written and verbal communication skills as well as business acumen, ability to interact with a broad cross-section of personnel to explain and enforce security measures and to explain risk and business impact of security vulnerabilities in source code to variety of audience
Company
Location
Basel - Switzerland
Job type
Full-Time
JavaScript Job Details
As a DevSecOps you are key employee within the global Information Security team of the bank. You will be actively shaping the Information Security landscape by taking ownership by collaboration with various internal and external stakeholders. If you have a hands-on mentality and knowledge from coding up to architecture, you will be the ideal candidate.
Responsibilities
Profiles
Activity rate
100 %
Please send your application to:
More Developer Job Boards
Fullstack Developer Jobs Golang Jobs JavaScript Jobs Python Jobs React Jobs Rust Jobs Java Jobs