One of the world's largest providers of products and services to the energy industry has a need to develop and support cloud-based enterprise information system in Oil & Gas domain.
Our project is stable, long-term and constantly adopts new technologies.
DevOps practice is tasked with the development, provisioning, operations, and performance of a global, multi-region, multi-cloud software as a service, and developer integration platform.
Work supposes close cooperation with Customer team located in Houston and following Agile principles.
Our team is senior, supportive and friendly.
In this role candidates will operate independently and as part of a team to ensure that all software, hardware, and related components are protected from cyber attacks. Duties will include developing security systems, analysing current systems for vulnerabilities, and handling any and all cyber attacks in an efficient and effective manner. Candidates should have strong IT skills and a deep understanding of cyber attacks methodology, including but not limited to Fortify SCA scans, WebInspect scans, RAF developing, and overall security policies development and deployment.
Validate the fixes performed by developers in
Fortify for vulnerabilities
Follow up with Developer on open vulnerabilities
Share reports of open, closed vulnerabilities
Develop unique, effective security strategies for software systems, networks, and cloud provider
Safeguards information system assets by
identifying and solving potential and actual security problems
Protects system by defining access privileges,
control structures, and resources
Recognizes problems by identifying abnormalities;
Implements security improvements by assessing current situation; evaluating trends; anticipating requirements
Determines security violations and inefficiencies
by conducting periodic audits
Upgrades system by implementing and maintaining
Maintains quality service by following
Contributes to team effort by accomplishing
related results as needed
1. Thorough knowledge of Fortify and SAST scans hands-on experience
2. Thorough knowledge of WebInspect and DAST scans hands-on experience
3. Software Composition Analysis (SCA): X-Ray scans hands-on experience
4. Application development skills (programming languages: Python, Java, C#, Angular)
5. Solid application risks assessment practical experience
6. Application risk management experience (Understanding of the Risk Acknowledgement Form (RAF) approach)
7. AWS cloud services administration
8. Internal documentation creation experience
9. On-call security incidence troubleshooting
10. Process improvement
11. Problem solving
12. Excellent communication skills
Nice to have
1. AWS cloud services practical experience and certification
2. Fortify SCA certification (Cybersecurity Maturity Model Certification (CMMC))
3. CISSP, CISM, OSCP, CEH certifications
4. Kubernetes deployment and maintenance hands-on experience
5. Automation: Terraform
6. Good knowledge of Microsoft Active Directory services
7. Firewall and security group administration practical experience
8. Good understanding of AICPA SOC2 controls and processes
9. Thorough knowledge of network security and protocols
10. Knowledge of cryptography protocols and hands-on experience in SSL certificates generation
11. Penetration testing hands-on experience in Azure and AWS cloud environments and Kubernetes clusters.
12. Web and desktop applications penetration testing hands-on experience.
English: B2 Upper Intermediate
If needed, we can help you with relocation process. Click here for more information.
|Specialization||Position / Title||Location||Seniority||Relocation Friendly||Send to a friend|
|Application Security||WAF / Security Infra Engineer||Remote Brazil, BR||Regular||