GTIL Application Security Engineer (Sr. Associate)

The Application Security Engineer plays a crucial role in overseeing the security of development operations (DevSecOps) for GTIL which includes globally distributed practice management applications.

Reporting directly to the Application Security Managerand with key relationships to the Development Operations and IT project teams this role provides architectural analytical and operational expertise across a range of Azure services and other cloud-based security solutions

Securing the Software Development Life Cycle

• Security oversight of the continuous delivery continuous integration (CI/CD) pipeline

• Combination of static and dynamic application security testing (SAST/DAST) to identify code bugs and application issues.

• Software composition analysis (SCA) to track all open-source components in the developers code base.

• Threat modelling to identify architectural design faults and potentially exposed targets of attack.

• Evaluate and advise on service deployment into a microservices architecture (Kubernetes) and operational functions relative to security best practices and compliance requirements

• Maintain security issue tracking and reporting using Azure DevOps (ADO)

• Develop and maintain documentation of target state designs and security roadmaps.

• Evaluate applications and environments against Security Frameworks and Compliance requirements.

• Develop and manage Azure Policy to enforce Security Baseline standards.

Person specification

• Post high school education and/or work-related experience in Computer Science Information Systems or other Information Technology related field

• This role best suits a candidate with a background in development who has made a transition to cloud security.

• The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization.

  • Strong organisational and communication skills

  • Ability to learn and adapt to a constantly changing technology and threat landscape.

• Relationship building is a key requirement (this role scope of responsibility will on occasion extend to communicating with executive leadership and cross-functional teams)

• Provides expertise and solutions for complex initiatives and is capable of making independent decisions.

• Cultural awareness the ability to work well with people from different disciplines and backgrounds.

• Ability to be agile respond positively to change and contribute with an innovative and global mindset.

• Minimum of 2-3 years working in development and security operations OR a combination of relevant experience

• Demonstrated Security and Development Operational expertise:

• Azure DevSecOps

• Microservice architecture (Kubernetes)

• Authentication and Identity Governance (AzureAD Identity and Access Management OAuth 2.0 OpenID Conditional Access)

• Container security (Docker and Runtime)

• Encryption (Key Vault)

• Azure SQL Server and Azure Cosmos DB

• Azure Block Storage and Data Caching

• .net C# REST API

• Terraform

• CICD code analysis (SAST/DAST) ideally using Veracode

• Threat modelling

• Security Controls and Benchmarking

  • OWASP Application Security Verification Standards

  • Azure Policy and Compliance

• Cloud security certification e.g.

  • Certified Cloud Security Professional (CCSP)

  • GIAC Secure Software Programmer (GSSP)

  • GIAC Cloud Security Automation (GCSA)

  • Certificate of Cloud Security Knowledge (CCSK)

The base salary range for this position in the firms Chicago IL and Cleveland OH offices only is between $96000 and $144000 per year.