Regional Application Security Manager (Colombia)
Regional Application Security Manager
What We’re Looking for ⬇️
- Engineer in Electronics, Telcos, Systems, or similar.
- Master's degree in Security, Information Security, or Cybersecurity.
- PCI, ISO27000, ISO20000.
- 3+ years in application security.
- 5+ years in application development and/or Cybersecurity.
- CEH, OSCP, CISSP (Non-mandatory).
- Advanced English proficiency (B2 – C1).
- Communicate at many corporate levels to ensure security concepts are translated into effective technical and business decisions.
- Approach Application Security from the perspective of risk management.
- Knowledge of Waterfall and agile development practices.
- Knowledge of frontend and backend architectures.
- Familiarity with development tools like Eclipse, GIT, GCC, JIRA, Subversion, etc.
- Familiarity with testing tools like Acunetix, Veracode, Jenkins, AppSpider, Kiuwan, Sonarqube.
- Knowledge of the OWASP Top 10, WASC TCv2, and CWE 25 and be able to communicate those needs to any audience.
- Integrate security tools, standards, and processes into the product lifecycle.
- Contribute to the training of developers and QA personnel on secure software development.
- Deploy and maintain application security testing tools (DAST/SAST).
- Support incident response and architecture review processes whenever application security expertise is needed.
- Develop, enhance and maintain secure development policies, standards, and guidelines.
- Support development teams in the security development process.
- Evaluate third-party software and its development activities for compliance with Teleperformance security standards.
- Integrate threat modeling practices into the product lifecycle and define security requirements based on the risk profile of applications.
- Produce metrics for the application security program.
- Review software applications for potential security vulnerabilities by performing application security reviews.
- Perform code reviews in multiple programming languages.
- Recommend security controls to mitigate application vulnerabilities.
- Perform incident analysis to identify unidentified vulnerabilities and propose countermeasures.
- Document vulnerabilities and work on vulnerability mitigation.
- Identify points of improvement in the existing SDLC.
- Recommend security enhancements to the SDLC.