We’re looking for an experienced security consultant working out of any of the TWI offices. This is indeed a hands-on tech oriented position. You need to know about the standard security practices, have some demonstrable experience with implementing security automation, but it is critical you are able to work with delivery teams as well as networks and infrastructure support teams. We want someone who can talk the language of software product delivery teams and work collaboratively with them to reduce risks related to code development, system architecture and infrastructure. It will help if you have experience working in delivery teams using agile development methodologies and practices.
- 9+ years experience working as a security engineer which includes responsibilities working directly with delivery teams to review code and systems architecture for vulnerabilities.
- In-depth knowledge and experience with OWASP and SANS standards
- Experience in manual and automation basic vulnerability assessment
- Experience with at least 1 popular tool in each category of SAST, DAST, Dependency checking, and container vulnerability assessment, such as Checkmarx, Burp, ZAP, Fortify, Aqua, Trivy, etc.
- Has Knowledge & working experience of Security Automation for cloud and cloud components.
- Hands on experience with cloud security assessments. Hands-on experience of Cloud Security tools such as ScoutSuite, Prowler, Cloud Security Suite, etc.
- In-depth understanding of web technologies, common web frameworks, their vulnerabilities and mitigations
- Hands on experience with any one of public cloud technologies, preferably AWS (GCP or Azure optional )
- Understanding of Infrastructure as Code, Containers, CI/CD security, Perform infrastructure as code reviews
- Experience with Cloud Infrastructure problems Troubleshooting and resolving
- Excellent communication and interpersonal skills
- Experience in the areas of Open Policy Agent (OPA) creation
- Experience with security tools such as AWS Trusted Advisor, Guard Duty, CloudTrail, WAF, Amazon Macie
- Experience in scripting languages like Python, Unix Shell (bash), etc.
As an Cloud Security Specialist, you will have an opportunity to
- Embed security throughout the lifecycle of software delivery
- Acts as a Subject Matter Expert for security processes, tooling and application. Help project teams in resolving the security issues.
- Strategizing cloud security for clients
- Building and defining security practices
- Be able to automate and optimize security as per application lifecycle.
- Play a consultant and advisory role to delivery team and clients
Regardless of what you do at ThoughtWorks, you’ll always have the opportunity to
- Think through hard problems, and work with a team to make them reality.
- Learn something new every day.
- Work in a dynamic, collaborative, transparent, non-hierarchical, and ego-free culture where your talent is valued over a role title.
- Speak at conferences.
- Write blogs and books.
- Develop your career outside of the confinements of a traditional career path by focusing on what you’re passionate about rather than a predetermined one-size-fits-all plan.
- Be part of a company with Social and Economic Justice at the heart of its mission.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided