Applications Security Specialist

Compartir Facebook

Empresa

GSB

Descripción de la Empresa

La visión de GSB nos compromete a ofrecer a nuestros clientes servicios de primera mano, motivándonos a ampliar nuestra presencia global constantemente.

Departamento

Bogotá DC

Localidad

Bogotá - Remoto

Tipo de Contratación

Tiempo Completo

Descripción de la Plaza

Main Activities / Responsibilities:
● Generation of threat modeling analysis, security requirements and abuse cases for all
developments carried out in ADC.
● Analyze changes to existing software looking for security risks that can be implemented in the
coding process.
● Identify vulnerabilities in the source code and in the runtime application.
● Determine and advise on the recommended security controls required to remediate findings and
issues in an efficient and concise manner.
● Generate awareness campaigns to all stakeholders of the software process.
● Help developers to use secure coding practices, as well as resolve specific doubts about
vulnerabilities identified in the different testing scenarios.
● Align security solutions to Holcim methodologies and standards.
● Design, implement, and support the security model for general security solutions
● Develop and drive the implementation of security best practices and standards.
● Review requests for new systems or changes to existing systems and evaluate the impact to
security.
● Conduct pre-audits on security issues of concern, work with the user community on remediation;
conduct spot checks of user security to ensure compliance.
● Provide technical Support for security issues related to in-scope applications, infraestruture as
code and cloud services .
● Provide support to other colleagues in terms of technical/functional expertise with the assigned
business processes.
● Expert in Vulnerability Management tools like Qualys or Nessus.

Qualifications:
● Bachelor’s degree in Computer Science, Engineering, or related discipline with an IT focus.
● Certifications: CISSP, CISM, CISA, CRISC ITIL, CMMI, ISO 27001, GSEC, CSSLP.
● Ethical Hacking certifications desired.
● Secure coding certifications desired.

Required Experience:
● At least 4 years of experience in IT Security and development, delivering applications with a secure
focus, assessments and audits.
● Experience in fullstack development, object-oriented programming, microservices oriented
architecture, with knowledge in agile methodologies and DevOps model.

Desired Experience:
● Experience on secure development and ethical hacking.
● Experience with vulnerabilities and fixes for different languages (C, C#, Java, Javascript)

Soft skills:
● Experience coordinating and completing multiple tasks within established and changing deadlines.
● Excellent organizational, analytical, and independent problem solving skills.
● Demonstrated excellent oral and written communication skills necessary to interact effectively with
colleagues and with users of varying technological skill levels.
● Strong customer / end-user / client service orientation.
● Thrives working in a highly collaborative and team environment.
● Highly self-motivated and directed.
● Ability to provide 24/7 support to respond to critical incidents or business impacting project
deliverables.
● Keen attention to detail.
● Capability for problem solving, decision making, sound judgment, assertiveness.
● Ability to deal with difficult situations, unclear priorities and blocking stakeholders.
● Ability to work decisively under heavy workload considering the criticality, urgency and extended
work hours required to ensure availability of the service in accordance with service level
commitments.
● Ability to manage multi-cultural and multi-located teams.
Leadership skills:
● Lead by example on values and culture.
● A natural leader whose personality and communication skills instill a sense of credibility and trust.
● Able to coherently explain the proposed design and gain stakeholder buy-in to the proposed
solution.
● Cost conscious and keeps a big picture perspective.

Required skills:
● Authentication and Access Control Tools, Management and Administration.
● Application Security Architecture & Cloud Computing Concepts.
● Change & Security Configuration Audit and Control.
● Encryption Processes, Management and Administration.
● Experience in static and dynamic security testing (code review, vulnerability analysis, Ethical
Hacking)
● Knowledge in offensive security methodologies (OWASP, MASVS, OPENSAMM, CKC, etc).
Knowledge in tools such as OwaspZap, Burpsuite, Nessus, Service Manager, Git, Fortify, Codacy,
Sonarqube.

Desired skills:
● Knowledge in AWS cloud security.

Languages:
● English desired (written & spoken)
● Spanish required (written & spoken)

Benefits:
- Law benefits
- Courses and certifications

Mínimo Nivel Académico Requerido

Universidad Completa

Mínimo Nivel de Inglés Requerido

Avanzado
Oferta destacada

Automatizador de Pruebas en Sofka Technologies

  • Ubicación: Bogotá | Departamento: Bogotá Dc
  • Nosotros (Torre) estamos ayudando a Sofka Technologies a encontrar al mejor candidato para unirse a su equipo tiempo completo para el rol de Automatizador de...
  • Publicación: 26/10/2024 - Salario: ----------
Oferta destacada

DIRECTORA COMERCIAL SALA DE VENTAS - SECTOR CONSTRUCTOR

  • Ubicación: Chapinero | Departamento: Bogotá Dc
  • Empresa del sector constructor requiere DIRECTORA COMERCIAL con experiencia en vivienda nueva para Sala de Ventas. Sus funciones son asesorar y hacer ventas efectivas a...
  • Publicación: 23/11/2024 - Salario: A CONVENIR
Oferta destacada

Expert/Tutor in STEM Subjects

  • Ubicación: Remote | Departamento: Bogotá Dc
  • Looking for an Expert/Tutor in Chemistry, Physics, Math, Environmental Science and other STEM subjects! Livingston Research delivers help and support to private and business clients...
  • Publicación: 16/11/2024 - Salario: 900-1500 USD