Role Overview
We are seeking a Security Delivery Practitioner with expertise in DevSecOps, application security, infrastructure security, and operational security. The candidate will be responsible for defining security processes, provisioning secure environments, establishing secure interfaces, and providing actionable recommendations to enhance the overall security posture of applications and infrastructure.
The role involves hands-on execution of vulnerability scanning, security control implementation, operational hardening, and ensuring compliance with enterprise security standards. The practitioner will collaborate with cross-functional teams to integrate security into every stage of the delivery lifecycle.
Key Responsibilities
- Define, implement, and maintain security processes, provisioning standards, and secure interfaces for applications and infrastructure.
- Conduct and manage security vulnerability scanning activities, including:
- Host Configuration Review (HCR)
- Network Vulnerability Assessment (NVA)
- Penetration Testing (Pen Test)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Analyze security findings and drive remediation with development and operations teams.
- Implement and operationalize enterprise security solutions, including:
- HSMs (Hardware Security Modules)
- Endpoint Detection and Response (EDR) solutions
- Data Loss Prevention (DLP) tools
- Enterprise Antivirus solutions
Secure container orchestration environments (OpenShift, CloudFoundation, Kubernetes), including:
- Container traffic monitoring
- Container repository security
- Secure image management
- Enhance the security of Big Data architectures at scale, ensuring:
- Proper role-based access control (RBAC)
- Implementation of DLP and monitoring tools
- Data usage monitoring, reporting, and prevention measures
- Ensure compliance with operational security processes, including:
- OS-level and application-level patching
- Archival and housekeeping processes
- Server and application hardening procedures
- Adherence to IM8 security policies
- Provide recommendations for improving enterprise-wide security posture and resilience.
Required Skills & Qualifications
- Minimum 3 years of experience as a Security Delivery Analyst / Consultant with exposure to security operations and the security implementation lifecycle.
- Strong knowledge of DevSecOps practices, application, infrastructure, and operational security.
- CISSP, CCSP, CCSK, or equivalent certification preferred.
- Specialization in 1–2 areas of Cybersecurity, such as:
- Identity & Access Management (IAM)
- Cloud-native Security
- Container Orchestration Platform Security
- Broadening understanding of other cybersecurity domains.
Good-to-Have Skills (Optional)
- Familiarity with government security standards and processes, including:
- Security Self-Assessment Testing (SSAT)
- Security Compliance Checks
- Security Vulnerability Scanning
- DAST & SAST reviews
- Experience working with cloud-native security tools & environments.
Soft Skills
- Strong problem-solving and analytical abilities.
- Excellent communication and stakeholder engagement skills.
- Ability to work independently as well as in cross-functional teams.
- Proactive and detail-oriented approach to security delivery.