Candidate must be a US Citizen or Green Card Holder
Responsibilities:
· Experienced Leader, as this role will build workstreams and a team to report to them, such as Application Security Analysts, Pen Testers, Security Engineers/ Architects, etc.
· Collaborate with development teams to ensure the adoption of Secure SDLC best practices across the entire application lifecycle.
· Maintain and monitor and overall, CHAMPION the SAST/DAST/SCA/IAST, etc. tools to ensure optimum performance with each capability to implement per the client.
· Perform code analysis of applications using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis as required. Veracode Platform tooling usage is a must.
· Able to identify new and alternative approaches to implementing and managing security activities. Provides security consultation and implementation of appropriate controls to minimize the risk of potential loss of revenue, business opportunity, or competitive advantage due to malicious attacks, accidental corruption of information, or unauthorized access to sensitive Company or Customer information assets.
· Partner with the Security Automation and Tooling team to identify and implement security tooling to identify security vulnerabilities and risks at scale as needed.
· Utilize SAST, SCA, and DAST tools to identify security flaws and best practices.
· Familiarity with application packaging activities to ultimately achieve code-scanning assessments as needed.
· Provide Secure-code training and best practice programs to development community via tooling partnerships as required.
· Accountable to manage all vulnerability management output from contractually obligated applications assigned per client. This can include leading and hosting triage calls with development squads to discuss reporting, scanning and remediation requirements, SLA’s, risk posture, and as needed working sessions to assist in tooling navigation.
· Leads the improvement of the accessibility of security through automation, continuous integration pipelines, and other means.
· Provide CI/CD tooling troubleshooting activities as required.
· Provide security consultation to improve awareness and compliance with security policy, processes, and standards.
· Produce useful and actionable dashboarding, reporting, metrics with various security tools per request to support the Application Security Security Engineering Team, this can include SAST, SCA, DAST, or general vulnerability information or CI/CD pipeline maturity posture as required.
· Participate in the deployment of security initiatives across the security teams
· Utilize ticketing processes for vulnerability remediation activities in cooperation with development teams.
· Adheres to Client Service Level Agreements expectations.
· Perform a variety technical writing activities such as generating process, standards, policies per security requirements.
· Perform various project management activities based upon need within Application Security Security Engineering Team
Requirements:
· Bachelors in computer science or related technical discipline and experience
· Practical experience in Application Security / DevSecOps-related role
· 5 years related experience with the end-to-end vulnerability management lifecycle (SAST, SCA and DAST); Great understanding of full SDLC.
· 5 years related experience / Understanding with various security assessment tooling such as Fortify, CheckMarx, Veracode, AppScan, etc.
· 5 years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
· Proficient understanding of MITRE ATTCK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
· Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C , C#, Python, JavaScript, PowerShell.
· Extensive experience with embedded software development and architectures, security protocols, applied cryptography and security standards.
· Strong hands-on working knowledge about modern web application architecture and how to secure it (OWASP, SANS Top 25).
About CapgeminiCapgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of nearly 350,000 team members in more than 50 countries. As we leverage cloud, data, AI, connectivity, software, digital engineering, and platforms to address the entire breadth of business needs, this passion drives a powerful commitment. To unlock the true value of technology for your business, our planet, and society for a more inclusive, sustainable future.
Get The Future You Want | www.capgemini.comAbout Cloud Infrastructure Services (CIS)CIS powers enterprises’ business and technology digital transformation by accelerating change, reinforcing cybersecurity, empowering employees, managing complexity and fostering adaptability.
Leveraging our close partnerships with leading cloud vendors and advanced intelligence from our global operations centers, our CIS teams are trusted by clients to securely navigate in today’s dynamic business environments, driving forward business value so they get the future they want.
Our five key service areas are:Cloud Services: Exploiting the cloud at speed and scaleEmployee Experience Services: Making the “future of work” work for our clientsCybersecurity Services: Securing Foundations to Create Open FuturesEnterprise Service Management: Taking charge of complexity to drive business valueInfrastructure Services: Managing and modernizing IT estatesWe pride ourselves on our inclusive and diverse workplace, a reflection of today’s global society’s richness and diversity and a place where our people feel empowered to build and choose meaningful careers, selecting a future where they can all thrive.
Come join our vibrant workforce at CIS to build an effective career that empowers you to get the future you want. Learn more about us at www.capgemini.com
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Please be aware that Capgemini may capture your image (video or screenshot) during the interview process. That image may be used for verification, including during the hiring and onboarding.
Candidate must be a US Citizen or Green Card Holder
Responsibilities:
· Experienced Leader, as this role will build workstreams and a team to report to them, such as Application Security Analysts, Pen Testers, Security Engineers/ Architects, etc.
· Collaborate with development teams to ensure the adoption of Secure SDLC best practices across the entire application lifecycle.
· Maintain and monitor and overall, CHAMPION the SAST/DAST/SCA/IAST, etc. tools to ensure optimum performance with each capability to implement per the client.
· Perform code analysis of applications using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis as required. Veracode Platform tooling usage is a must.
· Able to identify new and alternative approaches to implementing and managing security activities. Provides security consultation and implementation of appropriate controls to minimize the risk of potential loss of revenue, business opportunity, or competitive advantage due to malicious attacks, accidental corruption of information, or unauthorized access to sensitive Company or Customer information assets.
· Partner with the Security Automation and Tooling team to identify and implement security tooling to identify security vulnerabilities and risks at scale as needed.
· Utilize SAST, SCA, and DAST tools to identify security flaws and best practices.
· Familiarity with application packaging activities to ultimately achieve code-scanning assessments as needed.
· Provide Secure-code training and best practice programs to development community via tooling partnerships as required.
· Accountable to manage all vulnerability management output from contractually obligated applications assigned per client. This can include leading and hosting triage calls with development squads to discuss reporting, scanning and remediation requirements, SLA’s, risk posture, and as needed working sessions to assist in tooling navigation.
· Leads the improvement of the accessibility of security through automation, continuous integration pipelines, and other means.
· Provide CI/CD tooling troubleshooting activities as required.
· Provide security consultation to improve awareness and compliance with security policy, processes, and standards.
· Produce useful and actionable dashboarding, reporting, metrics with various security tools per request to support the Application Security Security Engineering Team, this can include SAST, SCA, DAST, or general vulnerability information or CI/CD pipeline maturity posture as required.
· Participate in the deployment of security initiatives across the security teams
· Utilize ticketing processes for vulnerability remediation activities in cooperation with development teams.
· Adheres to Client Service Level Agreements expectations.
· Perform a variety technical writing activities such as generating process, standards, policies per security requirements.
· Perform various project management activities based upon need within Application Security Security Engineering Team
Requirements:
· Bachelors in computer science or related technical discipline and experience
· Practical experience in Application Security / DevSecOps-related role
· 5 years related experience with the end-to-end vulnerability management lifecycle (SAST, SCA and DAST); Great understanding of full SDLC.
· 5 years related experience / Understanding with various security assessment tooling such as Fortify, CheckMarx, Veracode, AppScan, etc.
· 5 years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
· Proficient understanding of MITRE ATTCK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
· Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C , C#, Python, JavaScript, PowerShell.
· Extensive experience with embedded software development and architectures, security protocols, applied cryptography and security standards.
· Strong hands-on working knowledge about modern web application architecture and how to secure it (OWASP, SANS Top 25).
About CapgeminiCapgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of nearly 350,000 team members in more than 50 countries. As we leverage cloud, data, AI, connectivity, software, digital engineering, and platforms to address the entire breadth of business needs, this passion drives a powerful commitment. To unlock the true value of technology for your business, our planet, and society for a more inclusive, sustainable future.
Get The Future You Want | www.capgemini.comAbout Cloud Infrastructure Services (CIS)CIS powers enterprises’ business and technology digital transformation by accelerating change, reinforcing cybersecurity, empowering employees, managing complexity and fostering adaptability.
Leveraging our close partnerships with leading cloud vendors and advanced intelligence from our global operations centers, our CIS teams are trusted by clients to securely navigate in today’s dynamic business environments, driving forward business value so they get the future they want.
Our five key service areas are:Cloud Services: Exploiting the cloud at speed and scaleEmployee Experience Services: Making the “future of work” work for our clientsCybersecurity Services: Securing Foundations to Create Open FuturesEnterprise Service Management: Taking charge of complexity to drive business valueInfrastructure Services: Managing and modernizing IT estatesWe pride ourselves on our inclusive and diverse workplace, a reflection of today’s global society’s richness and diversity and a place where our people feel empowered to build and choose meaningful careers, selecting a future where they can all thrive.
Come join our vibrant workforce at CIS to build an effective career that empowers you to get the future you want. Learn more about us at www.capgemini.com
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Please be aware that Capgemini may capture your image (video or screenshot) during the interview process. That image may be used for verification, including during the hiring and onboarding.