Typical Day in Role:
• Collaborate with stakeholders across the Bank – technology, application security, security architecture, security advisory, fraud, compliance and business channel teams – to drive the product features and roadmap in application security domains like SAST, SCA, DAST etc across the Bank.
• Continuously evolve app sec product features based on industry best practices and emerging security threats.
• Govern and define DevOps pipeline and developer tooling use cases to integrate with enterprise app sec products.
• Will work closely with multiple cross enterprise teams to build business cases driving the adoption of new security products.
• Maintain up-to-date detailed knowledge of the application security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions, or enhancements to existing solutions, to improve overall application security.
• Create and maintain documentation that describes the system architecture, including diagrams, specifications, and guidelines.
• Implementation and operations governance based on the defined enterprise standard solution architecture and design patterns.
• Responsible for cost and benefit allocation and forecasts for various app sec products.
• Responsible for contracting and relationship management with vendors.
• Co-ordinate efforts from business, security and technology teams.
• Communicate regularly with various business channels on the progress made for various projects in the pipeline.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with our Values, Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
Candidate Requirements/Must-Have skills:
1. 10+ years of working experience as a Solution Architect or IT Security with focus on application security and/or DevOps.
2. 3+ years product management or similar experience with AppSec domains like SAST, SCA, DAST and/or tools like Veracode, Checkmarx, Fortify, Snyk, Burp Suite, Zap etc.
3. Excellent understanding of Agile development methodologies and continuous integration/continuous delivery (CI/CD) processes.
4. Experience in requirements analysis, feature design, and architectural design.
5. 3+ years’ experience with documenting process, requirements, and product information.
• Bilingual in Spanish is an asset
• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• Experience with API Security
• Experience with popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
• Experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
• Experience building business cases demonstrative value of a product and cost-benefit analysis
• Excellent written, presentation, and verbal communication skills to be able to work well with technical peers and business stakeholders at different levels within the organization.
• Strong decision making, forward thinking and creative problem-solving skills to anticipate and respond quickly to technological/market influences.
• Ability to work as part of a team, as well as work independently or with minimal direction.
• Bachelor’s degree in a technical field such as computer science, computer engineering or related IT field.
• Security certifications such as CISSP.