Application Security engineer

Infosys Consulting is the worldwide management and IT consultancy unit of the Infosys Group (NYSE: INFY), a global advisor to leading companies for strategy, process engineering, and technology-enabled transformation programs.

We partner with clients to design and implement customized solutions to address their complex business challenges, and to help them in a post-modern ERP world. By combining innovative and human-centric approaches with the latest technological advances, we enable organizations to reimagine their future and create sustainable and lasting business value.

A pioneer in breaking down the barriers between strategy and execution, Infosys Consulting delivers superior business value to its clients by advising them on strategy and process optimisation as well as IT-enabled transformation. To find out how we go beyond the expected to deliver the exceptional, visit us at www.infosysconsultinginsights.com Infosys Consulting – is a real consultancy for real consultants.

Requirements

Location: Perth/ Brisbane

Duration: 6 Months with possible extensions.

Daily rate: AUD 950 INC of all charges.

About the role

The Specialist Cybersecurity role will be part of the Technology Secure & Architecture team, working as part of the GitLab Application Security project team. The focus of this role is to provide technical subject matter expertise focused on application security. The candidate will be responsible for deploying and maintaining various GitLab application security capabilities, as well as establishing the necessary standards and controls, as part of the DevSecOps framework with a focus on the cloud environment.

A prime candidate for this position should be passionate about cybersecurity, with strong background in secure application development and application security testing in the cloud environment e.g. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security, Secrets Management etc.

In this role you will:

• Support the development and maintenance of the application security framework for GitLab, ensuring key controls are in place and operate effectively throughout the application development lifecycle.
• Support the development and execution of the enterprise-wide application security program and associated performance metrics.
• Support the activities to develop technical requirements, evaluate vendor solutions, develop architecture and design, and test of application security solutions in collaboration with developers, application owners and service owners.
• Provide application security services including application security scans, code reviews, threat modelling, DevSecOps support, API security and container security.
• Define the security requirements and control gates in the software development lifecycle, including the operational processes and integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) in the CI/CD pipeline
• Advise on secure coding guidelines based on industry’s best practices such as OWASP Top 10, NIST, etc.
• Perform vulnerability risk assessments to evaluate the likelihood and impacts of each vulnerability and conduct manual verifications of vulnerabilities to reduce false positives and enhance remediation efforts.
• Participate in the establishment and maintenance of the Cloud Security Posture Management capability for secure hosting of applications.
• Establish appropriate controls to protect the confidentiality, integrity and availability of the applications in collaboration with Security Architects.
• Advise application owners in understanding the future state problems and challenges in cybersecurity and work collaboratively with them to enhance capabilities.
• Work with Legal teams and application owners globally on risk identification for information protection, translating application owner's requirements into technical controls.
• Assist and advise business teams with application security methodologies and best practices.

About you

• Strong experience in the industry (Mining, Resources, Banking or Telco), domain areas (Secure-by-Design Application Development, DevSecOps, Application Security, Cloud Security).
• Experience in Secure Development Life Cycle (SDLC), CI/CD pipelines (such as Gitlab, AzDO, and Bitbucket), and DevOps programming languages.
• Experience on Source Code Management (SCM) platforms such as Gitlab, AzDO, Bitbucket
• Foundational and cybersecurity related cloud certifications (AWS, Azure preferred or equivalent).
• Very good understanding of Cybersecurity best practices, standards and guidelines (NIST, OWASP, CVE, CVSS, etc)
• Knowledge and experience of Technology processes, systems and relevant security tools.
• Certified as a Cyber Security Professional (CISSP and/or CISM preferred or equivalent).
• Relevant background in secure application development/application security testing in the cloud environment e.g. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security, Secrets Management.

Benefits

We welcome applications from all members of society irrespective of age, sex, disability, sexual orientation, race, religion, or belief. We make recruiting decisions based on your experience, skills, and personality. We believe that employing a diverse workforce is the right thing to do and is central to our success.

We offer you great opportunities within a dynamically growing consultancy. You will elaborate and deliver best practice solutions and will be able to further develop your solution design, implementation, and project management skills. At Infosys Consulting you will discover a truly global culture, highly dedicated and motivated colleagues, a cooperative work environment, and interesting training opportunities.