Responsibilities:
- Finalize the current state assessment of the integration of cybersecurity into the IT systems development lifecycle
- Develop recommendations to better integrate security into the IT systems development lifecycle
- Author policies, standards, and processes to facilitate effective and efficient integration of security into the IT systems development lifecycle
- Initiate and execute the security relevant processes to integrate cybersecurity into the IT systems development lifecycle to include but not limited to:
- Cyber risk assessments for IT projects
- Develop and review cybersecurity requirements for IT projects
- Review IT architectures for relevant cybersecurity risks
- Review of available and applicable controls to mitigate cybersecurity risks to IT projects
- Develop test plans for cybersecurity relevant controls inherited by or unique to IT projects
- Good written and verbal English communication skills along with the ability to frame and communicate complicated technical cybersecurity topics to IT and business partners
- A strong understanding of current adversary attack methodologies and applicable cybersecurity controls along with the ability to justify the applicability of specific controls against specific adversary tactics, techniques, and procedures
- Experience in developing or refining either systems or software development lifecycle processes in accordance with any established methodology (preferably more than 1)
- Demonstrated experience in developing or applying IT risk management processes
- Demonstrated experience in assessing IT projects for cybersecurity risks at a highly detailed level, including but not limited to the evaluation of the majority of the following aspects of IT projects: networking, authentication & authorization (especially Microsoft Active Directory and/or Sailpoint technologies), Windows security, Linux security, and auditing & logging
- Demonstrated experience as either a computer engineer, software developer, IT operating systems admin/engineer (Windows/Linux/Unix), or network admin/engineer
- Prior experience having written either scripts or application code for use in a production environment, in any language
