Cyber Security specialist is responsible for using an advanced knowledge of continuous delivery processes and tools to take ownership and successfully enable continuous delivery of secure software products through repeatable and automated mechanisms.
A developer in this role is part of a team of software engineers responsible for establishment and maintenance of CI/CD deployment pipelines that support continuous delivery of applications for Honeywell Connected Enterprise Connected Buildings.
- Contribute to the design and implementation of continuous delivery approach and CI/CD deployment pipelines for cloud-based and installed software products.
- Ensure a focus on cyber-security quality assurance is embedded into all aspects of the CI/CD deployment pipeline from code development through build, test & deployment automation to production release.
- Work closely with operations and digital services teams to ensure cyber-security quality assurance measures for deployment environments, production releases are in place.
- Establish secure software definition of done criteria and associated metrics for cyber-security activities performed as part of the CI/CD deployment pipeline. Implement effective automation and visualization of cyber security stage gate completion checks.
- Drive continuous improvement activities to define, measure, visualize and improve key security KPIs and metrics
- Implement automation for repeatable security tasks, maintain and optimize security test suites. Proactively reduce manual security activities.
- Help Engineering and Product Management teams identify security requirements, identify threats, design, deliver and deploy secure software and respond to security incidents.
- Design and implement pragmatic approaches for migrating existing software products to CI/CD deployment pipeline and DevSecOps life-cycle.
- Audit CI/CD deployment pipeline elements related to security for correctness and completeness.
- Foster the growth of DevSecOps practices in local and global team, mentor and support team members in adopting the best in class practices in developing secure software in an agile environment. Provide subject matter expertise and training as required and demonstrate best practices through hands-on involvement in the software development of our products.
Key Success Factors (Key Metrics / KPIs / Deliverables)
- Productivity of software development CICD pipeline tasks
- Quality of software development – efficient use of CICD to deliver quality products
- Timeliness of software development tasks
- Responsiveness to security and other customer incidents
Required Skills and Experince
- A Bachelor's degree or equivalent in Computer Science/Engineering or equivalent work experience.
- Relevant Security certifications (CISSP, CCSP, CSSLP) and demonstrated expert knowledge on software security frameworks, requirements and threat analysis including application of OWASP tools and strategies.
- Experience in threat modelling for uncovering, priortising and documenting security threats
- Experience architecting and implementing DevSecOps pipelines including migration strategies for legacy software products
- Experience working and delivering secure software through an Agile SDLC
- Knowledge of modern web and mobile applications frameworks and their security requirements.
- Experience with securing professional cloud offerings and installed applications
- Experience with API, UI and Product Security automated testing frameworks and tools.
- Up-to-date knowledge with hands-on application of current and emerging software development and DevOps practices such as CI/CD, TDD, ATDD, Security Scanning and Testing, Continuous Delivery refactoring approaches. In-depth Knowledge of tools and automation approaches available to support these practices a plus.
- Proven ability to energize and develop people, drive change, help teams to mature in development practices and work with globally distributed, cross functional teams