Empresa GSB Descripción de la Empresa La visión de GSB nos compromete a ofrecer a nuestros clientes servicios de primera mano, motivándonos a ampliar nuestra presencia global constantemente. Departamento Bogotá DC Localidad Bogotá - Remoto Tipo de Contratación Tiempo Completo Descripción de la Plaza Main Activities / Responsibilities: Generation of threat modeling analysis, security requirements and abuse cases for all developments carried out in ADC. Analyze changes to existing software looking for security risks that can be implemented in the coding process. Identify vulnerabilities in the source code and in the runtime application. Determine and advise on the recommended security controls required to remediate findings and issues in an efficient and concise manner. Generate awareness campaigns to all stakeholders of the software process. Help developers to use secure coding practices, as well as resolve specific doubts about vulnerabilities identified in the different testing scenarios. Align security solutions to Holcim methodologies and standards. Design, implement, and support the security model for general security solutions. Develop and drive the implementation of security best practices and standards. Review requests for new systems or changes to existing systems and evaluate the impact to security. Conduct pre-audits on security issues of concern, work with the user community on remediation; conduct spot checks of user security to ensure compliance. Provide technical Support for security issues related to in-scope applications, infrastructure as code and cloud services. Provide support to other colleagues in terms of technical/functional expertise with the assigned business processes. Expert in Vulnerability Management tools like Qualys or Nessus. Qualifications: Bachelor's degree in Computer Science, Engineering, or related discipline with an IT focus. Certifications: CISSP, CISM, CISA, CRISC ITIL, CMMI, ISO 27001, GSEC, CSSLP. Ethical Hacking certifications desired. Secure coding certifications desired. Required Experience: At least 4 years of experience in IT Security and development, delivering applications with a secure focus, assessments and audits. Experience in fullstack development, object-oriented programming, microservices oriented architecture, with knowledge in agile methodologies and DevOps model. Desired Experience: Experience on secure development and ethical hacking. Experience with vulnerabilities and fixes for different languages (C, C#, Java, Javascript). Soft skills: Experience coordinating and completing multiple tasks within established and changing deadlines. Excellent organizational, analytical, and independent problem solving skills. Demonstrated excellent oral and written communication skills necessary to interact effectively with colleagues and users of varying technological skill levels. Strong customer / end-user / client service orientation. Thrives working in a highly collaborative and team environment. Highly self-motivated and directed. Ability to provide 24/7 support to respond to critical incidents or business impacting project deliverables. Keen attention to detail. Capability for problem solving, decision making, sound judgment, assertiveness. Ability to deal with difficult situations, unclear priorities and blocking stakeholders. Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure availability of the service in accordance with service level commitments. Ability to manage multi-cultural and multi-located teams. Leadership skills: Lead by example on values and culture. A natural leader whose personality and communication skills instill a sense of credibility and trust. Able to coherently explain the proposed design and gain stakeholder buy-in to the proposed solution. Cost conscious and keeps a big picture perspective. Required skills: Authentication and Access Control Tools, Management and Administration. Application Security Architecture & Cloud Computing Concepts. Change & Security Configuration Audit and Control. Encryption Processes, Management and Administration. Experience in static and dynamic security testing (code review, vulnerability analysis, Ethical Hacking). Knowledge in offensive security methodologies (OWASP, MASVS, OPENSAMM, CKC, etc). Knowledge in tools such as OwaspZap, Burpsuite, Nessus, Service Manager, Git, Fortify, Codacy, Sonarqube. Desired skills: Knowledge in AWS cloud security. Languages: English desired (written & spoken). Spanish required (written & spoken). Benefits: Law benefits. Courses and certifications. Mínimo Nivel Académico Requerido: Universidad Completa Mínimo Nivel de Inglés Requerido: Avanzado #J-18808-Ljbffr