2025-55 - Security Developer

Job Description: Identifies security vulnerabilities, continuously attempting to “break” software & systems; proposes & helps code solutions to cybersecurity problems.

• Designs, develops, and integrates new security features and updates into existing products and ensures security is maintained throughout the product life-cycle
• Provides product security engineering recommendations and resolves integration and testing issues
• Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities
• Promotes security and secure practices and consults non-security experts on all relevant security considerations

• GitLab Vulnerability Management (Development of Pipelines, Integrations of Security Scanning Tools i.e. SAST, DAST, Mobile, Secret)
• Experience with GCP (BigQuery, Cloud Run, GCS, Artifact Registry, Kubernetes)
• Ability to read and write code (i.e. Python, Node, SQL) to resolve and provide guidance on vulnerability remediation
• Strong communication (written and verbal) skills and the ability to explain technical concepts to non technical team members
• Familiarity with Security Governance and Policy Development

Strengthening Client's applications vulnerability posture by supporting developers across CXT with remediation of critical vulnerabilities. Work will encompass:

1. Engaging Teams: Providing support and insights on critical and high vulnerabilities through the Application Security Remediation (ASR) procedure. Serving as a subject matter expert for a security champions program and guiding team members through threat modelling processes
2. Development of controls, governance, monitoring of Application Security Processes and defining/writing/implementing security standards for secure development practices across the organization
3. Reporting & Data: Ensuring accurate ownership of GitLab projects and cleaning up attack surface data. We'll also document the vulnerability management procedure with clear governance and a RACI.
4. Tooling & Coverage: Expanding vulnerability coverage with Jira integration, Sonatype scanning, mobile app scanning, and binary scanning. All findings will be visible in real-time dashboards.
5. Upgrading Pipelines: Migrating from the existing compliance pipeline to a new, documented pipeline execution policy