Beschreibung
Web Security Specialist6 month contract
Fully remote (Candidates outside of the EU must be wiling to work GMT hours)
Role
- Profound expert knowledge of Web systems especially CMS (Mobile, Web, API, Microservices and Database)
- Hands on knowledge on Web security modules and secure configuration
- Profound knowledge on Role Based Access Control (RBAC) for Web applications
- Configure and implement SCM gitflows and CI/CD tools as per architecture
- Integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production
- Support the engineering teams in growing and maintaining the Infrastructure as code / Continuous Integration / Continuous Delivery
- Support build and release processes for multiple solution layers including front-end (Mobile and Web), API, Microservices and Database, for dev, test, and production servers
- Mentor development teams, review pull requests, and guide evolution of the development pipeline
Experience
- Knowledge in managing, securing and preparing Dev, Test and Production environments
- Experience with multiple Application Security Tools (SAST, DAST, IAST, MAST Security Static/Dynamic code analyses and Interactive application security testing) and the integration into the SDLC via CI Automation and Integration (focus on SAST using Checkmarx)
- Familiar with ISMS(ISO/IEC 27000), NIST Cybersecurity Framework, CIS Controls and Open Web Application Security Project
- Experience with modern application packaging, deployment, containerisation, bug tracking tools and other supporting tools (TeamCity, Jenkins, Docker, Kubernetes, Jira, Confluence, etc.);
- Strong RESTful API development. API Gateway knowledge is a plus
- Experience and solid knowledge on computer and network security
- Hands-on experience and proficiency in API test automation and standardisation
- Must have practical experience managing Agile Release Management and maintaining a scalable SDLC
- Must have administered and automated practical solutions for SDLC and Release management through CI/CD and related tools including but not limited to: Bitbucket, Jenkins, Maven, Nexus, Artifactory, SonarQube, Jira, Confluence, and collaboration tools such as MS Teams or Slack;
- CISSP certification highly appreciated
- Drupal or other related Web CMS Experience is highly preferred