Security Engineer

Summary about this job

Detail information about job Security Engineer. Terms and conditions vacancy

Do you believe you can do anything? Then we’re here to help you do it.
 
If you have a desire to succeed and drive your own career, Dimension Data offers you the opportunity to make that happen.
 
We’re positioned to lead the change in the biggest transformation that the IT industry has seen in decades — and we need your talent, skill, and ambitious ideas. As a Global Top Employer to over 31,000 great people in more than 57 countries, you’ll be working with talented teams across the world. You’ll be doing great things for our clients and helping them achieve their business ambitions. 

We are currently looking for a Senior Security Engineer to join our Global Business for R&D Security ensuring the security of the organization’s technology portfolio through creating, implementing and reviewing security controls.

You will be required to;

(10%) Create, document and implement a security compliance framework for R&D.

• Create and build relationships with other security teams within Dimension Data including Group Information Security Services (GISS) and managed services security to understand their security and compliance directives, needs and perspectives.
• Represent R&D in broader security initiatives to ensure involvement and alignment. Review, contribute to or create Group Services and R&D security policies, procedures and guidelines.
• Translate security policies, standards and guidelines into specific deliverables that each role in R&D can deliver. Ensure R&D management are informed of significant Group Services security policy, standard or procedure changes.
• Coordinate the gathering of compliance evidence from teams within R&D then represent R&D beside Governance, Risk and Compliance (GRC, a function of GISS) at security audits.

(60%) Create, document and implement R&D security processes that (1) bring high security value relative to cost/effort and (2) align with Group Services’ security or compliance requirements.

• Continue and refine the current security processes including static analysis, vulnerability scanning, managing external penetration testing, code review and architecture review programs, adjusting as required. Select and manage vendors or work with administrators from other teams as required.
• Prioritize which security processes are run and for which projects when resources do not allow all processes to be implemented for all products.
• Align security processes with R&D practises by liaising with management and agile (SAFe) facilitators (e.g. scrum masters).
• Automate processes were possible and practical.
• Identify, gather and present relevant metrics and goals for the security program to stakeholders.
• Ensure all R&D staff are aware of relevant security policies, procedures and standards. Educate architects on security design considerations, developers on common security coding issues, DevOps on infrastructure security concerns and tools and Q&A on testing and locating security issues.
• In conjunction with GISS, coordinate security incident response procedures that affect R&D

(20%) Review the most important product designs or features, infrastructure changes and Individual Case Basis requests (ICBs) for security and compliance issues.

• Take a risk-based approach to security. Ensure suggested mitigations consider non-technical solutions, not just coding changes.
• Create, document and maintain R&D security standards, such as coding standards.
• Represent R&D security to regions or customers, including explaining the security vision, relevant security issues and the implemented and future mitigations.

(10%) Become a security thought leader in R&D, Group Services, Dimension Data and in the industry.

• Keep up-to-date with IT security trends, tools and practises. 
• Evangelize security and educate others on security practices throughout R&D.
• Propose security-related innovation projects and participate in innovation days (or equivalent).
• Speak at and attend conferences and user groups. Write articles or blogs both internally and externally

We are looking for someone with;

• Ability to connect with and demonstrate the Dimension Data Values of Teamwork, Personal Commitment, Professional Excellence, Partnerships, Proactivity and Multi-Cultural Strength
• An entrepreneurial spirit where the individual will see opportunities and take them on, create the desired reality and strive for excellence.
• Ability to work with and manage change and be comfortable working in a fluid environment and to lead others through ongoing change.  Sees change as an opportunity for growth.
• Working with ambiguity and being resourceful to find solutions, out of the box thinking required.
• Travel 5-10% of the time to planning sessions, Global Support Centres.

Education Requirements;

It is essential that the candidate has:

1. BS or MS in Computer Science or related technical field
2. Experience in an IT security role dealing with application security, DevSecOps or software development (e.g. security architecture, penetration testing, malware analysis). Experience finding and fixing OWASP Top 10 and CWE/SANS Top 25 security issues.
3. Experience working in software development and writing code, preferably as a software developer. Understand the software development process.
4. Understanding of the risk and effective trade-offs between probability and severity of threats against the cost of mitigations. Understanding of non-technical mitigations to security risks, not just code changes.
5. Ability to communicate effectively with different stakeholders, especially IT security staff, R&D management, solution architects, developers and QA. This includes written, verbal and presentation skills.
6. Willingness to be constantly learning, evaluating and explaining different security threats, vendors, products and services and relating them back to R&D products and processes.

Recommended:

1. Experience coordinating ISO 27001, PCI-DSS or a similar IT security compliance program.
2. Experience managing or leading a team or in project management.
3. Experience with static analysis (ideally Checkmarx), vulnerability management (ideally Qualys) and managing external penetration testing.
4. Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP) or equivalent.
5. High-level understanding of internal DD architectures, including Service Layer and GSOA, and tools, including EMR and ITSM.
6. Experience with programming languages and tools used by R&D (currently C#, AngularJS and NodeJS).
7. Scaled Agile Framework (SAFe) experience. Leading SAFe, SAFe PO/PM or equivalent or better certifications

 
We look for people with a client centric, consultative approach. You’re committed to excellence and ongoing development, and want to leverage the fantastic training opportunities that we offer. We want team players. We care about our clients, our colleagues, and the environment and we want you to do the same.

In return for your skills and your commitment to our values, you will be rewarded with a responsive and balanced workplace, unparalleled IT industry positioning, industry leading benefits, an excellent salary and bonus structure along with a talented and focused team.

Join our growing global team and accelerate your career with Dimension Data. Apply today!

Diversity in Dimension Data
Dimension Data is an equal opportunity employer with a global culture that embraces diversity.  All qualified applicants will receive consideration for employment and will not be unfairly discriminated against on any arbitrary ground including race, colour, sex, religion, national origin, veteran status, disability, gender identity, sexual orientation, or other protected category.

To be considered for the role click the 'Apply' button or for more information about this and other opportunities please contact Daniel Farrell on 1800 456 122. Please quote our job reference number: 369955.