Security & Privacy Architect and SDL Coach

8 years

0 Lacs

Posted:5 days ago| Platform: Linkedin logo

Apply

Work Mode

On-site

Job Type

Full Time

Job Description

We are seeking a skilled and dynamic Security & Privacy Architect and SDL Coach to join our team and help strengthen the security posture of our software development lifecycle. This role combines a strong foundation in code analysis, security architecture, and coaching teams on security best practices. The ideal candidate will work closely with development teams, conducting security assessments, guiding secure coding practices, and ensuring compliance with industry standards.

As a Security & Privacy Architect, you will be responsible for identifying vulnerabilities and providing actionable recommendations to reduce security risks. As an SDL Coach, you will help application teams adopt security-focused practices into their software development lifecycle (SDLC) while ensuring compliance with regulatory standards like PCI-DSS.

Key Responsibilities

Code Analysis, Scanning, and Remediation

• Security Tool Configuration: Configure and operate security scanning tools (e.g., Snyk, Grit, Checkmarx, Coverity, Mend etc.) to scan applications and interpret results to identify potential security flaws.

• Static and Dynamic Code Analysis: Perform static and dynamic code analysis to identify vulnerabilities in the source code. Help App teams in adopting best practices.

• Vulnerability Remediation: Work directly with development teams to guide them in resolving identified vulnerabilities and promote secure coding practices.

• Issue Prioritization: Prioritize critical security issues and escalate them for immediate remediation when necessary.

Security & Privacy Architecture

• Security Assessments: Conduct in-depth security assessments to identify potential attack vectors, vulnerabilities, and risks in the application architecture and source code.

• Recommendations: Provide actionable recommendations to development and architecture teams to address security gaps and ensure compliance with security standards.

• Security Design: Assist in the design of secure application architectures that meet both business and security requirements.

SDL Coaching and Best Practices

• SDL Awareness: Conduct Security Development Lifecycle (SDL) Coaching and Assessments with development teams to raise awareness of security practices and ensure they align with best security practices.

• Security Best Practices Adoption: Guide teams in adopting and integrating Comcast Security practices into their SDLC, focusing on secure coding, testing, and deployment.

• Coaching & Mentoring: Provide ongoing coaching and mentoring to developers to help them understand the importance of security throughout the development process.

Compliance Lead (CGA, PCI, CPP)

• Regulatory Compliance: Participate in security risk assessments and ensure that applications comply with relevant industry standards and regulations (e.g., PCI-DSS, CGA, CPP).

• Audit Preparation: Assist application teams with preparation for security audits, providing guidance before and after audits to address any issues.

• Documentation: Ensure that all security compliance requirements are well documented and tracked.

Research and Continuous Improvement

• Threat Intelligence: Stay updated on the latest security threats, vulnerabilities, and emerging trends in application security to proactively mitigate risks.

• Tool & Framework Evaluation: Evaluate new security tools, frameworks, and technologies that can improve the effectiveness of security code scanning and remediation. Conduct comparative analysis and provide recommendations.

• Process Improvement: Continually assess and improve security processes within the development lifecycle to enhance overall security posture.

Required Qualifications

• Experience: 8+ years of experience in application security, including hands-on experience with code analysis, security testing, and risk assessments.

• Technical Skills:

o Strong understanding of secure software development practices.

o Familiarity with security tools such as Snyk, Grit, Checkmarx, Mend and other static/dynamic code analysis tools.

o Knowledge of security vulnerabilities (e.g., OWASP Top 10, CVEs) and remediation techniques.

o Experience with common security frameworks and methodologies (e.g., OWASP, NIST, CIS, PCI-DSS).

o Proficient in at least one programming/scripting language (e.g., Python, Java, C#, JavaScript).

• Compliance Knowledge: In-depth understanding of industry compliance standards such as PCI-DSS, CGA, and CPP.

• Communication Skills: Excellent written and verbal communication skills with the ability to interact with technical and non-technical teams alike.

Preferred Qualifications

• Certifications: CISSP, CISM, CISA, or equivalent security certification is highly preferred.

• Experience with Cloud Security: Knowledge of security best practices in cloud environments (AWS, Azure, GCP).

• Experience with DevSecOps: Experience with integrating security practices into DevOps pipelines and workflows.

Mock Interview

Practice Video Interview with JobPe AI

Start Python Interview
cta

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

coding practice

Enhance Your Python Skills

Practice Python coding challenges to boost your skills

Start Practicing Python Now

RecommendedJobs for You