Descrição da Função :
A Blue Prism Application Security Engineer champions product development security, providing security education and awareness, designs and implements new security initiatives that enhances Blue Prisms security position and implements, maintains and enforces software security standards and compliance.
Drive security awareness through continuous education and quality documentation;
Ensure Blue Prism products are delivered with minimal security risk to the business or its customers
Ensure product standards and compliance
Provide technical subject matter expertise and security guidance to the business
Evolve and promote Blue Prisms security strategy internally and externally
Requisitos : Must-Have :
Proven background in software development, security consulting, penetration testing or similar role.
Awareness of international security standards such as OWASP top 10, CWE / SANS Top 25, HIPAA, NIST and how they apply to software development.
Strong knowledge of Security Architecture : threats, countermeasures, confidentiality, authenticity, integrity and non-repudiation.
Has a strong understanding of cryptography and its application to security.
Demonstrates a strong understanding of offensive and defensive security procedures and techniques.
Strong Knowledge of risk assessment tools and frameworks (STRIDE, DREAD, CVSS)
Strong Knowledge of OOP principles with a good understanding of one or more of the following programming languages : C#;
Experience of being able to identify and eliminate training needs with immediate teams and the wider organization.
Experienced in software development projects with a good knowledge of Agile SDLC and DevOps principles
Having good technical writing skills
Experience of performing security design reviews, threat modelling and risk assessments.
Experience of security testing and assurance
Experience and understanding of SAST tooling such as Checkmarx, Coverity, Veracode etc.
Experience and understanding of SCA tooling such as Snyk, Black Duck, SourceClear etc.
Nice to have : Nice to have :
Nice to have :
Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc)
Experience of using or Implementing the Blue prism product.
Theoretical and working knowledge of key peripheral technologies, including Windows Server / client fundamentals, Active Directory and security tooling.
Working knowledge of cloud security service design approaches (Azure, AWS, Kubernetes, Docker or GCP).
Experience of creating positive learning environments through interactive learning workshops and presentations.
Understanding of how to identify and remediate 3rd party license compliance and risk.
Drinks and Snacks in the office;
Knowledge Sharing Events;