MCS Group are delighted to be working alongside an industry leader within the security sector who have recently opened their centre of excellence in Ireland. The company is looking for an experienced senior security engineer to work alongside the VP of engineering and report directly into the CTO. This role will be for someone who has strong software development experience but also comes from an architectural background with strong knowledge of software security. This is an exciting opportunity to build and run the security team within the company and have a massive impact on the technical direction and strategy of the company during their most exciting period of growth to date.

Responsibilities:

Establishing a Product Security Board and Gap Analysis

1. Build the Security Board Team: Assemble a team responsible for making all product security decisions for the company. This team will consist of individuals knowledgeable about security and various aspects of the product.

2. Conduct Gap Analysis: Evaluate existing processes and policies in the software development life cycle. Identify gaps in security practices and policies.

3. Develop Threat Model: Create a threat model specific to the company, identifying potential security threats and vulnerabilities.

Implementing SSDLC Process

1. Review High-Level Design (HLD) and Security Sign-Off: Review the high-level design of the software and ensure that security considerations are addressed before proceeding.

2. Implement CI/CD Pipeline Changes: Incorporate security checks and controls into the continuous integration and continuous deployment (CI/CD) pipeline to automate security testing throughout development.

3. Provide Security Training and Guidelines: Train developers in security best practices and create guidelines to ensure secure coding practices are followed.

Security Testing

1. Develop Internal Pen Testing Process: Establish a process for internal penetration testing using tools like OWASP/ZAP, and consider involving ethical hackers or red teaming exercises.

2. Coordinate Pen Testing and Resolutions: Coordinate with QA and release teams to conduct penetration tests for each release and ensure timely resolution of identified vulnerabilities.

Operations

1. Run Bug Bounty Program: Initiate a bug bounty program to incentives external researchers to identify and report security vulnerabilities.

2. Operate Product Security Ops Team: Set up a team to respond to and manage security incidents effectively.

3. Communicate Security Issues: Provide clear communication within the organisation regarding security-related technical issues.

4. Draft, Review, and Approve Security Advisories: Collaborate with the documentation team to create and approve security advisories for public communication.

5. Handle Customer Communication: Professionally address and communicate security-related matters to customers.

6. Metrics and KPIs: Establish and maintain metrics and key performance indicators (KPIs) related to product security to track progress and improvements.

Overall, this role will demonstrate a strong focus on embedding security into every phase of the software development life cycle, from design to operations. It involves various teams, processes, and practices to ensure that security is an integral part of the company's development and maintenance. Regular monitoring, testing, and collaboration will contribute to a robust and secure software product.

To speak in absolute confidence about this opportunity, please send an up-to-date CV via the link provided or contact Jamie Hunter Specialist Recruitment Consultant at MCS Group.

Even if this position is not right for you, we may have others that are. Please visit MCS Group to view a wide selection of our current and exclusive roles.