Key Responsibilities:
· Profound expert knowledge of Web systems especially CMS (Mobile, Web, API, Microservices and Database)
· Hands on knowledge on Web security modules and secure configuration
· Profound knowledge on Role Based Access Control (RBAC) for Web applications
· Configure and implement SCM gitflows and CI/CD tools as per architecture
· Integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production
· Support the engineering teams in growing and maintaining the Infrastructure as code / Continuous Integration / Continuous Delivery
· Support build and release processes for multiple solution layers including front-end (Mobile and Web), API, Microservices and Database, for dev, test, and production servers
· Mentor development teams, review pull requests, and guide evolution of the development pipeline
Background & Knowledge
· Must have a solid exposure to web security and coding standards
· Knowledge in managing, securing and preparing Dev, Test and Production environments
· Experience with multiple Application Security Tools (SAST, DAST, IAST, MAST Security Static/Dynamic code analyses and Interactive application security testing) and the integration into the SDLC via CI Automation and Integration (focus on SAST using Checkmarx)
· Familiar with ISMS(ISO/IEC 27000), NIST Cybersecurity Framework, CIS Controls and Open Web Application Security Project
· Experience with modern application packaging, deployment, containerisation, bug tracking tools and other supporting tools (TeamCity, Jenkins, Docker, Kubernetes, Jira, Confluence, etc.);
· Strong RESTful API development. API Gateway knowledge is a plus
· Experience and solid knowledge on computer and network security
· Hands-on experience and proficiency in API test automation and standardisation
· Must have practical experience managing Agile Release Management and maintaining a scalable SDLC
· Must have administered and automated practical solutions for SDLC and Release management through CI/CD and related tools including but not limited to: Bitbucket, Jenkins, Maven, Nexus, Artifactory, SonarQube, Jira, Confluence, and collaboration tools such as MS Teams or Slack;
· CISSP certification highly appreciated
· Drupal or other related Web CMS Experience is highly preferred.