Profound expert knowledge of Web systems especially CMS (Mobile, Web, API, Microservices and Database)
Hands on knowledge on Web security modules and secure configuration
Profound knowledge on Role Based Access Control (RBAC) for Web applications
Configure and implement SCM gitflows and CI/CD tools as per architecture
Integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production
Support the engineering teams in growing and maintaining the Infrastructure as code / Continuous Integration / Continuous Delivery
Support build and release processes for multiple solution layers including front-end (Mobile and Web), API, Microservices and Database, for dev, test, and production servers
Mentor development teams, review pull requests, and guide evolution of the development pipeline Background & Knowledge Must have a solid exposure to web security and coding standards
Requirements:
Knowledge in managing, securing and preparing Dev, Test and Production environments
Experience with multiple Application Security Tools (SAST, DAST, IAST, MAST Security Static/Dynamic code analyses and Interactive application security testing) and the integration into the SDLC via CI Automation and Integration (focus on SAST using Checkmarx) ·
Familiar with ISMS(ISO/IEC 27000), NIST Cybersecurity Framework, CIS Controls and Open Web Application Security Project ·
Experience with modern application packaging, deployment, containerisation, bug tracking tools and other supporting tools (TeamCity, Jenkins, Docker, Kubernetes, Jira, Confluence, etc.); ·
Strong RESTful API development. API Gateway knowledge is a plus ·
Experience and solid knowledge on computer and network security ·
Hands-on experience and proficiency in API test automation and standardisation ·
Must have practical experience managing Agile Release Management and maintaining a scalable SDLC ·
Must have administered and automated practical solutions for SDLC and Release management through CI/CD and related tools including but not limited to: Bitbucket, Jenkins, Maven, Nexus, Artifactory, SonarQube, Jira, Confluence, and collaboration tools such as MS Teams or Slack; ·
CISSP certification highly appreciated ·
Drupal or other related Web CMS Experience is highly preferred.