NTT DATA is a team of more than 139,000 diverse professionals, operating in more than 50 countries throughout the world. The sectors where we have activities include telecommunications, finance, industry, utilities, energy, public administration, and health.
Our mission? Offer technological solutions, business strategy, development, and maintenance of applications, while being a benchmark in consulting. All thanks to the collaboration between teams, the human quality of our people, and the fact that we do not conform to what is established; we always seek innovation that brings us closer to the future.
Our essence has led us to the forefront of technology, breaking paradigms and providing solutions that truly respond to the needs of each client. Our talent has led us to be one of the top 6 technology companies in the world.
Tasks:
1. Ensure proper security processes are followed and applied by the developers (provide guidance, standards, ensure best security practices are followed and perform the necessary assessments and controls).
2. Provide support to the technical and development teams:
1. Support on the testing of any executable code that could eventually be deployed (using IAST / SAST / DAST / SCA solution).
2. Support on debugging and troubleshooting of build security issues and security remediation in general.
3. Support on the definition of additional policies / filters (license management, operational management, and how to stop builds / fail pipelines).
4. Support on the adjustment of roles and responsibilities and integrations with other internal / external tools (Threatfix, Defect Dojo, etc.).
5. Provide security advice in the whole SecDevOps lifecycle considering all components required per project.
6. Conduct a full review of the codes and changes that operations engineers may make in the system’s configuration considering Infrastructure as code solutions like Terraform, Ansible, Chef, Puppet, Saltstack.
7. Collaborate with internal teams and maintain Security tools updated / upgraded and well-configured.
8. Define SecDevOps standards and procedures, including Security automated tools standards and procedures for internal teams’ awareness.
9. Binding and augmentation of product-specific security controls to organization corporate tools.
10. Help with automation of vulnerability management and security incident management process steps.
Essential Experience:
1. Good knowledge of information security principles.
2. Base knowledge in Github, Gitlab, and/or Azure DevOps as CI/CD environments.
3. More than 5 years working in security, involved in the whole system lifecycle.
4. Analytical, organized, and efficient.
5. Able to set priorities to meet objectives.
6. Excellent team player with communication, facilitation, and interpersonal skills.
7. Understanding of network security, host security, container security, IDS/IPS (Network & Host), EDR & CSPM.
Additional Skills:
1. IAM / PAM (AD, Okta, CyberArk, HashiCorp), Backup / Restore, and security controls.
2. Cloud Security - CWPP (Microsoft Defender for Cloud, Lacework Cloud Security).
3. Containers - Podman, Vulnerability scanners.
4. Vulnerability management - CVE / CVSS, SAST / SCA.
5. Incident management - Splunk, Sentinel, SIEM integration, interfacing with SoC.
6. Remote access - MFA, VPN, Privileged Access Management.
7. Network security - Segmentation, Firewalls, IDS, IPS.
8. Restore, Disaster recovery.
At NTT Data, we believe everyone is unique and different; this is why we bet on an inclusive culture that recognizes and values diversity. We work day after day to create an environment in which we can explore, live, and enhance our own singularity.
#J-18808-Ljbffr