Manager -Security Consulting

Cybersecurity at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients)

What will you be responsible for?

• Responsible for driving software security and code security practices that meets Providence software security policies to ensure Providence developed application code is secure and code vulnerabilities are remediated.
• Driving code security reviews and false positive analysis and shares best practices across the team.
• Identify scope for implementing security best practices and implement process workflows that strengthen the overall security posture.
• Participate in all aspects of agile software development, including design, implementation, and deployment to include code security aspects wherever needed in the application building phase.
• Troubleshoot, debug, and optimize security code remediation methods and stay ahead of with industry trends and emerging technologies related to secure code practices.
  
  
  

• Collaborate with cross-functional developer teams and engage in code scanning activities within Providence code repositories (ADO and GitHub)
• Propagate and educate developer teams about secure coding practices and assist in remediating code vulnerabilities identified in the scan.
• Identify and implement secure coding practices that aligns with industry standard frameworks such as NIST, CIS and Providence information security policies etc.
• Set-up regular meeting with stakeholders to show progress of software security scans and code vulnerabilities trends.
• Clearly communicate roadmap, backlog, and team updates across the organization.
  
  
  

• Bachelor’s degree in related filed, to include computer science, cyber security or equivalent combination of education and experience.
• 10 years of relevant post-qualification experience, with at least 3 years of proven experience in Application security testing, code scanning techniques, software security analysis and software code vulnerability remediation.
• Should have people management experience
• Solid understanding of Static Software Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA) and Code Security best practices.
• Hands-on experience in DAST, SAST, SCA vulnerabilities remediation and reporting with any industry leading toolset.
• Solid understanding in CI/CD pipelines and configuration of pipelines using GitHub actions or ADO pipelines or any automated method to perform code security scans in the code build process.
• Good understanding in implementing DevOps security best practices while building solutions.
• Familiarity with cloud native solutions, application containerization and container orchestration (Docker, Kubernetes), Infrastructure as Code (IaC), helm charts and YAML template configuration.
• Solid understanding of API integrations, code testing, integration testing and UAT testing methods.
• Scripting or programming understanding with Shell scripting, Power Shell, Python, KQL etc.