Product Security Analyst - Conversational AI (offline)
Requirements
Key Accountabilities
Secure Software Development Life-Cycle (SDLC):
Assist in editing policies and procedures documentation with regards to SDLC (for internal use, as well as for publication);
Drive the adoption of secure application design, integration with the best modern SDLC and CI/CD application security practices, testing methodologies, and post-production risk governance;
Dealing with implementing security and data privacy in every phase of SDLC, and participating in security audits and security risk assessments.
Evaluate risks deriving from deviation from secure coding principles and best practices, and propose mitigation activities to identified vulnerabilities:
Develop and maintain in-depth understanding of Development and Product teams’ processes, systems, technologies, data, customers, partners;
Proactively identify noncompliance and areas of potential improvement, and facilitate the development and deployment of standard solutions.
Privacy and Security by Design:
Embodying the role of Security Champion, participate in squad teams as security referent, present in all sprint activities, ensure that security and privacy are considered at all times during the development activities;
Communicate and oversee technical implementations of security solutions required to meet business objectives and Secure Software Development Lifecycle principles;
Ensure the implementation of the Information Security Policies and Standards, Best Practices and Guidelines, Configuration Baselines and Hardening Standards across the assigned Product and Delivery teams;
Review technical documentation and make recommendations for improvement in alignment with information security and data protection policies and best practices.
Support Product and Delivery teams, providing them with security expertise:
Raise the information security programs profile within the organization;
Provide security expertise, acting as the primary information security contact / adviser for the Product Owners / Technical Leaders / DevOps / Software Engineers / QAs, etc., serve as the conduit between teams to achieve good security. Be the liaison between Product, Delivery, and ISDP teams;
Connect with Development and Product teams, learn their needs, and offer them technical and operational support;
Assist in conversations between developers and security architects, creating concrete goals;
Work with the Governance, Risk and Compliance (GRC) team to drive policy and regulatory compliance;
Increase delivery of information security services internally;
Provide regular and timely reporting on the status of information security across the business units;
Provide escalation path for security issues, incidents, and inquiries Secure Coding Awareness.
Contribute actively and effectively as an integrated team member
Meet regularly with the line manager to review progress;
Manage issue resolution and critically escalate;
Work effectively with other teams, units, and departments;
Manage issues with clarity and ensure effective information flow and team working;
Support other organization’s priority activities, when necessary;
Act as an Omilia ambassador.
Mandatory knowledge, skills & experience:
Bachelor`s degree in technical studies, Computer Science, Information Security, Mathematics, or related field;
2-3 years of Information Technology, with a background in Information Security and Compliance;
Experience working in Agile or Waterfall methodology and a deep understanding of phased approaches to the Secure Software Development Life Cycle;
Broad technical background and solid understanding of application security (including OWASP), network security, Identity and Access Management, cryptography, and cloud security principles;
Demonstrated experience assessing and managing technology and information security risks related to application, network, and infrastructure;
Ability to analyse systems, threat model new features, identify security vulnerabilities in implementation, and recommend information security controls to ensure end to end protection;
At least one Security certification (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor);
Knowledge and experience of Information Security Risk and Security Governance;
Ability to communicate clearly and effectively with both technology/development and business partners;
Ability to translate technical/security issues to business users;
Effectively communicate technical issues to diverse audiences, both in writing and verbally;
Work independently and prioritize multiple tasks and adapt to needed changes;
Ability to work under strict deadlines and remain calm under high pressure/difficult situations;
Strong skills in written and verbal communication in English
Nice to have
Master’s degree in Computer Science or Information Security;
Security certifications (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor, GRCP);
Experience in one or more of the following areas: Network Administration, Systems Administration, SDLC, Encryption, Asset Management, Identity and Access Management, IT operations;
Excellent understanding of AI & IT industry.
Benefits
Fixed compensation;
Long-term employment with 24 working days vacation;
Development in professional growth (courses, training, etc);
Being part of successful cutting-edge technology products that are making a global impact in the service industry;
Proficient and fun-to-work-with colleagues;
Apple gear.
Key Accountabilities
Secure Software Development Life-Cycle (SDLC):
Assist in editing policies and procedures documentation with regards to SDLC (for internal use, as well as for publication);
Drive the adoption of secure application design, integration with the best modern SDLC and CI/CD application security practices, testing methodologies, and post-production risk governance;
Dealing with implementing security and data privacy in every phase of SDLC, and participating in security audits and security risk assessments.
Evaluate risks deriving from deviation from secure coding principles and best practices, and propose mitigation activities to identified vulnerabilities:
Develop and maintain in-depth understanding of Development and Product teams’ processes, systems, technologies, data, customers, partners;
Proactively identify noncompliance and areas of potential improvement, and facilitate the development and deployment of standard solutions.
Privacy and Security by Design:
Embodying the role of Security Champion, participate in squad teams as security referent, present in all sprint activities, ensure that security and privacy are considered at all times during the development activities;
Communicate and oversee technical implementations of security solutions required to meet business objectives and Secure Software Development Lifecycle principles;
Ensure the implementation of the Information Security Policies and Standards, Best Practices and Guidelines, Configuration Baselines and Hardening Standards across the assigned Product and Delivery teams;
Review technical documentation and make recommendations for improvement in alignment with information security and data protection policies and best practices.
Support Product and Delivery teams, providing them with security expertise:
Raise the information security programs profile within the organization;
Provide security expertise, acting as the primary information security contact / adviser for the Product Owners / Technical Leaders / DevOps / Software Engineers / QAs, etc., serve as the conduit between teams to achieve good security. Be the liaison between Product, Delivery, and ISDP teams;
Connect with Development and Product teams, learn their needs, and offer them technical and operational support;
Assist in conversations between developers and security architects, creating concrete goals;
Work with the Governance, Risk and Compliance (GRC) team to drive policy and regulatory compliance;
Increase delivery of information security services internally;
Provide regular and timely reporting on the status of information security across the business units;
Provide escalation path for security issues, incidents, and inquiries Secure Coding Awareness.
Contribute actively and effectively as an integrated team member
Meet regularly with the line manager to review progress;
Manage issue resolution and critically escalate;
Work effectively with other teams, units, and departments;
Manage issues with clarity and ensure effective information flow and team working;
Support other organization’s priority activities, when necessary;
Act as an Omilia ambassador.
Mandatory knowledge, skills & experience:
Bachelor`s degree in technical studies, Computer Science, Information Security, Mathematics, or related field;
2-3 years of Information Technology, with a background in Information Security and Compliance;
Experience working in Agile or Waterfall methodology and a deep understanding of phased approaches to the Secure Software Development Life Cycle;
Broad technical background and solid understanding of application security (including OWASP), network security, Identity and Access Management, cryptography, and cloud security principles;
Demonstrated experience assessing and managing technology and information security risks related to application, network, and infrastructure;
Ability to analyse systems, threat model new features, identify security vulnerabilities in implementation, and recommend information security controls to ensure end to end protection;
At least one Security certification (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor);
Knowledge and experience of Information Security Risk and Security Governance;
Ability to communicate clearly and effectively with both technology/development and business partners;
Ability to translate technical/security issues to business users;
Effectively communicate technical issues to diverse audiences, both in writing and verbally;
Work independently and prioritize multiple tasks and adapt to needed changes;
Ability to work under strict deadlines and remain calm under high pressure/difficult situations;
Strong skills in written and verbal communication in English
Nice to have
Master’s degree in Computer Science or Information Security;
Security certifications (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor, GRCP);
Experience in one or more of the following areas: Network Administration, Systems Administration, SDLC, Encryption, Asset Management, Identity and Access Management, IT operations;
Excellent understanding of AI & IT industry.
Benefits
Fixed compensation;
Long-term employment with 24 working days vacation;
Development in professional growth (courses, training, etc);
Being part of successful cutting-edge technology products that are making a global impact in the service industry;
Proficient and fun-to-work-with colleagues;
Apple gear.
About Omilia Natural Language Solutions Ltd
Omilia Natural Language Solutions Ltd___1___ Omilia is the leading provider of Conversational AI Technology in B2B market (Voice bots, Chatbots, Voice Biometrics, NLU, Machine Learning).
___2___ Omilia established in 2002 in Athens, Greece.
___3___ Omilia is a (Product) Software Development Company with HQ in Athens and subsidiary in Kyiv.
___4___ In Ukraine we employ more than 60 IT specialists and more than 250 IT specialists worldwide (Greece, Ukraine, Czech Republic, Argentina, Azerbajzhan, South Africa, USA, Canada).
Company website:
https://omilia.com/
DOU company page:
https://jobs.dou.ua/companies/omilia-ltd/
The job ad is no longer active
Job unpublished on
23 February 2023
Look at the current jobs Security →
Average salary range of similar jobs in
analytics →
Similar jobs
Mobile Assessment Engineer at Samsung R&D Institute Ukraine
Relocate, Ukraine
SOC-аналітик at Metinvest Digital
Ukraine
Vulnerability Management Specialist at MODUS X
Ukraine
All jobs Omilia Natural Language Solutions Ltd