QE Security testing

Title: QE Security testing

Client: GCOM

Location: Remote

This is we need to focus

We are looking for security assessment lead. I need a person who would work together with GCOM security team, focusing on product security test and implementing process and controls.

product security test and implementing process and controls.  

Job Description:

This position is composed of a variety of activities, including very tactical, operational and strategic

activities in build and support of the ISM program

Strategic Support and Management

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT

risk management program to ensure risk is mitigated across all the products/projects.

• Develop, maintain and publish up-to-date information security process, standards and guidelines for the software products. Implemented controls to ensure contractual obligations and security requirements are met.   Oversee the approval, training, and implementation of security practices and standards..
• Design, plan, strategize security scanning, ensure that proper tests/ scans are executed. Discuss and walk dev tam through the results and prioritization of the findings
• Work directly with the GCOM security and project teams to facilitate IT risk assessment and risk management processes, and work with stakeholders across GCOM products on identifying acceptable residual risk.
• Provide regular reporting on the current status and progress of the information security program
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of

technical controls.

• Liaise with the architecture/dev team to ensure alignment between the security and architectures/infrastructure/development.
• Ensure that security programs comply with relevant laws, regulations, contracts requirements and policies to minimize or

eliminate risk and audit findings.

• Define and facilitate the information security risk assessment process, including the reporting and

oversight of treatment efforts to address negative findings.

• Manage security incidents and events to protect corporate IT assets, including intellectual property,

regulated data and the company's reputation.

• Help to develop and oversee effective compensation controls. Coordinate the development and execution of security test scanning.

Provide direction, support and in-house consulting in these areas.

• Experience with Fortify.io: The ideal candidate should have experience with Fortify.io and a deep understanding of how to run security scans using this tool.Familiarity with programming languages: The candidate should have experience with programming languages such as Java, C , C#, and Python, as these are the languages that Fortify.io supports.Knowledge of OWASP Top 10: The candidate should have a solid understanding of the OWASP Top 10 web application security risks and how to mitigate them.Understanding of security testing methodologies: The candidate should be well-versed in security testing methodologies