Summary:Cyber Security Lead implements application security strategy based on OWASP Software Assurance Maturity Model, creates and enforces policy and guidelines, performs risk assessment and threat modeling for application portfolio, and tracks closure of security vulnerabilities as per defined SLAs. Serves as liaison with broader Information Security and Regulatory Compliance teams, participates in security audits, and mentors engineering teams on secure development.
- Manage and enforce application and cloud security policy and guidelines
- Classify applications by business risk and application specific threat models
- Define control requirements and gates as per application risk profile
- Perform application security assessments and own application security requirements for product development
- Review vulnerability scan results and track closure of vulnerabilities
- Produce and track security metrics
- Mentor and educate product development and quality engineers on secure development
- Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
- Provide inputs to enhance enterprise architecture blueprint and SDLC to incorporate latest developments and changes in security landscape
- Liaison with Information Security teams to design and implement security solutions across stacks and disciplines, prepare and execute incident response
- Liaison with compliance team on security requirements from regulatory, PCI, and card brand perspective
- Lead certification efforts for PCI Secure Software Life Cycle Standard
- Participate and provide relevant inputs and evidence for internal and external security audits
- A minimum of 5 years experience in cyber security risk analysis and threat modelling.
- Experience working with DREAD and/or FAIR frameworks preferred
- Knowledge of Software Security Assurance frameworks preferably OWASP SAMM
- Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
- In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
- Experience with vulnerability results analysis and recommended corrective actions
- Experience with SAST, DAST, Software composition analysis, and Binary fuzzing tools and techniques
- Experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
- Experience creating and managing policy, processes and procedure documents
- Working knowledge of network/infrastructure security technologies (firewall, IDS/IPS, WAF)
- Strong analytical, interpersonal and communication skills
- Ability to train and mentor agile development teams
- Experience with Fortify On Demand, Burp Suite preferred
- Knowledge of PCI standards preferred
- Relevant industry security certification preferred
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.