IT SECURITY ENGINEER - CLOUD

***This position can be 100% remote within the U.S.***

In this very exciting IT Security Engineer role you are collaborating with engineering teams and reviewing and interpreting SAST, DAST and Open-Source scanning results to help developers identify, prioritize, and remediate vulnerabilities in internally developed applications.

And WHY is this so exciting?

You are playing a majorly important role in guiding development teams through the defensive coding practices and ensuring security fixes are validated using relevant tools, techniques, and developed procedures.

Some of the cool things you will develop, work on and be responsible for:

• Partner with product and technology teams to ensure security requirements are incorporated into technical designs to deliver secure solutions supporting business velocity
• You will be leveraging building blocks such as JIRA, confluence, Jenkins, Maven, BlackDuck, Coverity, Docker, etc.
• Collaborate with product and technology teams to continually enhance build infrastructure
• Ensure applications are onboarded for scanning and help with identification of vulnerabilities earlier in the development process
• Guide product and engineering teams in building secure features through security architecture design reviews and threat modeling
• Use attack driven techniques to defend applications and systems by discovering weaknesses in web and mobile application portfolio
• Research relevant attack methods and engage with relevant teams to ensure applicable risks are identified and addressed
• Analyze the software development lifecycle for process improvements and automation opportunities
• Assist in creation of security training.
• Assist in development of automated security testing to validate that secure coding best practices are being used
• Coordinate with Technology Leadership and Technology Teams to drive compliance with Wolters Kluwer Global Security Policy

The experience we look forward to you having:

• Minimum of 5 years’ experience in the architecture, design, and implementation of secure solutions for infrastructure, applications, and compliance.
• Think like an attacker and anticipate how weaknesses are exploited by researching relevant attack methods
• Hands-on experience with Coverity and Black Duck: installation, application deployment, and troubleshooting
• Hands-on experience with diverse DevSecOps concepts / tools, especially on Azure DevOps, Pipelines, etc.
• Detailed understanding of OWASP Top 10 other software security taxonomy, guidelines, and best practices.
• Experience with cloud security supporting phased journey to cloud
• Experience in developing in common languages and frameworks such as .NET, Java, React, Angular, Python, Node.js, Vue.js

Bachelor's degree in mathematics, computer science, information systems, or equivalent work experience