GTIL Application Security Engineer (Sr. Associate) at Grant Thornton

DescriptionGrant Thornton isone of the worlds leading professional services networks with member firms in over 145 countries 75000 people and global revenuesof$ firms offer audit tax and advisory services to privately owned companies publicly listed companies public sector and not for profitorganisations both domestically and internationally.Grant Thornton International Ltd(GTIL)is the umbrella legal entityfor the Grant Thornton global network of member the strategic directionconvenes member firms connects global communities andprotectsthe brand and reputation of the and themember firms willcontinually improvethe sustainability oftheiroperations and strive to make a positive impact on clients people markets and the communities in which we operate in line with the UNs Sustainable Development Goals (SDGs).About the roleOverall role purposeThe Application Security Engineer plays a crucial role in overseeing the security of development operations (DevSecOps) for GTIL which includes globally distributed practice management applications. Reporting directly to the Application Security Managerand with key relationships to the Development Operations and IT project teams this role provides architectural analytical and operational expertise across a range of Azure services and other cloud-based security solutionsMain responsibilitiesSecuring the Software Development Life CycleSecurity oversight of the continuous delivery continuous integration (CI/CD) pipelineCombination of static and dynamic application security testing (SAST/DAST) to identify code bugs and application issues.Software composition analysis (SCA) to track all open-source components in the developers code base.Threat modelling to identify architectural design faults and potentially exposed targets of attack.Evaluate and advise on service deployment into a microservices architecture (Kubernetes) and operational functions relative to security best practices and compliance requirementsMaintain security issue tracking and reporting using Azure DevOps (ADO)Develop and maintain documentation of target state designs and security roadmaps.Evaluate applications and environments against Security Frameworks and Compliance requirements.Develop and manage Azure Policy to enforce Security Baseline standards.Person specificationPost high school education and/or work-related experience in Computer Science Information Systems or other Information Technology related fieldThis role best suits a candidate with a background in development who has made a transition to cloud security.The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization.Strong organisational and communication skillsAbility to learn and adapt to a constantly changing technology and threat landscape.Relationship building is a key requirement (this role scope of responsibility will on occasion extend to communicating with executive leadership and cross-functional teams)Provides expertise and solutions for complex initiatives and is capable of making independent decisions.Cultural awareness the ability to work well with people from different disciplines and backgrounds.Ability to be agile respond positively to change and contribute with an innovative and global mindset.ExperienceMinimum of 2-3 years working in development and security operations OR a combination of relevant experienceDemonstrated Security and Development Operational expertise:Azure DevSecOpsMicroservice architecture (Kubernetes)Authentication and Identity Governance (AzureAD Identity and Access Management OAuth 2.0 OpenID Conditional Access)Container security (Docker and Runtime)Encryption (Key Vault)Azure SQL Server and Azure Cosmos DBAzure Block Storage and Data Caching.net C# REST APITerraformCICD code analysis (SAST/DAST) ideally using VeracodeThreat modellingExperience DesirableSecurity Controls and BenchmarkingOWASP Application Security Verification StandardsAzure Policy and ComplianceCloud security certification e.g.Certified Cloud Security Professional (CCSP)GIAC Secure Software Programmer (GSSP)GIAC Cloud Security Automation (GCSA)Certificate of Cloud Security Knowledge (CCSK)The base salary range for this position in the firms Chicago IL and Cleveland OH offices only is between $96000 and $144000 per year.Required Experience:Senior IC Key Skills Children Activity,EAM,Engineering Support,Maintenance Engineering,Accident Investigation,Branding Employment Type : Full-Time Experience: years Vacancy: 1 Yearly Salary Salary: 96000 - 144000