ProViso Consulting
Story Behind the Need:
• Business group: Cloud & Application Security Product and Architecture – team is a product group within Cloud and Applications Security. This team focuses mainly on strategy building.
• Project: Application Security SME contractor needed to help design the new software composition analysis (SCA) platform and migration strategy from Black Duck into Cloud. Will be supporting AppSec Product (OSS).
• Migration from SCA tool – to another vendor to the Cloud -on-prem to Cloud – a lot of integration work needed, SSO, LAM/WAM, JIRA integrations, Service Now – log monitoring, pipeline integration, artifact integration – expectation is the Architect should be able to lead these integrations and migration and have experience with all of these – will be working on other projects later on so DAST, SAAST
• Reason for request: Project requirement
Candidate Value Proposition:
• The successful candidate will have the opportunity to lead one of the major cloud transformations in the industry, high visibility program.
Typical Day in Role:
• Network security is cloud is one of the crucial security domains, with a highly specialized experience required, and forms a fundamental building block in the entire cloud architecture.
• SCA Design for selected vendor including the below tasks:
o SCA SaaS Tenant set up
o SCA SaaS Integration with Bank incl. SSO, ESLM, CI/CD
o Migration Design from Black Duck to a new SCA vendor
• Collaborate with cloud infrastructure, DevOps and development teams to integrate security during the design and development phases.
• Provide mentorship and training to other team members on cloud security principles.
• Help develop test cases and drive Proof of Value (POV) to completion.
• Help develop a procedure.
• Contribute to SCA project onboarding process development.
• Contribute to system architecture.
• Establishing seamless integration between cloud and on-prem
• Evaluate existing integrations
• Form a connection when talking about the security tools for platform integration into cloud
Must Have Skills:
• 10+ years’ experience in IT overall WITH 5+ years in Security architecture/integration/implementation roles
• 4+ years’ experience with Software Security Controls Architecting and Solutioning, with proven project experience with large migrations
• Strong demonstrated experience with SSO, LAM/WAM, JIRA integrations
• 2-3+ years’ recent project experience with integration, specifically with various cloud and on-prem solutions (experience with any public cloud is OK – AWS, Azure, GCP)
• 5+ years strong SDLC experience
Nice-To-Have Skills:
• Recent experience with and understanding of some/any of the following: SBOM, SCA, SAST, DAST, OSS libraries, and licenses, CI/CD pipelines a strong asset
• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• Experience in the financial industry
• Experience with CI/CD tools: Jenkins, Azure DevOps, GitLab CI/CD, CircleCI, BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc.
Soft Skills Required:
• Strong analytical and problem-solving skills, with an ability to think strategically and tactically about complex cloud security issues.
• Communication: excellent written and verbal communication and interpersonal skills
• Fast learner with strong analytical skills and improvement mindset
• Must be able to operate independently within tight time frames
• High energy, demonstrated ability to work under pressure, deals well with ambiguities and uncertainties, and drives results.
Degrees or certifications:
• Bachelor’s degree in a related field required, professional experience is a priority
• CISSP or similar security certifications are an asset
Best vs Average:
• We are seeking a contractor to drive the team in developing the test cases and POV. Experience developing high level architecture, deployment, and integrations is critical to this role. There is a dedicated support team, however the selected resource should seek necessary approvals and provide guidance for deployment.
Project:
• Migration from SCA tool – to another vendor to the Cloud -on-prem to Cloud; a lot of integration work needed, SSO, LAM/WAM, JIRA integrations, Service Now – log monitoring, pipeline integration, artifact integration; working with MAST, APA, security engine, ESLM/SIEM; expectation is the Architect should be able to lead these integrations and migrations and have experience/understanding with all of these and hit the ground running with minimal training time
• Feedback: candidates should be able to form a connection when talking about the security tools for platform integration into cloud
Candidate Review & Selection:
• Structure and Format:
o Virtual and in person interviews. IN person will be at Toronto on Tuesdays or Thursdays (HM can accommodate as needed but please note these days)
• Two Rounds of interview:
o 1st round via MS teams, panel technical and behavioral interview (HM and one other potentially)
o 2nd round – 1 hour – with HM + HM’s manager in person – technical interview with scenario-based questions, if in person will be solutioning live on paper/whiteboard