Consultant en Sécurité Applicative et DevSecOps

Consultant en Sécurité Applicative et DevSecOps

Posted 2 weeks ago by Jefferson Frank

Apply
Negotiable
Undetermined
Undetermined
Switzerland, Geneva, Plan-les-Ouates
Apply

Summary: The role involves working as a Consultant in Application Security and DevSecOps for a client in Vaud, focusing on analyzing and evaluating application security. The consultant will be responsible for defining secure application lifecycle processes, establishing development standards, securing data and APIs, and delivering various security-related documentation and support to DevOps teams. The position requires a strong understanding of Secure SDLC and DevSecOps practices, as well as experience with various security frameworks and tools.

Key Responsibilities:

  • Analyze and evaluate application security.
  • Define application lifecycle processes (Secure-SDLC) and ensure code security, release management, and data security.
  • Establish development standards (DevSecOps) and contribute to design phases and application modeling.
  • Secure cloud application tenants and implement data anonymization.
  • Secure APIs through authentication, authorization, and encryption, and implement DoS/DDoS protection.
  • Deliver Secure-SDLC standards and support DevOps teams in integrating security best practices.
  • Develop DevSecOps processes and custom Azure DevOps scripts.
  • Monitor code analysis tools and create remediation processes for vulnerabilities.
  • Provide follow-up reports, operational documentation, and a runbook.

Key Skills:

  • Strong knowledge of Secure SDLC and DevSecOps practices, including CI/CD/CS.
  • Expertise in authentication schemes such as SSO, OpenID Connect, SAML, OAuth, and JWT.
  • Proficient in API technologies including SOAP, RESTful, GraphQL, gRPC, WebSocket, and WebHook.
  • Experience with web application firewalls (WAF).
  • Strong knowledge of multi-factor authentication (2FA, MFA, OTP) and passwordless authentication (FIDO2, Passkeys).
  • Experience in data anonymization and compliance with data protection regulations.
  • Familiarity with SAST/DAST tools like Snyk, SonarCloud, Qualys WAS, and BurpSuite is a plus.
  • Knowledge of OWASP Top 10.
  • ITIL v4 foundation certification.

Salary (Rate): undetermined

City: Geneva

Country: Switzerland

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Apply
Similar Jobs
Loading data...