Client : Blue Prism
Industry : Software Development
As the pioneer and market leader in Robotic Process Automation (RPA), Blue Prism is the trusted, secure choice for Intelligent Automation available on-premises, in the cloud, or as an integrated solution in a hybrid cloud environment. Blue Prism offers the connected-RPA Platform, an advanced technology ecosystem that puts the power of accessible, advanced cognitive technologies in the hands of operational leaders.
At Blue Prism, we have users in over 150 countries in more than 1,800 businesses, including Fortune 500 and public sector organizations, that are creating value with new ways of working, unlocking efficiencies, and returning millions of hours of work back into their businesses. Our Digital Workforce is smart, secure and accessible to all; freeing up humans to re-imagine work. https://www.blueprism.com/
We looking for a Blue Prism Application Security Engineer champion in product development security. This person is going to provide security education and awareness, design and implement new security initiatives that enhances Blue Prisms security position and also going to implement, maintain and enforce software security standards and compliance.
A Blue Prism Application Security Engineer champions product development security, providing security education and awareness, designs and implements new security initiatives that enhances Blue Prisms security position and implements, maintains and enforces software security standards and compliance.
• Drive security awareness through continuous education and quality documentation;
• Ensure Blue Prism products are delivered with minimal security risk to the business or its customers
• Ensure product standards and compliance
• Provide technical subject matter expertise and security guidance to the business
• Evolve and promote Blue Prisms security strategy internally and externally
• Proven background in software development, security consulting, penetration testing or similar role.
• Awareness of international security standards such as OWASP top 10, CWE/SANS Top 25, HIPAA, NIST and how they apply to software development.
• Strong knowledge of Security Architecture: threats, countermeasures, confidentiality, authenticity, integrity and non-repudiation.
• Has a strong understanding of cryptography and its application to security.
• Demonstrates a strong understanding of offensive and defensive security procedures and techniques.
• Strong Knowledge of risk assessment tools and frameworks (STRIDE, DREAD, CVSS)
• Experience of being able to identify and eliminate training needs with immediate teams and the wider organization.
• Experienced in software development projects with a good knowledge of Agile SDLC and DevOps principles
• Having good technical writing skills
• Experience of performing security design reviews, threat modelling and risk assessments.
• Experience of security testing and assurance
• Experience and understanding of SAST tooling such as Checkmarx, Coverity, Veracode etc.
• Experience and understanding of SCA tooling such as Snyk, Black Duck, SourceClear etc.
Nice to have:
• Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc)
• Experience of using or Implementing the Blue prism product.
• Theoretical and working knowledge of key peripheral technologies, including Windows Server / client fundamentals, Active Directory and security tooling.
• Working knowledge of cloud security service design approaches (Azure, AWS, Kubernetes, Docker or GCP).
• Experience of creating positive learning environments through interactive learning workshops and presentations.
• Understanding of how to identify and remediate 3rd party license compliance and risk.
Bachelor’s degree in computer science or similar OR relevant years of experience in required skills (most valuable).