Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference, and we want you to join in our mission, as a Secure Development Lifecycle (SDL) Specialist.
Take a look at our website here to learn more about why we're one of the leading global Cyber Security and Risk Mitigation business... https://www.nccgroup.com/uk/The Opportunity
Our Technical Security Consultant team in the UK and Spain is growing - we are looking to speak with innovative Software Developers/Penetration Testers/Technical Security Consultants, looking for experienced individuals in the security of the Software Development Life Cycles (SDLC).
The Secure Development Lifecycle (SDL) specialist will work alongside client development organisations to understand the existing culture, technology and delivery approach and create innovative solutions that aim at increasing the security of the final product. You will come across a variety of technologies, development approaches, tools and products and work with some well-known and widely used software products, making them safer for the users.
With our dedicated lab facilities and break out areas, continuous training and variety of work, regular tech team/research events and annual internal convention NCCCon, we are positive that we can offer what you are looking for next in your career.The Challenge
As an SDL specialist you will work closely with clients helping to build an application security program and/or a software security initiative. Part of your role will be to:
- Analysis of existing delivery development processes from a security point of view, identifying gaps against industry maturity models (i.e., SAMM) or best practice (i.e. PCI SSF, NCSC SSL).
- Technical review of CI/CD pipelines and DevOps approaches, with focus on security configurations, as well as security technologies (i.e., SAST, DAST, SCA) used in the pipeline and the level of configuration contained.
- Planning, deployment, and rollout of new/improved:
- Development processes and/or pipelines tailored for the client technology stack covering technical security assessments.
- Security technology such as static and dynamic testing (i.e., fuzzing), software composition analysis, or custom.
- Training clients in different aspect of security in development described in this document
- Assist in the identification, resolution, and documentation of security vulnerabilities and resolution process.
- Provide guidance and mentoring to adjacent teams and team members.
At NCC Group we are passionate about passionate people; someone who wants to join in our mission of making the world safer and more secure, whilst learning new skills and advancing their career forward.
In terms of technical capability, we are looking for individuals who have experience in the following areas:
- Secure design and architecture (i.e. attack surface analysis, threat modelling)
- Software development / engineering
- Development Operations (DevOps)
- Continues Integration/Continues Delivery (CI/CD)
- Good knowledge of at least one scripting language (e.g. Python, Ruby, Perl, PowerShell)
- Experience in using, configuring, and integrating automated security tools (i.e. SonarQube, Burp Suite Professional, Sonatype Nexus IQ) into CI/CD pipelines
- Experience of working in an agile project environment
- Experience of working in hybrid teams (client and multiple service providers, on-shore and off-shore, for example)
- Knowledge of cyber security principles
- Writing clear and accurate technical documentation
Additionally, any expertise in the areas below, would be extremely beneficial.
- SDL frameworks (e.g. SAMM, PCI SSF, NCSC SSL)
- Software assessment & QA
- A good understanding of Agile, Lean and Waterfall development
- Good understanding of other lifecycle stages (both tools and processes) from a security point of view (requirements, design, implementation, verification, and operation)
- DevSecOps knowledge
- Knowledge of networking
- Knowledge of database management system technologies (both SQL and NoSQL)
- Computer science/software engineering degrees are welcome
Please do not hesitate to apply.About NCC Group
The NCC Group family has over 1,800 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.
We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.
Our values and code of ethics are at the heart of how we operate - we work together, we are brilliantly creative, and we embrace difference. We treat everyone and everything with equal respect.
We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best. About your application
We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.