Candidate should have a software engineering background with strong security and compliance experience
Familiarity with code-level security (crypto, hacking, DAST on continuous integration, CI/CD tool protection), infrastructure security (SSL/TSL, SSH, Container protection), Protection of data and information (two-factor authentication, compliance with industry standards, public security policy, denial of service, breaches, server and infrastructure), monitoring of threats and vulnerabilities (auditing infrastructure, TLS certification expiry, detect incident threats, app attacks, monitor third-party vendors, monitor authorizations, monitor DNS expiry)
Security consultant should be able to assist in creating and maintaining documents, processes, standards for 1) identify critical information and sensitive data, 2) identify the possible threat, 3) assess vulnerabilities and analyze security vulnerabilities, 4) analyze the risk associated with each vulnerability, 5) develop and apply countermeasures.
Experience with Cybersecurity software, threat modeling, and security risk assessments to detect and analyze security threats
Up-to-date knowledge of cybersecurity threats, current best practices, and latest software.
Experience with infrastructure Audit which is auditing of servers, network devices, services exposed etc
Familiar with OWASP, Dynamic application security testing (DAST) in continuous integration, Static application security testing (SAST), SSL/TLS scanning, SSH configurations, DNS
Exposure to one or more programs such as Puppet, Chef, ThreatModeler, Checkmarx, Immunio, and Aqua.
Understanding or experience with Kubernetes, Docker, or AWS. Familiarity with container protection, security, and vulnerabilities
Source code management and password encryption, two-factor authentications
Auditing or/and Documenting security standards and practices such as GDPR, HIPPA