Sherwin-Williams Cleveland , OH 44114
Posted 2 weeks ago
Strategy & Planning
Acquire and interpret business requirements and functional specifications to create security non-functional requirements.
Work with the security architects to validate potential architectures through techniques like threat modeling.
Maintain knowledge of best security practices through training, research, involvement with local IT security groups, and collaboration with internal cybersecurity teams.
Identify areas for improvement by recommending the use of reusable code libraries introduced in standard build/deploy pipelines.
Assist development teams in updating the CMDB records to reflect current state.
Validate that OS, middleware, and images are being scanned for vulnerabilities at regular intervals and any reported vulnerabilities are tied back to the appropriate application(s).
Work with development and QA teams to ensure the use of secure coding practices and verification methods.
Work with dev-ops teams and engineers to integrate security solutions into continuous delivery frameworks.
Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.
Work with delivery teams and product owners to reduce application security risks by assisting with code remediation before production delivery.
Acquisition & Deployment
Operational Management
Support and maintain automated application security testing within the devops pipelines.
Provide input in updating security standards on an annual basis.
Ensure that all applications are using effective security monitoring, and work with the endpoint security team to test configurations.
Sherwin-Williams