Principal Security Specialist

You've already provided the job description split into Must-Haves and Nice-to-Haves in the previous turn. If you would like a different format while retaining all the content and the original order of the words, here is a consolidated view presented in a slightly more traditional job listing layout.

🧑‍💻 Principal Security Specialist

Location: Hybrid role – three days per week in our Bangalore office.

Job Description

To drive improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations, covering major strategic customer-facing products and internally developed colleague-facing applications. To work with security champions to develop a strong security culture and capability and to evolve the security champions program as a whole. To ensure that new product/system releases are secure and that vulnerabilities discovered in live products and systems are quickly and effectively addressed.

Key Responsibilities

1. Working with Security Champions to develop a strong security capability in teams and improving the effectiveness of the overall Security Champion program

2. Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern DevSecOps approach

3. Acts as the main point of contact on security issues for Product Delivery and EAD teams on major strategic groups of products/systems

4. Assessing major strategic groups of Sage products, application or systems to identify security weaknesses and creating improvement plans where required

5. Supporting security compliance as it relates to assigned products

6. Identifies the need for new tools and vendors and leads their evaluation

7. Drives significant improvement in key processes/standards and designs and implements new processes/standards

8. Contributes to performance evaluation and technical mentoring of junior team members

9. Provides technical security leadership for significant projects or workstreams

10. Active contributor to relevant industry bodies, conferences, open-source projects etc.

Skills & Experience

1. Significant experience in implementing security in the software development lifecycle

2. Experience in implementing security in public cloud based SaaS applications

3. Proficiency in English – written and verbal

4. Experience of working with geographically dispersed teams

5. Experience working in an agile, DevOps/DevSecOps environment

6. Experience in security operations

7. Experience of formal compliance frameworks (e.g. SOC, ISO27001, PCI or similar)

8. Relevant professional security qualification such a CISSP, CSSLP or similar

9. Relevant degree and >8 years commercial experience