Principal Cyber Security Engineer
Stuff
- Wellington Auckland
- Permanent
- Full-time
- Ensure digital applications align to cyber security best practice
- Embed use of secure application and integration protocols
- Embed standards to safeguard digital sites from DDoS attacks and web application security attacks
- Develop and deliver training programs to enhance understanding of best cyber security practices and secure coding standards
- Support continuous improvement in team workflows to ensure secure, high-quality delivery at pace
- Design and implement automation strategies within CI/CD pipelines
- Conduct regular security assessments, code reviews, and configuration reviews to maintain the integrity of our applications
- Maintain views of threat models and attack boundaries for our digital applications and platforms
- Thought leadership shifting security left through automation in CI/CD and the SDLC
- Passion and motivation to raise security awareness and knowledge
- A strong focus on customer outcomes
- Experience in the design and operations of secure cloud and web applications
- Experience mapping and articulating security threats and attack vectors to technical and non technical stakeholders
- Experience in web application security including OWASP, secure API development, OAUTH 2.0
- Experience in Federated Identity and login solutions using OIDC and SAML, stateless and stateful login sessions leveraging short life JWTs or secure httponly opaque session tokens
- Exposure to multiple cloud platforms such as AWS, GCP, Azure
- Exposure to multiple web application frameworks and languages, such as Angular and React, .Net and Java, Python
- Experience implementing security automation tooling including using static and/or dynamic security testing using solutions like OWASP Dependency Checker, Snyk, SonarQube, OWASP ZAP, Burp Suite
- Experience automating security in CI/CD pipelines such as Github actions, Jenkins, Spinnaker, Azure DevOps, ArgoCD
- Experience communicating threat models using diagrams or threat model tooling such as OWASP Threat Dragon, or LucidChart
- Exposure to zero trust strategies including internal PKI and mTLS, using tools such as Istio, or service mesh, and Multi Factor Authentication bastions and auth proxies
- Flexible working arrangements
- Medical insurance
- A generous parental leave policy for any employees who are the primary or secondary carer
- Ongoing training and opportunities to attend conferences