Willis Towers Watson Info-Sec DevOps Specialist in Ipswich, United Kingdom
Info-Sec DevOps Specialist
Date Posted: May 15, 2018
Not ready to Apply?
Summary of Role
Willis Towers Watson (WTW) Information Security team requires a Secure Software Development Specialist /Consultant to deliver high quality software advisory services.
This role plays an integral part in the information security team reporting directly to the Secure Software Development Lead.
Working in collaboration with the development teams to ensure adherence to secure coding practices and standards.
Input into the vulnerability assessment and support remediation planning.
Conduct security assurance reviews of the development practices and ensure development teams are using secure software development tools consistently and configured in accordance with WTW standards.
Conduct annual attestation exercises, ensuring developers agree to adhere to the organizations secure development standards.
Support development teams to conduct security tests using static code analysis and web application scanning tools.
Schedule and co-ordinate the delivery of secure development training for development teams.
Deploy web application scanning capabilities to the organization’s internet facing web applications.
Provide training to development teams on the use of static code analysis and web application scanning tools.
Provide administrative and 1st line support for static code analysis and web application scanning tools. This includes systems maintenance, user access and segregation and appliance deployments;
Provide technical security expertise for the secure configuration of the code analysis tools.
Ensure vulnerabilities identified as a result of static code analysis and web application scanning are either remediated or managed via the WTW risk management framework.
Produce data to support MI reports pertaining to the vulnerabilities identified using application security tools.
Sound experience in a Secure Software development or Application Security Consultancy role.
Information security qualifications (e.g. SANS GCIA & GCIH
*Certified Ethical Hacker (CEH) CISSP) preferable.
Practical experience in leading secure development practices.
Experience of assessing security risk and identifying vulnerabilities
Practical knowledge of administering enterprise static code analysis tools
Practical knowledge of administering and configuring web application scanning tools.
Experience of deploying and supporting application security toolsets in complex estates.
The ability to foster and grow relationships
Knowledge of current application security vulnerabilities and attacks including those listed in the OWASP Top 10.
Ability to communicate technical concepts to the business
Experience of working within a global organisation
Knowledge of application security standards and compliance requirements (e.g., Sarbanes-Oxley act, HIPAA)
Practical use of Checkmarx and Qualys
Development background in common languages (e.g. .Net & Java)
Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com .
Willis Towers Watson is an equal opportunity employer
Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.
Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.
Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork
Share on Facebook
Share on Twitter
Share on Google+ Share on Pinterest
Share on Linkedin
Share by Mail
Location:Ipswich, England, GB
Date Posted:May 15, 2018