Overview
Remote
On Site
170-200K
Contract - W2
Skills
Software Development Methodology
Onboarding
Health Care
Collaboration
Architectural Design
Threat Modeling
Vulnerability Assessment
Security QA
Thought Leadership
Cyber Security
Continuous Integration
Continuous Delivery
SCA
Microsoft Azure
Google Cloud
Google Cloud Platform
CISSP
CISM
Certified Ethical Hacker
Communication
Relationship Building
Negotiations
Microsoft Excel
Agile
Dynamic Testing
Regulatory Compliance
HIPAA
PCI DSS
Scripting
Python
Shell Scripting
Management
Computer Science
Information Security
Training
Risk Management
AngularJS
Java
Software Development
Amazon Web Services
FOCUS
Cloud Computing
Software Security
Orchestration
Job Details
Position Summary:
We are seeking a Product Security Advisor to lead our consulting team in driving secure SDLC (Software Development Life Cycle) initiatives. This senior role will focus on providing strategic, end-to-end support for onboarding application teams, emphasizing expertise in DAST, SCA, MAST, threat modeling, and architecture reviews. The ideal candidate will excel in guiding complex security projects, troubleshooting advanced issues, and partnering with application teams to implement robust security measures. This role will play a key part in significant technology initiatives for Evernorth, aimed at transforming health services and the healthcare delivery system in the United States with cutting-edge technologies and development techniques.
Job Description & Responsibilities:
Lead strategic collaboration with development teams to identify and address complex security needs.
Architect and oversee the design, development, and implementation of automated security solutions within CI/CD pipelines.
Spearhead the integration and management of SAST, DAST, and SCA tools across multiple development pipelines.
Guide the architectural design and implementation of secure software and systems.
Conduct advanced security assessments, threat modeling, and vulnerability analysis to reinforce security measures.
Develop and optimize security testing services and tools to support and advance secure development practices.
Provide high-level technical guidance and thought leadership on security best practices to development teams.
Stay at the forefront of security trends, threats, and technologies to continually enhance our security posture.
Cultivate strong cross-functional relationships to promote a culture of security throughout the organization.
Ensure adherence to industry standards and regulatory requirements, driving compliance and risk management.
Optimize the security efficiency of application assets, focusing on operational, performance, and cost considerations.
Experience Required:
Bachelor s or Master s degree in Computer Science, Information Security, or a related field.
7-10 years of experience in cybersecurity, with a deep focus on application and product security.
Demonstrated expertise in automating security solutions within development pipelines (CI/CD) at a strategic level.
Extensive experience with security tools such as SAST, DAST, and SCA, including leading multiple pipeline integrations.
Strong background in software development, with advanced skills in coding and building security solutions.
Proven experience in leading complex pipeline integrations and understanding various pipeline touchpoints.
Experience with cloud environments (AWS, Azure, Google Cloud) is highly desirable.
Deep knowledge of secure software development practices and principles.
Industry certifications such as CISSP, CISM, CEH, or similar are highly preferred.
Exceptional communication, relationship-building, and strategic negotiation skills.
Ability to excel in an Agile environment and manage multiple high-priority projects effectively.
Experience Desired:
Experience with security tools and platforms such as static analysis (SAST), dynamic analysis (DAST), and runtime application self-protection (RASP).
Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
Hands-on experience with security automation and orchestration.
Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Shell scripting).
Ability to manage and prioritize multiple projects in a fast-paced environment.
Education and Training Required:
Advanced degree (Master s or higher) in Computer Science, Information Security, or a related field.
Relevant industry certifications.
Additional training in secure software development, application security, and risk management is highly desirable.
Primary Skills:
Advanced expertise in secure software development practices, application security, and security tool integration.
Proficiency in Angular and Java for security-related software development and integration.
Additional Skills:
Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
Hands-on experience with application security frameworks and tools, including security automation and orchestration.
We are seeking a Product Security Advisor to lead our consulting team in driving secure SDLC (Software Development Life Cycle) initiatives. This senior role will focus on providing strategic, end-to-end support for onboarding application teams, emphasizing expertise in DAST, SCA, MAST, threat modeling, and architecture reviews. The ideal candidate will excel in guiding complex security projects, troubleshooting advanced issues, and partnering with application teams to implement robust security measures. This role will play a key part in significant technology initiatives for Evernorth, aimed at transforming health services and the healthcare delivery system in the United States with cutting-edge technologies and development techniques.
Job Description & Responsibilities:
Lead strategic collaboration with development teams to identify and address complex security needs.
Architect and oversee the design, development, and implementation of automated security solutions within CI/CD pipelines.
Spearhead the integration and management of SAST, DAST, and SCA tools across multiple development pipelines.
Guide the architectural design and implementation of secure software and systems.
Conduct advanced security assessments, threat modeling, and vulnerability analysis to reinforce security measures.
Develop and optimize security testing services and tools to support and advance secure development practices.
Provide high-level technical guidance and thought leadership on security best practices to development teams.
Stay at the forefront of security trends, threats, and technologies to continually enhance our security posture.
Cultivate strong cross-functional relationships to promote a culture of security throughout the organization.
Ensure adherence to industry standards and regulatory requirements, driving compliance and risk management.
Optimize the security efficiency of application assets, focusing on operational, performance, and cost considerations.
Experience Required:
Bachelor s or Master s degree in Computer Science, Information Security, or a related field.
7-10 years of experience in cybersecurity, with a deep focus on application and product security.
Demonstrated expertise in automating security solutions within development pipelines (CI/CD) at a strategic level.
Extensive experience with security tools such as SAST, DAST, and SCA, including leading multiple pipeline integrations.
Strong background in software development, with advanced skills in coding and building security solutions.
Proven experience in leading complex pipeline integrations and understanding various pipeline touchpoints.
Experience with cloud environments (AWS, Azure, Google Cloud) is highly desirable.
Deep knowledge of secure software development practices and principles.
Industry certifications such as CISSP, CISM, CEH, or similar are highly preferred.
Exceptional communication, relationship-building, and strategic negotiation skills.
Ability to excel in an Agile environment and manage multiple high-priority projects effectively.
Experience Desired:
Experience with security tools and platforms such as static analysis (SAST), dynamic analysis (DAST), and runtime application self-protection (RASP).
Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
Hands-on experience with security automation and orchestration.
Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Shell scripting).
Ability to manage and prioritize multiple projects in a fast-paced environment.
Education and Training Required:
Advanced degree (Master s or higher) in Computer Science, Information Security, or a related field.
Relevant industry certifications.
Additional training in secure software development, application security, and risk management is highly desirable.
Primary Skills:
Advanced expertise in secure software development practices, application security, and security tool integration.
Proficiency in Angular and Java for security-related software development and integration.
Additional Skills:
Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
Hands-on experience with application security frameworks and tools, including security automation and orchestration.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.