Remote - SOC Monitoring Security Tools/ Colombia

Important company requires;
**SOC Monitoring Security Tools - Remote in Colombia**

**Main Activities / Responsibilities**:

- Generation of threat modeling analysis, security requirements and abuse cases for all

developments carried out in ADC.
- Analyze changes to existing software looking for security risks that can be implemented in the

coding process.
- Determine and advise on the recommended security controls required to remediate findings and

issues in an efficient and concise manner.
- Generate awareness campaigns to all stakeholders of the software process.
- Help developers to use secure coding practices, as well as resolve specific doubts about

vulnerabilities identified in the different testing scenarios.
- Align security solutions to Holcim methodologies and standards.
- Design, implement, and support the security model for general security solutions
- Develop and drive the implementation of security best practices and standards.
- Review requests for new systems or changes to existing systems and evaluate the impact to

security.
- Conduct pre-audits on security issues of concern, work with the user community on remediation;
conduct spot checks of user security to ensure compliance.

code and cloud services.
- Provide support to other colleagues in terms of technical/functional expertise with the assigned

business processes.
- Expert in Vulnerability Management tools like Qualys or Nessus.

**Job Scope**:

- List of direct reports: No direct reports.

implementation or enhancements. Between 7-10 mid to large size projects per year
**Knowledge, Experience and Competencies**:
**Qualifications**:

- Bachelor’s degree in Computer Science, Engineering, or related discipline with an IT focus.
- Certifications: CISSP, CISM, CISA, CRISC ITIL, CMMI, ISO 27001, GSEC, CSSLP.
- Ethical Hacking certifications desired.
- Secure coding certifications desired.

**Required Experience**:
focus, assessments and audits.
- Experience in fullstack development, object-oriented programming, microservices oriented

architecture, with knowledge in agile methodologies and DevOps model.
**Desired Experience**:

- Experience on secure development and ethical hacking.
- Experience with vulnerabilities and fixes for different languages (C, C#, Java, Javascript)

**Soft skills**:

- Experience coordinating and completing multiple tasks within established and changing deadlines.
- Excellent organizational, analytical, and independent problem solving skills.
- Demonstrated excellent oral and written communication skills necessary to interact effectively with

colleagues and with users of varying technological skill levels.
- Strong customer / end-user / client service orientation.
- Thrives working in a highly collaborative and team environment.
- Highly self-motivated and directed.
- Ability to provide 24/7 support to respond to critical incidents or business impacting project

deliverables.
- Keen attention to detail.
- Capability for problem solving, decision making, sound judgment, assertiveness.
- Ability to deal with difficult situations, unclear priorities and blocking stakeholders.
- Ability to work decisively under heavy workload considering the criticality, urgency and extended

work hours required to ensure availability of the service in accordance with service level
commitments.
- Ability to manage multi-cultural and multi-located teams.

**Leadership skills**:

- Lead by example on values and culture.
- A natural leader whose personality and communication skills instill a sense of credibility and trust.
- Able to coherently explain the proposed design and gain stakeholder buy-in to the proposed

solution.
- Cost conscious and keeps a big picture perspective.

**Specialized Technical Skills**:
**Required skills**:

- Authentication and Access Control Tools, Management and Administration.
- Application Security Architecture & Cloud Computing Concepts.
- Change & Security Configuration Audit and Control.
- Encryption Processes, Management and Administration.
- Experience in static and dynamic security testing (code review, vulnerability analysis, Ethical

Hacking)
- Knowledge in offensive security methodologies (OWASP, MASVS, OPENSAMM, CKC, etc).

Knowledge in tools such as OwaspZap, Burpsuite, Nessus, Service Manager, Git, Fortify, Codacy,
Sonarqube.
**Desired skills**:

- Knowledge in AWS cloud security.

**Languages**:

- English required (written & spoken)
- Spanish required (written & spoken)

**Mobility requirements**:(time spent travelling internationally, nationally etc.).

**Schedule**:Monday to Friday from 9 to 6 or from 8 to 5 to be determined.