ETIC, Secure Software Development Expert (DevSecOps) Senior Associate

Line of Service

Advisory

Industry/Sector

Technology

Specialism

Advisory - Other

Management Level

Senior Associate

Job Description & Summary

Job Description Summary
Cyber security is one of the defining topics of our age, and cyber risk
represents one of the most significant strategic risks to PwC’s clients. In
a recent PwC survey, it remains the top risk in the minds of CEO’s
globally, with 91% of UK CEOs rating it as a significant concern.
Businesses are changing rapidly, facing disrupted supply chains, rapidly
changing workforces and accelerating digital transformation on an
unprecedented scale.
At PwC we help our clients transform, and our cyber security practice
enables them to execute that transformation securely and to become
more resilient to cyber security threats. Our cyber security practice
operates nationally, and serves clients holistically with strategy, risk and
governance advice, and with deep technical implementation and
assurance expertise.

About PwC ETIC - Egypt Technology and Innovation Centre 

PwC is opening a new Technology & Innovation Center in Cairo that will deliver high quality technology solutions to consulting Clients across the globe. The Centre will provide a broad suite of skills and services to our clients, ranging from Packaged Applications such as SAP & Oracle, to Cybersecurity, Data Analytics, Custom Development and Cloud services utilising AWS, Azure and Google, as well as expanding our existing Managed Services capabilities. 

The centre is looking to expand rapidly and we are looking for enthusiastic self-starters with a passion for technology and client delivery to help shape and form this new venture. 

Secure Software Development Expert (DevSecOps)- Senior Associate, core responsibility overview:

• Global orientation - Work with a global mindset with teams based in the UK, Germany and other Middle Eastern Countries

• Project work - Using innovative methods and partnerships with leading vendors, your role involves the following:

• Provide support to clients in developing secure software development solutions.

• Collaborate with cross-functional teams to ensure the integration of security in a DevOps/cloud based development environment.

• Develop and implement processes that support the seamless integration of security measures in the software development lifecycle.

• Stay up-to-date with the latest security technologies and trends to recommend appropriate solutions.

• Conduct security assessments and vulnerability testing to identify potential risks and vulnerabilities in software applications.

• Assist in the development and enforcement of security policies, standards, and guidelines.

• Work closely with developers to ensure secure coding practices are followed and security controls are implemented effectively.

• Provide guidance and support in the implementation of secure cloud-based infrastructure and deployment strategies.

• Support change enablement by facilitating the adoption of secure development practices and technologies within the organization.

• Assist in the governance of DevSecOps by monitoring and reporting on security metrics, risks, and compliance issues.

Role requirements:

• Proficient in Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools and techniques.

• Strong knowledge and experience with DevOps practices and tools such as Jenkins, Github, Docker, and Kubernetes.

• Familiarity with microservices and container-based architectures, and ability to ensure the security of these environments.

• In-depth understanding of OWASP (Open Web Application Security Project) principles and best practices.

• Experience with SAMM (Software Assurance Maturity Model) and ability to implement it in the DevSecOps process.

• Proficient in threat modelling techniques to identify potential security risks and vulnerabilities.

• Expertise in application security testing, including vulnerability scanning, penetration testing, and code review.

• Ability to design and implement secure coding practices and provide guidance to development teams.

• Familiarity with secure deployment strategies and best practices for cloud-based infrastructure.

• Strong problem-solving skills and ability to analyse and mitigate security risks in software applications.

• At least 3 years of relevant work experience

Essential skills & attributes:

• Strong knowledge of software development principles and practices.

• Understanding of secure coding practices and ability to guide development teams in implementing them.

• Proficiency in security testing techniques, including SAST and DAST.

• Familiarity with DevOps practices and tools, such as Jenkins, Github, Docker, and Kubernetes.

• Knowledge of microservices and container-based architectures.

• Understanding of OWASP principles and best practices for application security.

• Highly motivated

• Ability to work within a fast-paced & unstructured environment. Must be able to multi-task and effectively and continually prioritise

• Excellent oral and written English skills.

Education

• University degree, ideally in the fields of Computer and Information Science, Business Informatics, Computer Engineering, Cyber Security, Information Technology, Management Information Systems

Certificates : CSSLP or CASE

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date