Myles Roberts is supporting a Global Banking Client to recruit a DevSecOps Training Product Manager who will be a key part of the Cyber Education and Awareness team, reporting to the Senior Education and Awareness Manager (for High Risk Users). They will be responsible for supporting the delivery of a global outcome to 'shift left' the secure development process and reduce vulnerabilities detected in pre-production scanning. The role holder will lead the strategy and delivery of training and awareness initiatives and tooling to support this outcome.
Responsibilities
- Managing user research and vulnerability data analysis to inform the design and delivery of training to Developers and Security Champions
- Work closely with the Cybersecurity Assessment and Testing (CSAT) function, Pre-Production Assurance and Vulnerability Management (SECA and VULN) Control owners, Global Engineering, Global Developer Experience Team to gather inputs, validate and test the impact of proposed training and ultimately implement joined up solutions to our target audience
- Design and deliver experiments to test targeted training and capability uplift for example
- Use of IDE plugins
- CICD integrations to check a developers' capability/training status at the point of committing code
- Purple teaming exercises where team's try to exploit each other's codes
- Secure-athon events/initiatives
- Design and delivery at scale of successful targeted training and capability uplift for example
- Design and deployment of targeted training paths using 3rd party vendors such as Secure Code Warrior or Immersive Labs
- Act as an SME on the creation of in-house training materials to support Developers and Security Champions use our scanning tools and services
- Support Security Champion Community of Practice
- Advise on the cyber training and qualification prerequisites in the design of 'licences to operate'. The Bank has standalone fast track processes/mini operating models that allow teams to operate at speed.
- Support from a comms and training perspective any initiatives to develop and adopt security scanning services and tools that will enable development teams to operate more efficiently and securely
Key Skills and Experience
- Design thinking: Experienced in creating needs-based solutions that are also measurable and materially reduce risk
- Experience of being part of implementing DSO strategy at scale with proven results
- Experience of leading the training element of implementing a DSO strategy from design through to delivery
- Ideally experience of using Secure Code Warrior or other training platform
- Deep understanding of DevSecOps and the roles and responsibilities within SDLC - able to 'think like a developer'
- Excellent understanding of Security concepts and principles.
- Good understanding of security flaws in different programming languages
- Understanding of emerging technologies and its corresponding security threats would be a plus
- Proficiency with industry tooling, for example: Tenable.io, Nessus, Checkmarx, Netsparker, Kryptowire, IriusRisk, Aqua, etc.
Myles Roberts is acting as an Employment Business in relation to this vacancy.