Job Details

Job description

• Work as the lead to design, implement and govern the overall security architecture of NCR products.
• Manage security considerations for the transition of SaaS on-prem applications to private cloud environments.
• Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides, and Privacy/PII related topics (privacy-by-design).
• Integrate/enable security engineering automation (e.g. SAST, IAST) in the delivery pipeline.
• Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
• Lead threat modeling, design reviews and code reviews as part of the development lifecycle.
• Participate in application pen testing and remediation efforts with engineering teams.
• Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
• Lead the implementation of proposed solutions while interfacing with the Project Management Office (PMO) to ensure the coordination, communication and successful delivery of projects.
• Develop and maintain security procedures and guidelines for NCR products.
• Manage relationships and interactions with human resources, legal, customers, and internal audit departments.

Basic Qualifications:

• Bachelor’s Degree in a technical discipline or equivalent work experience
• 7+ years background in software development.
• Fluency in Java and .Net
• Pipeline/CI/CD/automation experience
• Experience with various cloud providers (GCP/Azure)
• Container experience (Docker, Kubernetes)
• Experience with PCI, PA-DSS, and other audits (e.g. FFIEC, SOX)
• Experience with privacy requirements of a global corporation (e.g. GDPR, CCPA)
• Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications, etc.).

Preferred Qualifications:

• Security certifications, e.g. CISSP, CSSLP, CEH
• Privacy training and certification, e.g. CIPT
• Experience with retail, financial, and/or hospitality software, particularly the types of vulnerabilities and security testing associated with them.
• Active participation in cybersecurity forums/conferences, e.g. DEFCON, Black Hat.