FICO
Website:
fico.com
Job details:
The Opportunity
"You will act as a partner between FICO internal security standards and our expanding global supply chain. In this high-impact role, you will lead the charge in supporting multiple audits across both our internal IT landscape and third parties. You will act as a trusted advisor to FICO senior leadership, ensuring that our technical growth remains aligned with our risk appetite and strategy in a data-driven analytics environment"- Cyber Security, Director
What You'll Contribute
- Collaborate with engineers, consultants, and leadership to identify security risks and recommend mitigations within the Secure Development Lifecycle (SDLC).
- Perform activities such as secure code reviews, security testing, and vulnerability triage across various applications.
- Regularly interact with internal and external customers on security-related projects and operational tasks.
- Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
- Analyse test results, draw conclusions from results, and develop targeted exploit examples.
- Clearly and professionally document root cause and risk analysis of findings.
- Champion product security testing process and be an advocate for secure development practices, fostering a culture of collaboration and continuous improvement across engineering and product teams.
- Collaborate with other teams to improve the overall security posture of applications/infrastructure.
- Stay current on security best practices, vulnerabilities, and attacker tactics, techniques, and procedures.
- Develop and test effective functional security testing strategies for new/emerging product security requirements.
- Suggest improvements to existing processes/tooling; ideate and implement automation where possible.
- Take ownership of the functionality, configuration, and continuous improvement of DAST and API security tools, ensuring they are effectively integrated into the security testing lifecycle
What We're Seeking
- Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- Relevant cyber security certifications (e.g., CEH, CCSP, CISSP, OSCP etc) are highly desirable.
- Proven experience of at least 5+ years in product security, pen testing and security automation.
- Strong understanding of AWS infrastructure and cloud security principles.
- In-depth knowledge of cybersecurity principles, methodologies, frameworks and best practices. (OSI, NIST, OWASP, SANS, PCI etc)
- Knowledge of secure coding principles and experience with code review processes and tools.
- Experience with Pen testing - WebApp, APIs, infrastructure as a code scan reviews and dynamic application security testing (DAST) methodologies and tools.
- Knowledge and experience in CI/CD, shift left security and exposure to testing analytical models, AI/ML security testing will be a plus.
- Strong analytical and problem-solving skills with a keen attention to detail.
- Strong written and oral communication skills with the ability to convey complex security concepts to non-technical stakeholders.
- Strong organizational and interpersonal skills.
Our Offer to You
- An inclusive culture strongly reflects our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
- The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences.
- Highly competitive compensation, benefits, and rewards programs that encourage you to bring your best every day and be recognized for doing so.
- An engaging, people-first work environment offering work/life balance, employee with employee resource groups and social events to promote interaction and camaraderie.
Click on Apply to know more.