Security Architect and Source Code Reviewer (Ref. 1226)

Bank J. Safra Sarasin Ltd is a leading sustainable private bank, offering all the advantages of the Swiss banking environment together with dynamic and personalised advisory services focusing on opportunities in international financial markets. The Bank provides a high level of services and expertise when acting as investment advisor and asset manager for private and institutional clients. Financial strength, excellent client services and outstanding quality are therefore key elements of its corporate philosophy. J. Safra Sarasin’s most valuable capital is its employees. They are essential to the success of the organisation, now and in the future. Their technical expertise, professional qualifications and social skills are highly valued by the Group’s clients, management and business partners. The success of J. Safra Sarasin depends on the enthusiasm and commitment of every one of its employees worldwide.DivisionCorporate Center & LogisticsFunction/PositionSecurity Architect and Source Code ReviewerLocationBaselFunction/Position objectivesAs security architect you are responsible for designing, building, testing and implementing security systems within the Bank on site and in the cloud. On top of that main responsibility, you will be assigned the review of the source code of a major digitalization project on going.Responsibilities

• Reviewing current system security measures and recommending and implementing enhancements.


• Conducting regular system security review of existing IT systems.


• Planning, researching and designing security architectures.


• Design, build and implement enterprise-class security systems for a production environment.


• Align standards, frameworks and security with overall business and technology strategy.


• Maintain security framework architecture documentation.


• Deliver secure code review assessment on programming language with at minimum: React-Native, ReactJS, .NET Core 3.1 (C#), Javascript.

Profiles

• Master Degree in Information Technology, Computer Science or in a related field is highly desirable.


• 10+ years of experience in enterprise information security architecture and IT risk management with a focus on security, performance and reliability; 4+ years of experience in application security including secure code review, web application penetration testing or threat modelling.


• 2+ years of experience in secure code review / static application security testing (SAST).


• Excellent knowledge of cloud computing technologies and of enterprise-class security architecture.


• Strong background in cyber offensive security and cyber threat modeling; Good working knowledge of current IT risks and experience implementing security solutions.


• Ability to interact with a broad cross-section of personnel to explain and enforce security measures; Excellent and effective written and verbal communication skills to properly articulate complicated cloud reports to management and other IT development partners; Excellent business acumen.


• Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code; Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience.


• Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube.

Activity rate100 %Please send your application to: