Security Engineer

“The Security Engineer implements security policy within the product”

Viewpoint

Security Engineers are responsible for ensuring that product is produced and maintained in a way that is secure and facilitates ongoing monitoring and intrusion detection.

View

As a Security Engineer, I need to be able to apply best known methods for security to the implementation of product features. I must be able to test all application code against a defined set of standards. I must be able to understand the levels of risk present within our software supply chain.

I need to be able to continuously scan all our assets for newly evolving vulnerabilities that occur within our dependency tree. I must be able to monitor all production environments for signs of attack or intrusion.

Should an incident occur, I must be able to support the response and preserve forensic data, as required. I need to have control over who can access and change specific assets and must have an audit trail of all such changes.

I need to be able to apply security patches in the shortest possible time following the discovery of a zero day vulnerability.

Value Add from Continuous Delivery

Reduced lead times in delivering new capabilities
Reduced time to restore from failure
Reduced change failure rates
Increased deployment frequency
Automated testing
Automated deployment
Ongoing asset inspection

Last modified September 12, 2022: Added remaining Views and Viewpoints (b3bfaac)