Security Engineers are responsible for ensuring that product is produced and maintained in a way that is secure and facilitates ongoing monitoring and intrusion detection.
As a Security Engineer, I need to be able to apply best known methods for security to the implementation of product features. I must be able to test all application code against a defined set of standards. I must be able to understand the levels of risk present within our software supply chain.
I need to be able to continuously scan all our assets for newly evolving vulnerabilities that occur within our dependency tree. I must be able to monitor all production environments for signs of attack or intrusion.
Should an incident occur, I must be able to support the response and preserve forensic data, as required. I need to have control over who can access and change specific assets and must have an audit trail of all such changes.
I need to be able to apply security patches in the shortest possible time following the discovery of a zero day vulnerability.
Value Add from Continuous Delivery
- Reduced lead times in delivering new capabilities
- Reduced time to restore from failure
- Reduced change failure rates
- Increased deployment frequency
- Automated testing
- Automated deployment
- Ongoing asset inspection