A Security Champion is required for the Open Banking Programme. Working across Development teams, ongoing reviews of Systems Design & Architecture, inc. Operations & Governance, ongoing engagement with Industry to assess impact of imposing changes to the Banks infrastructure and/or solution design, translating into requirements. Perform threat analysis at different stages modelling system
Review / feedback on the proposed specifications provided by Open Banking, attend workshops to review specifications from a security perspective, determine imposing changes to the Banks infrastructure
and or solution design translating these into requirements. Security Support to Developers, analyse code design, static code reviews for security issues / provide guidance on best practices.
Derive attack approaches and review User Stories or design changes with solution architecture. Build security user stories, review stories with security acceptance criteria for unit testing purposes.
Ensure requirements have been assessed against the OWASP ASVS Requirements, help to review security sensitive code. Static Security Analysis Testing (SAST) using Automated pipeline builds.
Run threat modelling, transpose these threats into mitigations through the design. Work with architecture on secure architecture patterns such as OAuth2.0 / OpenID / CIBA or MODRNA. Understand security risks, document them and feed into the backlog / ORA / Project RAID log. Determine and Security solutions to address any security concerns.
Personal Or Behavioural skills:
Provide guidance on: Secure headers, Relevant playbooks, Hardening of runtimes, Use of open-source libraries, Safe configuration of web applications, Secure coding guidelines. Maintain good understanding of Public Key Infrastructure, Cryptography. Coordinate PenTesting with Information Security, review PenTest reports and identify solutions/ close vulnerabilities with dev teams.