Security Auditor

Summary Sapiens is seeking a skilled and experienced System Security Auditor to join our team in supporting projects and development teams with compliance auditing, knowledge transfer and training of Cybersecurity processes, compliance, and best practices as part of our Secure Software Development Framework (SSDF). Responsibilities

• Audit all project's compliance with SSDF procedures and work on mitigation and correction.
• Assist and train Delivery and Project teams in comprehending and adhering to the Secure development process.
• Participate in the Security Champions initiative forum and aid the CISO team in creating training materials and reviewing existing cybersecurity best practices.
• Support the regular security compliance external audits (SOC, ISO, etc.) for the division.
• Assess projects' readiness for internal and external Penetration Testing.
• Facilitate and manage discussions with internal teams as well as clients on cybersecurity risks, issues, and mitigations.

• Demonstrated ability to assess security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• In-depth knowledge of Personal Identifiable Information (PII) data security standards and cybersecurity and privacy principles.
• Expertise in security system design tools, methods, and techniques.
• Knowledge of systems security testing and evaluation methodologies.
• Proficient in recognizing risks and vulnerabilities in security systems (e.g., vulnerability and compliance scanning, design analysis, and control review).
• Deep understanding of the security aspects of a Cloud PaaS/SaaS deployment and Integration.
• Excellent verbal communication, facilitation, and documentation skills.
• Openness to learning new skills, problem-solving abilities, and a keen eye for detail.
• A university-level degree in a relevant field, with formal cybersecurity certification being strongly preferred.

• 3 years of experience in auditing and facilitating cybersecurity audits in software development and/or cloud-based hosting environments.
• Hands-on experience with Cybersecurity testing, Penetration testing mitigation, and security risk analysis.
• Expertise in using third-party software vulnerability tools, managing CVEs and CWEs based on the CVSS scoring.
• Experience with implementing security scanning and testing as part of CI/CD.
• Experience with integrating SIEM principles into secure logging systems and observability.

• Prior experience working as a CISO or a part of CISO team.
• Background in software development, DevOps, or systems administration.
• Experience working for or with Financial Services companies.