Community Security Engineer
|Community Development Best Practices edit|
The Community Security Engineer (CSE) is a role in the Community Development process. The primary responsibility of the CSE is to oversee that information security risks are managed during community development projects.
The CSE is responsible for overseeing information security in community projects, and in helping to identify, communicate, and assist the community project team in mitigating the most important security risks.
- Integration and risk assessment: Engage directly with project teams to identify security risks and convey security requirements. A CSE takes part in project requirement discussions to identify security risks and provide security requirements to help mitigate those risks.
- Consulting: Provide professional security and compliance consulting and documentation to help Community Developers and the Community Development Coordinator mitigate security risks. They verify that requirements and standards are met.
- Testing: The CSE May discover and exploit vulnerabilities in Community Development applications using properly-licensed tools and ethical means. Per assessment guidelines, test scope and timing is defined in a Rules of Engagement document and agreed to by the Program Manager and the IT Security Risk Liaison before testing may commence.
- Reporting: The CSE shares security test results with the IT Security Risk Liaison to ensure consistency and adequate coordination. After receiving any feedback, the engineer shares these results with the project team in a professional manner.
- Follow-Up: The Program Manager ensures that confirmed vulnerabilities are tracked as bugs. The Program Manager is responsible for ensuring that all significant security code defects are addressed before the product is deployed to production.
- Escalation: Serious pushback on imperatives should be communicated to the community development liaison (full-time Church employee) to take up with management.
- Review and be familiar with the Church Application Security Requirements.
- Be familiar with the Church Security Risk Assessment Process.
- Be familiar with Information Security concepts and Risk Management processes.
- Be familiar with sensitive information and ensure proper privacy controls are being implemented.
- Community Development Security Essentials
- Church Security Risk Assessment Process
- Wikipedia:Information security
- Wikipedia:Security risk
- Wikipedia:Enterprise risk management