Security Engineering Services – Agile Teams | Pentalog

Security Engineering

Add security into development cycles to protect data and systems.

Security Engineering Avoids Common Pitfalls

In today's market, deferring application and infrastructure security is no longer a viable option. Including Security Engineering in an agile workflow helps avoid common pitfalls or expensive refactoring by linking development cycles with security strategy. By focusing on security during agile iteration, teams can remain aligned with security stakeholders while ensuring “just enough knowledge” to implement the defined security strategy.

Security Engineering

  1. Vulnerability Assessments

    Vulnerability assessment covers the inspection of an information system for security weaknesses, identifying vulnerabilities and assigning a level of severity to each detected issue. If no specific security scanning tool is required, Pentalog will use a tool of its own choosing to conduct requested assessments.

    Assessment reports typically include:

    • A report on vulnerabilities identified in scans combined with an analysis done by the security engineer.
    • Remediation recommendations grouped by criticality.
  2. Product backlog in form of actionable items

    The outcome of any Vulnerability Assessment will comprise recommendations, prioritized according to the assigned level of criticality, to be integrated into the backlog. In addition to remediation measures to be added to the backlog, security documentation may be provided to support the team’s implementation of new and old functionalities from a security perspective.

  3. Visibility on Security Maturity

    Visibility on Security Maturity taking into account the security strategy & expectations defined by the CISO, security engineers will collaborate with the agile team (engineers and product owner) to continuously adapt the Security Maturity Model to the specific project context and implement agreed measures as the project evolves.

  4. Security Engineering by Design

    Security engineering by design is incorporating security controls into the information system so that they become an integral part of the system's operational capabilities. Security engineering within the software development life cycle comprises security-focused design, software development, coding, and configuration, some or all of which may be relevant for a given information system.

    The security engineer will guide the team throughout the industry standards and best practices, internal agency procedures, or methods recommended by vendors, contractors, or other third-party sources.

  5. Processes and workflows documentation

    Onboarding & offboarding

    Thread modeling

    Risk assessment

    Vulnerability assessment

    Patch management

    Security watch

    Remediation plan