Principal Security Engineer - Dun & Bradstreet Warsaw - Poland Bookmark Share Print 132 0 0

Listing Description

Why We Work at Dun & Bradstreet
Dun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,000+ global team members are passionate about what we do. We are dedicated to helping clients turn uncertainty into confidence, risk into opportunity and potential into prosperity. Bold and diverse thinkers are always welcome. Come join us!

Team Overview:
 
Product Security/Application Security team consists of software security professionals. The team works very closely with business and the technology team to implement security controls and to ensure that the D&B products are free of any security defects and vulnerabilities. The team has subject matter experts in the following areas:
1.      Application Security Architect
2.      Application Security Engineer
3.      Penetration Testers
 
The Role:
 
We are seeking a highly skilled and experienced Senior/Principal Security Engineer specializing in Static Application Security Testing (SAST) and Software Composition Analysis (SCA) practices. As a Principal Security Engineer, you will play a crucial role in ensuring the security of our software applications and driving the adoption of DevSecOps principles throughout our development lifecycle.
 
The individual will be responsible for implementing software security controls as part of the secure SDLC pipeline and will achieve automation and scalability to support the D&B portfolio.
The individual will also interact with businesses on a regular basis and will generate appropriate KPI/KRI’s to discuss the effectiveness and status of the program.

Responsibilities:
  • Lead SAST, SCA, and Manual Code Review Practices: Develop and implement robust SAST, SCA, and Manual Code Review practices, including tools, processes, and guidelines to identify and mitigate security vulnerabilities in our software applications.
  • DevSecOps Implementation: Drive the adoption of DevSecOps principles by collaborating closely with development teams to integrate security into the software development lifecycle. Implement security-focused automation and tooling to enable secure and efficient development practices.
  • Findings Triage and Remediation: Lead the triaging and analysis of security findings from SAST, SCA, and Manual Code Reviews. Work closely with development teams to prioritize and remediate identified vulnerabilities in a timely manner.
  • Manual Code Reviews: Conduct manual code reviews to identify security vulnerabilities, code quality issues, and architectural weaknesses. Provide detailed feedback and recommendations to development teams for remediation.
  • Development Experience: Utilize your development expertise to build software security libraries, frameworks, and reusable components that enhance the security posture of our software applications. Contribute to secure coding practices, security standards, and guidelines.
  • Security Education and Awareness: Provide guidance and training to development teams on secure coding practices, secure design principles, and software security best practices. Foster a security-conscious culture and raise awareness of potential risks and mitigation strategies.
  • Security Tooling Evaluation: Research, evaluate, and recommend industry leading SAST, SCA, and code review tools and technologies. Stay updated with emerging trends and advancements in application security to continuously improve our practices

    • Requirements:
  • Bachelor’s degree
  • 10+ years of working experience in cyber security, preferably in application security, secure SDLC and application development
  • Extensive experience in SAST, SCA, and Manual Code Reviews, including hands-on experience with industry-standard tools such as SonarQube, Checkmarx, Veracode, Snyk, and code review platforms.
  • Strong understanding of DevSecOps principles and experience implementing security automation within CI/CD pipelines using tools like Jenkins, GitLab, or Azure DevOps.
  • Proficient in programming languages such as Java, Python, JavaScript, or similar, with a solid understanding of secure coding practices and vulnerability mitigation.
  • In-depth knowledge of common application security vulnerabilities, secure coding practices, and security standards (e.g., OWASP Top 10, CWE, NIST).
  • Experience with manual code reviews, conducting in-depth code analysis, and providing actionable feedback for vulnerability remediation.
  • Strong problem-solving skills and the ability to analyze complex security issues and provide effective solutions.
  • Excellent communication skills with the ability to effectively collaborate and educate cross-functional teams on security practices.
  • Relevant certifications such as CISSP, CSSLP, or GIAC certifications are a plus.
    • All Dun & Bradstreet job postings can be found at https://www.dnb.com/about-us/careers-and-people/joblistings.html. Official communication from Dun & Bradstreet will come from an email address ending in @dnb.com.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!