Application Security Engineer - XPO Logistics Paris, France Bookmark Share Print 474 0 3

Listing Description

What you’ll do on a typical day :

Main responsibilities to include but not be limited to :

Represent the Global Information Security team and collaborate with technical leads (Developers QA, DevOps), project managers, third-party vendors, and business unit stakeholders to integrate

Security controls into the SDLC

Guide and perform security activities including risk assessments, intrusion attempts, vulnerability

Testing and analysis, code review, static and dynamic code testing, and penetration testing of

Mobile and web applications; provide responses and action plans to external security

Consume and prioritize automated scan results; provide remediation guidance and help reduce

Review third party assessment results, providing remediation guidance, retesting and exploit

Communicate application security program fundamentals and processes, and act as a consultative

Partner with the business/developer teams; promote secure coding practice through the use of

Participate in IT projects, providing security reviews and remediation recommendations based onwRequirements;

Bachelor’s degree in Security Certification (e.g. CISSP, GPEN, GWAPT, OSCP, etc.) ITIL (Preferred) or demonstrable equivalent experience

Minimum 5 years in similar roles

Fluent in English (required), French (beneficial)

Deep knowledge of security technologies, protocols, concepts such as networks, firewall management, system hardening, encryption, PKI, malware analysis and protection, IDS/IPS, Application firewalls, a different type of attacks

Strong knowledge of SecDevOps and associated good practice standards like OWASP

Knowledge and experience in application technology security testing including white box, blackbox and code review

Experience with automation scripting and automated testing tools for DAST, SAST, and MAST

Working knowledge of a variety of programming languages with emphasis on C#, Java, JS, Swift, and HTML; familiarity with common scripting languages (e.g., Python, Ruby, BASH, PowerShell, Perl) and the ability to write code independently in select languages

Knowledge of and experience with commercial and open-source application security tools (e.g. Veracode, Checkmarx, QARK, Burp Suite, OWASP Zap, Arachni, Nikto, Retina, BlackDuck, Nmap, Kali Linux, Metasploit framework, Wireshark)

Understanding and experience in securing cloud applications/infrastructure including deployment/management of similar technologies in cloud

Proficiency in Microsoft Office and Windows OS, and familiarity with Linux systems

Things of the bigger picture (e.g. how one vulnerability or gap could be leveraged to support a greater attack or compromise)

Excellent negotiation skills to deal effectively with individuals and groups within and outside the organization

Be part of something big.