Listing Description
What you’ll do on a typical day :
Main responsibilities to include but not be limited to :
Represent the Global Information Security team and collaborate with technical leads (Developers QA, DevOps), project managers, third-party vendors, and business unit stakeholders to integrate
Security controls into the SDLC
Guide and perform security activities including risk assessments, intrusion attempts, vulnerability
Testing and analysis, code review, static and dynamic code testing, and penetration testing of
Mobile and web applications; provide responses and action plans to external security
Consume and prioritize automated scan results; provide remediation guidance and help reduce
Review third party assessment results, providing remediation guidance, retesting and exploit
Communicate application security program fundamentals and processes, and act as a consultative
Partner with the business/developer teams; promote secure coding practice through the use of
Participate in IT projects, providing security reviews and remediation recommendations based onwRequirements;
Bachelor’s degree in Security Certification (e.g. CISSP, GPEN, GWAPT, OSCP, etc.) ITIL (Preferred) or demonstrable equivalent experience
Minimum 5 years in similar roles
Fluent in English (required), French (beneficial)
Deep knowledge of security technologies, protocols, concepts such as networks, firewall management, system hardening, encryption, PKI, malware analysis and protection, IDS/IPS, Application firewalls, a different type of attacks
Strong knowledge of SecDevOps and associated good practice standards like OWASP
Knowledge and experience in application technology security testing including white box, blackbox and code review
Experience with automation scripting and automated testing tools for DAST, SAST, and MAST
Working knowledge of a variety of programming languages with emphasis on C#, Java, JS, Swift, and HTML; familiarity with common scripting languages (e.g., Python, Ruby, BASH, PowerShell, Perl) and the ability to write code independently in select languages
Knowledge of and experience with commercial and open-source application security tools (e.g. Veracode, Checkmarx, QARK, Burp Suite, OWASP Zap, Arachni, Nikto, Retina, BlackDuck, Nmap, Kali Linux, Metasploit framework, Wireshark)
Understanding and experience in securing cloud applications/infrastructure including deployment/management of similar technologies in cloud
Proficiency in Microsoft Office and Windows OS, and familiarity with Linux systems
Things of the bigger picture (e.g. how one vulnerability or gap could be leveraged to support a greater attack or compromise)
Excellent negotiation skills to deal effectively with individuals and groups within and outside the organization
Be part of something big.
Listing Details
- Citizenship: Eu Citizenship
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Optional Telecommute