About the Client
Our client is providing international courier, parcel, and express mail services. It is the world's largest logistics company operating around the world.
About the Role
You are an Application Development security professional with solution mindset and hands on security engineering or secure development expertise. You will be a member of the team of cybersecurity engineers. You will provide direction, execution guidance, propose innovative solutions and influence security of digital solutions for a worldwide logistics company. You will collaborate with other teams like Information Security Defense, Information Security Architecture, Risk and Compliance Management to ensure adoption and usage of adequate security measures in application development to support the IT Services.
What you will do:
- Facilitate adoption and implementation of best practices for applications
- Provide expert recommendation on secure solution architecture & design so that our applications pass any penetration test summa cum laude.
- Support secure means of integrating open source code and APIs.
- Support the “Sec” in our DevSecOps processes and tools.
- Support application security reviews with threat modeling, architecture and code review as well as dynamic testing.
- Obtain threat intelligence related to secure application build (e.g. vulnerability management for open source components).
- Assist in development of automated security testing to validate that secure coding best practices are being used.
- Support creation of training materials for secure application development and socialize the material with development teams.
- Stay up-to-date on the latest security threats and the technology being developed to deal with them.
- Perform tests of digital infrastructure & solutions against vulnerabilities.
- Prepare and review security documentation as well as participate in security audits.
- Apply industry standard methodologies and frameworks.
You should have:
- Experience with :
• application security frameworks, controls and best practices in application build environments.
• implementing secure development practices in to SDLC and agile development methods.
- Ability to:
• successfully integrate security into a developer’s world.
• drive assigned topics and facilitate their implementation.
- Experience in the Software as a Service (SaaS) and DevSecOps models.
- Familiarity with Open Source Software.
- Experience in managing application security testing tools, e.g.SAST, DAST, Open Source vulnerability scanning and common security tools.
- Deep knowledge of OWASP Top 10 and CWE 25 with proven track record in implementing and integrating mitigations..
- Familiarity with common security libraries, security controls, and common security flaws.
- Experience working with developers.
- Strong knowledge of current and legacy security technologies, as well as, emerging technologies and IT trends.
- Background and knowledge of risk assessment technologies and methods.
- Knowledge of cybersecurity best practices.
- Communications skills, consulting skills and skills to drive topics in a virtual team spread over several locations.
- Verbal and written communication skills.
- Excellent English and proficient presentation skills.
Nice to Have Skills
- Industry recognized security certification.