About the role:
You are an Application Development security professional with solution mindset and hands on security engineering or secure development expertise. You will be a member of the team of cybersecurity engineers at DPDHL IT Services. You will provide direction, execution guidance, propose innovative solutions and influence security of digital solutions for a worldwide logistics company. You will collaborate with other teams like Information Security Defense, Information Security Architecture, Risk and Compliance Management to ensure adoption and usage of adequate security measures in application development to support the IT Services strategy to become the competitive advantage for the DPDHL Group.
What you will do:
• Facilitate adoption and implementation of best practices for applications that make DPDHL the number one logistics company.
• Provide expert recommendation on secure solution architecture & design so that our applications pass any penetration test summa cum laude.
• Support secure means of integrating open source code and APIs.
• Support the “Sec” in our DevSecOps processes and tools.
• Support application security reviews with threat modeling, architecture and code review as well as dynamic testing.
• Obtain threat intelligence related to secure application build (e.g. vulnerability management for open source components).
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Support creation of training materials for secure application development and socialize the material with development teams.
• Stay up-to-date on the latest security threats and the technology being developed to deal with them.
• Perform tests of digital infrastructure & solutions against vulnerabilities.
• Prepare and review security documentation as well as participate in security audits.
• Apply industry standard methodologies and frameworks.
You should have:
• Experience with :
– application security frameworks, controls and best practices in application build environments.
– implementing secure development practices in to SDLC and agile development methods.
• Ability to:
– successfully integrate security into a developer’s world.
– drive assigned topics and facilitate their implementation.
• Experience in the Software as a Service (SaaS) and DevSecOps models.
• Familiarity with Open Source Software.
• Experience in managing application security testing tools, e.g.SAST, DAST, Open Source vulnerability scanning and common security tools.
• Deep knowledge of OWASP Top 10 and CWE 25 with proven track record in implementing and integrating mitigations..
• Familiarity with common security libraries, security controls, and common security flaws.
• Experience working with developers.
• Strong knowledge of current and legacy security technologies, as well as, emerging technologies and IT trends.
• Background and knowledge of risk assessment technologies and methods.
• Knowledge of cybersecurity best practices.
• Communications skills, consulting skills and skills to drive topics in a virtual team spread over several locations.
• Verbal and written communication skills.
• Excellent English and proficient presentation skills.
Nice to have:
• Industry recognized security certification.
What we offer:
• Great multinational team of information security professionals.
• On-going professional and technical trainings and certifications.
• Modern offices in Chodov.
• Home office possibilities
• Permanent contract
• Pension plan contribution
• CAFETERIA employee benefit program with wide selection of benefits from Edenred
• Extra week of holiday (25 days/year), 6 Self-sickness days/year, Full salary compensation for up to 10 days absence due to illness per calendar year, Lunch vouchers fully covered by company
• Multisport card, mobile and laptop, fruit days, sport clubs for employees, Referral program……