Drive shift left security in an agile working environment, championing and help putting in place / improving security processes, controls, tooling needed to support the product security of the organization.

Part of a global organization, leader in its industry, providing specific services supporting its success. You’ll be interacting with security counterparts and teams from other units / countries.

More information and full details available – reach out for a full conversation and insight on the role, the team, the organization and overall environment.

Some of the role details:

• Drive efforts on product security, helping the organization to adopt security in its day to day work
• Help bring security in the full cycle, from design to production (full pipeline)
• Advise and support dev teams on understanding the security requirements, and applying them properly, including security championing and awareness trainings
• Support product teams, from threat modeling to classification, to security controls in CI/CD pipeline
• Aid to proper security structure and documentation,
• Work with counterparts from HQ to support improve / properly implement various security areas (vulnerability management, risk management etc.)as well as liaise with external security service providers

Some of the role requirements:

• Long experience in taking on bringing / improving security maturity in a product related environment. Experience in financial services related environments a plus.
• Solid infosec fundamentals in all relevant areas (overall IT security/AppSec/cloud security) including good understanding of various security standards, methodologies and frameworks (e.g. ISO27001, NIST etc.)
• Good experience in pipeline security, creating and embedding security controls, in an agile environment
• Good understanding on cloud security and container security (e.g. AKS, EKS)
• Very good communication skills and interpersonal skills – working in an international, diverse team, interfacing with technical and not technical stakeholders (security counterparts, team members, POs, Devs, Architects etc.) and driving projects / initiatives.

Get in touch to discuss further and share more details on this or other relevant opportunities (including discussing your career in information security in general!).

Relevant terms: AppSec, IT Security, Security Engineering, SSDLC, Product security, CI/CD, CICD, pipeline security, OWASP, OSSTM, SCRUM, Agile, Python, JAVA, Azure, AWS, Web Application Security, Web Services, API Security, Secure Code Reviews, Threat Analysis, Threat Modeling, SAST, DAST, SCA, Container Security, Kubernetes Security, AKS, EKS, Infrastructure as Code, Software Security, SSDLC, Application Security, Web Application Testing, API testing, Security Testing Automation, Cryptography, TLS, SSL, IT/OT Security, Triaging, Security Automation, Vulnerability Management, Risk Management, ISO 27001, NIST, DevSecOps, SecDevOps, security awareness, security trainings, security champion, shift left security, security by design, security maturity, security services management, CISSP, CISM, CCSP, CSSLP

Base Cyber Security helps organizations build knowledge and capabilities in information security. Supporting organizations putting together strong infosec teams or finding the right cyber security experts for their needs is a big part of that.

We work with security professionals globally for information and cyber security roles and projects across all industries in Europe. Whether you are starting your career in information security, need advice for your next step, deciding on how to build knowledge or choose a growth area in security to continue with, let’s have a conversation!

If you have not yet registered with the Base Cyber Security network, be sure to do so! Send us your details at professionals@basecybersecurity.com & follow us on Twitter @BaseCyberSec to stay up to date with our activities and relevant info.

By registering with the security community and / or showing interest in a specific role, project or team, you agree with sharing your personal information with Base Cyber Security, which will in turn collect, use and process this in an ethical, private and compliant (including under the GDPR where applicable) manner.