Our client is one of the world’s leading FMCG companies with a portfolio of global and local brands of dairy products, water, beverages, and specialized nutrition. Due to the innovation growth, we are looking for an individual who will be responsible for the area of applications security.
Our client offers:
- A highly competitive salary and bonus;
- An access to the benefits our Client offers to you and your family, including a company car, private health care, a benefits package for parents, life insurance, a MultiSport card, a social fund, or employee discounts;
- Flexible hours and a home office policy, related to working from the office in Warsaw twice a week. Ready to move to Warsaw? We have a relocation package to help you out;
- On top of that you will work with cutting-edge technologies in an international environment, being provided with the opportunity to apply your extensive experience in risk management on a global scale within a matrix-managed and highly modern organization.
As a Cybersecurity Application Architect, you will be responsible for ensuring the security of the client’s applications by driving the Secure Software Development Lifecycle, ensuring that security is built into the application development process from the start, identifying potential security vulnerabilities and developing strategies to mitigate or eliminate those vulnerabilities. Additionally, you will drive the DevSecOp strategy to deliver a DevSecOps-as-a-service capability.
Key Responsibilities:
- Identify potential security vulnerabilities in the organization’s applications;
- Develop strategies to mitigate or eliminate security vulnerabilities, and compliance with standards;
- Work closely with the development team to ensure SoD;
- Ensure that all applications are properly secured and compliant with relevant laws and regulations;
- Monitor and evaluate the effectiveness of the application security program;
- Provide security guidance to product teams on an ad-hoc basis;
- Develop components to enable the deployment and configuration of DevSecOps tools for larger product teams;
- Deliver the DevSecOps-as-a-service capability:
- provision DevSecOps tools to small product teams;
- Manage the configuration and operation of DevSecOps tooling;
- Make new tools available to DevSecOps teams;
- Ensure adoption of the DevSecOps tools;
- Monitor tools’ usage;
- Support the development of DevSecOps policies, standards and processes;
- Provide DevSecOps metrics to the metrics and reporting manager;
- Develop and maintain relationships with external partners, such as security vendors and consultants;
- Provide training and education to employees on application security best practices.
Requirements:
- Minimum 7+ years of relevant experience in configuration and operation of DevSecOps tools (e.g. GitHub, GitHub Actions, Checkmarx, Acunetix etc.);
- Certifications or specialization in industrial cyber security;
- Knowledge of international norms or standards, such as ISO 27001/2, NIST, OWASP Top 10, OWASP SAMM framework;
- Knowledge of security infrastructure, industry standards & protocols and operational technologies (OT);
- Deliver the DevSecOps-as-a-service capability;
- Support selection and configuration of DevSecOps toolsets;
- Provide input into the development of DevSecOps policies, standards and processes;
- Excellent verbal and written communication skills in English and the ability to communicate effectively with all levels of the organization.
