IT CONNECT to firma stworzona dla ludzi dynamicznych, realizujących się w codziennej pracy. Na bieżąco dysponujemy najciekawszymi propozycjami pracy w dziedzinie IT i technik, a nasi pracownicy pracują z najlepszymi i najbardziej znanymi firmami w Polsce. Poszukujemy zarówno doświadczonych specjalistów i menadżerów, jak również studentów ostatnich lat i świeżych absolwentów IT. Najważniejsza dla nas jest Twoja pasja i chęć samorealizacji. U nas będziesz realizować swoje marzenia!!
Application Security Analyst
Miejsce pracy: Warszawa
Nr Ref.: [1483] P
Nr Ref.: [1483] P
Job description:
- Integrate threat modelling practices into the Software Development Lifecycle.
- Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security.
- Perform security tests, application vulnerability scans within SDLC.
Background
- Define consistent Secure Software Development Lifecycle practices for all SKF Digital Manufacturing technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate and secure coding practices followed.
- Ensure end-to-end security of SKF Digital Manufacturing products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts.
- Improve secure coding practices, application security requirements, automation, training, and metrics.
- Integrate threat modelling practices into the Software Development Lifecycle.
- Help build secure products and standards around emerging technologies and using existing standards and security practices.
Qualifications:
- Excellent interpersonal communication and organizational skills to contribute as a leading member of global, distributed teams focused on delivering quality services and solutions for the global SKF Manufacturing footprint.
- Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer’s world.
- Deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities.
- Best practices design and threat modelling skills.
- Familiar with code management system, CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.
- Dedicated to work with developers in producing secure code.
- MSc in Computer Science, Mathematics, Physics, Engineering, or similar.
- CEH, GIAC, OSCP, GISCP, CISSP, IEC/ISA 62443, ISO 2700x certifications, or similar.
- 5+ years overall experience in working various positions within information security, advantageous if with IT/digital transformation projects, and in an international environment.
- 2+ years in Application security, related to the industry’s security best practice.
We offer:
- Remote work.
- Work for a telecommunications company.
- Possibility of using private medical care and a sports card on preferential terms.