Opis stanowiska podany przez pracodawcę:

Application/ Product Security Engineer
remote work
NR REF.: 1192690

Hays IT Contracting is a cooperation based on B2B rules. We connect IT specialists with the most interesting technological projects on the market. For our client, a global leader in electrification and automation technologies serving industries such as transportation, infrastructure, and manufacturing, we are currently looking for Candidates for the position of Application/ Product Security Engineer. 
Work mode: mainly remote, occasional visits to client39s office 
Compensation: 200 PLN/h net (estimation, open to candidates expectations)Contract type: B2BCooperation: long-termLanguage: B2/C1


Your role and responsibilities:
Client is an international pioneering technology leader that is writing the future of industrial digitalization. At the forefront is their Corporate Technology Center, which provides industry-leading software and deep domain expertise to help the world’s most asset-intensive industries solve their biggest challenges. To strengthen their team in the IIoT Platform and Applications stream, they are looking for an Application/Product Security Engineer, who is an effective team player with excellent communication skills. As part of the IIoT P&A stream, they are developing a unified approach for software, which consists of a set of services and apps with individual lifecycles hosted on top of common platforms for on-prem execution and cloud. Seize this unique opportunity and see your work transformed into a hive of tangible products. As an Application/Product Security Engineer, you will be working with cross-functional and agile teams operating in an international environment. You will be mainly accountable for:

• Security Assessments: Conduct regular security assessments, including threat modeling, At-tack Surface Analysis, Critical Analysis. 
• Security Architecture: Design and implement security architecture and controls for new and existing products. 
• Code Review: Review source code for security vulnerabilities and provide actionable feedback to development teams. 
• Secure Coding Practices: Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation. 
• Tool Implementation: Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes. 
• Incident Response: Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies. 
• Collaboration: Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process. 
• Monitoring and Reporting: Monitor application security metrics and provide regular reports to management on security posture and compliance.

Qualifications for the role:

• University degree in Computer Science or similar field.
• Understanding of programming languages such as Java, C#, Python, or JavaScript.
• Strong understanding of application security principles and secure coding practices.
• Strong understanding of application security principles like network security, encryption, access management and their best practices.
• Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti).
• Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, ISO 27001), cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features.
• Hands on experience with containerization and orchestration tools such as Docker and Kubernetes.
• Fluency in English.
• Certifications: Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus.

Key Requirements:

• Strong understanding of application security principles and secure coding practices.
• Strong understanding of application security principles like network security, encryption, access management and their best practices.
• Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti).
• Hands on experience with containerization and orchestration tools such as Docker and Kubernetes.

What We Offer:

• A quick recruitment process.
• Standard benefits including preferential rates for LuxMed, Multisport, and life insurance packages.
• The chance for long-term cooperation on projects for top players in numerous sectors.
• Opportunities for future assignments with other leading clients through Hays.

What will the recruitment process look like:

• Your CV will be verified by a Hays Recruiter.
• The recruiter will contact you by phone – a 15-minute conversation about the project and your experience.
• Meeting with the client – 1-2 stage.
• Offer.
• Welcome to the project!

Hays Poland sp. z o.o. is an employment agency registered in a registry kept by Marshal of the Mazowieckie Voivodeship under the number 361.

Kontakt do pracodawcy:

Kliknij tutaj, aby skontaktować się z pracodawcą lub wysłać swoje CV »