We are now looking for a Specialist in Security Development Area (SecDevOps), Tricity or Warsaw who will support driving the Secure DevOps culture inside on organisation. By joining the Chief Security Office, this is an opportunity for you to contribute in Company’s SecDevOps journey as well as setting directions for IT security.
You will be having a key role in our Secure Development Engineering team by defining, driving, implementing and monitoring security controls embedded in the secure software development lifecycle (SDLC) as well as ensuring development security controls are operating effectively.
As a member of the security team you will be working within Group Risk and Compliance in second line of defense. We are overall responsible for security monitoring, control and reporting and that company has an effective security governance and management process in place.
What you’ll be doing:
• Define, monitor and measure security controls embedded in SDLC (Software Development Life Cycle)
• Define and demonstrate prudent application and infrastructure security oversight
• Challenge and proactively advice the first line of security on regulatory compliance and security control feasibility in operational processes.
• Work closely with development teams to ensure the applications are designed with security & operability in mind.
• Design and improve security processes to support key activities, both in IT Security and DevOps environment.
• Ensure that practices used at both – Development and Operations stage of implementation fulfil security and compliance requirements
To succeed in this role, we believe that you:
• Possess the capability of transforming IT security and the regulatory requirements into operational processes, and ensure the implementation of IT security controls
• Have a passion/interest for tech security combined with understanding of regulatory requirements
• Demonstrate structured thinking and be comfortable working with complex assignments
• Secure SDLC is your real interest. You want to understand how full process works and how we can continuously improve it.
Your experience and background:
• Experience in working with IT Security processes, governance, measures and controls
• (e.g. Threat modelling, DAST, SAST etc.)
• Excellent understanding what drives security, other than just code quality when developing and delivering software.
• Familiar with development of automated CI/CD deployments, container-based architecture and relevant infrastructure solutions.
What is offered: