The opportunity
CoE IT Risk & Security is looking for a qualified cyber security manager/lead with excellent security background with recent and relevant working experience as a software security tester and/or as a team lead. Security testing experience in a financial environment could be advantageous but not determinant.
Roles and responsibilities
- Leading and coaching security engineers
- Security role model that brings new security knowledge to the teams
- Project management of several running projects and come with new projects that can make an impact throughout the organization
- Support the delivery of a roadmap
- Demonstrate excellent judgement in prioritizing security efforts to mitigate the appropriate risks
- Be a strong communicator and can translate security objectives to tech teams
- Managing several security services:
- Security requirements
- Threat Modelling
- Design Reviews
- Secure Code Review
- Penetration Tests
- Security Trainings
- As a Security Chapter Lead you will be working with a team of great security engineers on several topics i.e. Security Testing, Security (Test) Automation, Security Research, and many others.
- You will help reduce the risk for the organization by helping DevOps teams to deliver secure products, coordinate and help your team to support 300+ DevOps teams thought-out SSDLC and coordinate the work with Risk departments within the CoE IT Risk & Security.
- You will help to create new strategic plans to be more efficient and work together with several other security departments. For example, Global CISO, Secure Defense Centre and other Product Security Teams across the world.
- You will also coach your team members and bring them to the next level in their career and improve their security knowledge.
- As an expert, you will contribute to the security research squad and visit conferences to bring new knowledge inside the company. You will act as a bridge from Security to our Risk departments.
- You also will assist with the continuous improvement of the processes critical to the success of the team.
- You will align with other DBNL Stakeholders in other domains including global CISO with your new initiatives.
- You will be reporting to the Head of IT Risk & Security.
Requirements
- B.S. in Computer Science or related technical major (M.S./PhD preferred), or significant job experience.
- Experience in managing/leading a security team
- Out standing stakeholder management skills
- Experienced in working in complex environments
- Strong analytic skills and ability to solve highly complex problems
- Strong reporting skills
- Strong security knowledge with programming background
- Minimum 5 years penetration testing experience, with experience on mobile testing and APIs
- Experience with OWASP testing Guide / Open-Source Security Testing Methodology Manual
- Experience deploying enterprise security testing solutions
- Experience with cryptography, X509 certificates, signatures, securing TLS/SSL parameters, and certificate pinning
- Technical depth in many, if not most of the following areas: Java EE, Node.js, Scala, iOS, Android OS, Windows Mobile, web services.
- Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration
- Knowledge of cloud security
- Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired
- Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns
- Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change
If you're interested, please apply with your CV or reach out to Eva Sassnick.