Informacje o stanowisku

Social network you want to login/join with:

Devire IT Outsourcing is a form of cooperation dedicated to IT professionals, based on the principles of own business - B2B, implementing projects for clients running innovative and modern projects.

Our client is a global leader in the FMCG industry with a recognizable brand and high standards of business. It is a company that pays attention to sustainable development and social responsibility. Due to the dynamic growth of the organization, we are looking for candidates for the position of Application Security Consultant .

Requirements

• Degree in software development or equivalent experience.
• 5+ years as a software developer or DevOps professional.
• Proficient English communication skills (C1).
• Ability to manage and prioritize OWASP Top 10 vulnerabilities.
• Excellent knowledge of at least one object-oriented programming language (Java, .NET).
• Experience with AWS and Azure, particularly their security products.
• Familiarity with modern technologies (Docker, Kubernetes).
• Experience with automated deployments and containerized application management.
• Expertise in creating monitoring and alerting solutions.
• Proficiency with IaC and Configuration Management tools (Terraform, Ansible, Puppet, Chef).
• Strong understanding of CI/CD pipelines (2+ years).
• Advanced scripting skills.
• Expertise with version control systems (Git/GitHub).
• Commitment to continuous professional learning in software engineering, cloud, and application security.
• Experience in agile development teams in a fast-paced environment.
• Excellent interpersonal and communication skills in English.
• Experience mentoring teams in DevSecOps.
• Cloud-native development or experience with public/hybrid cloud services (AWS, Azure).
• Hands-on experience with Cloud & Software Security and DevSecOps tools (CNAPP, SAST, SCA, DAST).
• Experience with maintaining large-scale, fault-tolerant distributed systems.
• Knowledge of IT security frameworks and standards (ISO2700x, CIS Benchmarks, NIST, Well Architecture Frameworks, OWASP SAMM, OWASP ASVS).
• Understanding of diverse technologies, programming languages, and application frameworks for risk and vulnerability identification.
• Experience with Application Security reviews, Program Assessments, Vulnerability Assessments, Risk Assessments, and SDLC process improvement.
• Experience with ecosystems like SAP, Salesforce, ServiceNow, PLM, CRM, Data Management/BI.

Responsibilities

• Act as SME in DevSecOps program.
• Support static, dynamic and security awareness services.
• Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements.
• Lead S-SDLC training and guidance on security related issues.
• Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC).
• Advise on identified vulnerabilities in our applications and cloud environments without jeopardizing product roadmap.
• Evangelize and coach engineers on secure design & development practices through threat modelling and help remediate findings.
• Cross pollination of secure development techniques and best practices across engineering tribes.
• Collaborate across technology and business units and ensure CS initiatives are successfully delivered.
• Be on-hand to assist colleagues as part of our incident response (Security Operations) process should this be required.

The offer

• Contract type: B2B contract via Devire.
• Location: remote work (occasional visits in Warsaw office).
• Recruitment process: verification on Devire side + two stages on Client side.

Warszawa - Oferty pracy w okolicznych lokalizacjach