Informacje o stanowisku

Job Description - Principal Technical Security Expert (12002300D20241029)

Principal Technical Security Expert (

Job Number:

DISCOVER your opportunity

AXA XL has an exciting opportunity for a Principal Technical Security Expert, who will be responsible for embedding security (people, processes, and technology) within AXA XL’s application and development teams. You will be required to work with projects and operational teams to develop an appropriate security strategy, architecture and practices that will be embedded into our cloud and identity solutions, securing appropriately our IT platforms and solutions.

Responsibilities:

• Provide thought leadership across Group Technology regarding the design and implementation of secure development techniques and testing mechanisms.
• Manage and influence key stakeholders (capability owners) to provide input and support initiatives related to application development and testing improvements and enhancements.
• Drive the development and enhancement of the secure development across the AXA XL IT estate.
• Challenge the application testing status quo to enable the application lifecycle to be secure but also meet the needs of the business.
• Take input from key stakeholders to develop and maintain the secure development and testing roadmap.
• Be the global security expert/owner for large-scale complex projects related to the development of new applications.
• Manage the input from multiple architectures, engineers, and operations personnel to secure development and testing artifacts.
• Drive the development of the security control environment for the AXA XL secure development and testing utilized by AXA XL.
• Lead the security remediation projects technically related to application development and testing.
• Represent AXA XL to other AXA Group and other entities in the field of application development and testing.
• Demonstrate how proposed designs comply with AXA XL security policies and AXA Group Security standards.
• Take security architecture designs through AXA XL’s governance processes.
• Develop and continuously evolve our security target architecture and roadmaps based on sound enterprise architecture practices.
• Work with Global Technology, Information Security, Data Protection Office, and IRM teams to align the cloud and identity security control environment.
• Work with Project Managers and other stakeholders to produce agreed sets of deliverables, work to project plans, and report progress. Provide input to planning, forecasting process, and RAID logs where required.
• Review security technologies, tools, and services, and make recommendations to the broader security and development teams for their use, based on security, financial, and operational metrics.

Qualifications:

• Previous experience in either application development or application security testing.
• Experience embedding security into development pipelines.
• Experience creating secure development processes and governance; implementing those structures within development pipelines to secure the design, coding, and testing of applications.
• Knowledge of industry standards such as ISO 27001, HIPAA, FedRAMP, Cloud Security Alliance, NIST frameworks, and risk methodologies.
• Experience with developing security architecture within frameworks such as SABSA.
• Understanding of threat landscapes and threat modeling, security threat and vulnerability management, and security monitoring.
• Awareness of tools and techniques used by attackers to compromise applications, including common application flaws and vulnerabilities that make them insecure.
• Experience working in a consulting (internal or external) type of role.
• Working knowledge of design principles relating to DLP, IDS/IPS, Firewalls, Proxies, Identity Access Management, Certificate Management, SIEM, Endpoint Protection, Anti-malware, and vulnerability management.
• Experience working with the Solutions and Technical Architects to ensure solutions designs include the appropriate security guardrails to reduce risk and protect sensitive internal and external client information.
• Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences.
• Experience in taking ownership of tasks and demonstrating a high degree of autonomy to ensure completion.
• Personable and able to foster good stakeholder and peer group working relationships.
• Experience in driving and supporting RFP/RFIs & SOWs, including managing suppliers.
• Recognized Cyber Security certifications, such as CISSP, CIISEC (member or fellow), CISM, SANS, SABSA, OSCP are advantageous.

Location: PL-PL-Wroclaw

Work Locations: PL Wroclaw Pegaz Building, Kazimierza Wilekiego no. 3, 3rd & 4th Floor, Wroclaw 50-077

Job Field: Information Technology

Schedule: Full-time

Job Type: Standard

Wrocław - Oferty pracy w okolicznych lokalizacjach