Information Security Engineer – Application Development

Praha

About the role:
You are an Application Development security professional with solution mindset and hands on security engineering or secure development expertise. You will be a member of the team of cybersecurity engineers at DPDHL IT Services. You will be responsible to provide direction, execution guidance, propose innovative solutions and influence security of digital solutions for a worldwide logistics company. You will collaborate with other teams like Information Security Defense, Information Security Architecture, Risk and Compliance Management to ensure adoption and usage of adequate security measures in application development to support the IT Services strategy to become the competitive advantage for the DPDHL Group.

What you will do:
• Turn application security frameworks and blueprints into viable and technical design, effectively protecting the digitalization journey of DPDHL.
• Drive security enhancements and technological innovations in traditional and agile application development processes.
• Facilitate adoption and implementation of security best practices for applications that make DPDHL the number one logistics company.
• Provide expert recommendation on secure solution architecture & design so that our applications pass any penetration test summa cum laude.
• Support secure means of integrating open source code and APIs.
• Drive the “Sec” into DevSecOps process and tools.
• Drive application security reviews with threat modeling, architecture and code review as well as dynamic testing.
• Establish and maintain threat intelligence related to secure application build (e.g. vulnerability management for open source components).
• Collaboration on product conceptualization for security by design.
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Support creation of training materials for secure application development and socialize the material with development teams.
• Stay up-to-date on the latest security threats and the technology being developed to deal with them.
• Actively investigate on new technologies and facilitate onboarding of next generation of enterprise security architecture and technologies.
• Supervise tests of digital infrastructure for vulnerabilities.
• Supervise preparation and review of security documentation as well as participate in security audits.
• Apply industry standard methodologies and frameworks.

You should have:
• Strong and proven track record of implementing application security frameworks, controls and best practices in application build environments.
• Hand-on experience with implementing secure development practices in to SDLC and agile development methods.
• Ability to drive assigned topics and facilitate their implementation.
• Expert understanding of internet security issues, application security technologies, cloud architectures and threat landscape concepts.
• Professional level experience in the Software as a Service (SaaS) and DevSecOps models.
• Familiarity with Open Source Software and security challenges of adopting it.
• Experience in managing application security testing tools, e.g. SAST, DAST, Open Source vulnerability scanning and common security tools.
• Deep knowledge of OWASP Top 10 and CWE 25 with proven track record in implementing and integrating mitigations.
• Good understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols relevant to application development and deployment.
• Familiarity with common security libraries, security controls, and common security flaws.
• Strong capabilities in application security areas such as authentication, authorization, encryption, logging, shielding and hardening techniques, ethical hacking.
• Ability to successfully integrate security into a developer’s world.
• Some knowledge of scripting languages (vbscript, powershell, perl, javascript, python, etc.).
• Experience with working in international company is an advantage.
• Strong knowledge of current and legacy security technologies, as well as, emerging technologies and IT trends.
• Background and knowledge of risk assessment technologies and methods.
• Some understanding of security breach protocols and attack vectors..
• Knowledge of cybersecurity best practices.
• Communications skills, consulting skills and skills to drive topics in a virtual team spread over several locations.
• Verbal and written communication skills.
• Excellent English and proficient presentation skills.
• Industry recognized security certification is an advantage.

What we offer:
• Great multinational team of information security professionals.
• On-going professional and technical trainings and certifications.
• Modern offices in Chodov.
• Home office possibilities
• Permanent contract
• Company Car, Pension plan contribution, Long-term Sickness Insurance
• CAFETERIA employee benefit program with wide selection of benefits from Edenred
• Extra week of holiday (25 days/year), 6 Self-sickness days/year, Full salary compensation for up to 10 days absence due to illness per calendar year, Lunch vouchers fully covered by company
• Multisport card, mobile and laptop, fruit days, sport clubs for employees, Referral program……

Contact

Lukáš Mandžikievič
Lukáš Mandžikievič
Recruitment Lead
DHL Information Services (Europe) s.r.o.

Within DHL ITS in Prague I am recruiting mainly senior management positions as well as positions for Digital Lab department and other specialized roles.

DO YOU KNOW ABOUT SOMEONE WHO COULD HAVE INTEREST? SHARE POSITION!