We are looking for an experienced and passionate Consultant, Information Security (Applications) to join our Information Security Services team!
The team’s mission is to predict and prevent incidents by identifying and helping to remediate security threats and weaknesses within DPDHL IT portfolio, emphasizing on applications & services.
Being part of this team, you will provide end-to-end security consultancy on application layer, building security into our IT solutions from very beginning. The projects will seek your advice and support along the risk position of the service in its lifecycle.
Your work is essential to protect DPDHL group’s information assets in a dynamic threat landscape by secure design. To achieve this, you will be interacting with our business colleagues, our solution architects and developers, to name a few.
Information Security Services cooperates with all division under the IT Security, Risk and Compliance Management team to meet business partner's requirements to maintain the confidentiality, integrity and availability of the IT infrastructure and assets. Services provided are but not limited to:
• Penetration Testing
• Threat Intelligence
• Vulnerability Management
• Support topics on compliance assessment on ISO readiness and data protection
The team also provides consulting services by reviewing & approving the security aspects of the existing network setup (Link Request Approvals) as well as system/software architectures (Application Build Recommendations & Change Requests). We believe the recommendation provides the best way to move forward to both strengthening existing security mechanisms and compensating for any inherent security weaknesses.
WHAT YOU WILL DO:
• Support our projects along the secure development lifecycle in all security related matters
• Provide consultancy and review on secure architectures
• Run penetration tests and facilitate risk based decision making, propose mitigation for issues identified
• Be subject matter expert for identity and access management within application security consultancy
• Participate on change and external link management processes by doing technical security reviews
• Communicate regularly to our stakeholders about risk position and mitigation
• Participate on change and configuration management by doing technical security reviews
• Assist and train junior team members
APPLICATION YOU WILL USE:
• Prior knowledge in penetration testing tools such as Burp Suite, App Scan & OWASP ZAP
WHAT YOU SHOULD HAVE:
• At least 5 years of experience in end to end application consultancy
• Up-to date knowledge about current architecture patterns and application stacks used in application development
• Experienced in mobile application penetration testing
• Communication and time-management skills
• Ability to adapt to dynamic threat landscape in a global environment
• Ability to work unsupervised, under pressure and meet deadlines
• Creative with strong commitment to quality and excellence
• Educated to degree level in IT Security, Engineering or equivalent
• Strong analytical skills and efficient problem solving
• Fluency in English
WHAT IS THE PLUS POINT(S):
• Certifications like GIAC family, CISSP, CISA, CEH, CompTIA Security+ or similar
• DevSecOps experience related to application deployments
• Experience with cloud technologies
• Mobile application framework
WHAT YOU WILL GET FROM US:
• Great team of IT professionals with global working exposure
• On-going professional and technical training and certifications
• A multicultural environment in modern offices in Chodov next to metro station
• Home office possibilities
• Permanent contract
• CAFETERIA employee benefit program with wide selection of benefits from Edenred
• Extra week of holiday (25 days/year)
• 6 Self-sickness days/year
• Full salary compensation for up to 10 days absence due to illness per calendar year
• Lunch vouchers fully covered by company
• Multisport card
• Mobile and laptop
• Fruit days, sport clubs for employees
• Referral program
In accordance with the legitimate interest of DHL IT Services, the candidate for this role shall provide a copy of his/her extract from criminal record.
This role may not be performed if the criminal record confirms that the employee has been lawfully convicted for the criminal offence:
• against property;
• in the area of processing of personal data and/ or breach of secrecy of correspondence;
• any other criminal offence connected with the terrorism.
The submitted extract of criminal record may not be older than 3 months as of the day of its submission.
Sounds good? Start your application now!