Selected candidates would be primarily responsible to support Managed Application Security offering and services in Europe. It involves a wide range of activities from capability assessment, through managed services design including technology. Key focus will be on service delivery and ongoing maintenance of relevant processes and technologies.

This role supports solution architects designing strategic deals or owns multiple components of large complex deals. Supports the solution reviews with various stakeholders including meetings with the client team presenting the solution and offerings and understanding client needs and requirements. Works on building the win strategy and the cost model for the solution and support response content creation collecting inputs internally and externally.

The role will help to implement client Managed Application Security capabilities to enable secure product development. Help with design, build, deploy and maintain secure services within their defined scope of products, systems, and team. And ensures that the products and systems delivery process it?s self is secure enough (for example so that intellectual property is protected). This will involve managed security services security in the whole software lifecycle from inception, design, threat modelling, development, testing and releasing them, to operating and protecting them. In order to do so, the role will be responsible for defining the security requirements and policies of their in-scope team and working closely with the Agile Scrum teams to help ensure they are understood and implemented appropriately.

Computer Science, Telecommunications or Information Security Master Degree or a related field and full professional proficiency in English is required. Experience with SW development, DevOps, Secure SLDC and Application Security Testing is required. Experience in other fields of Information Security (Pentesting, Security Architecture, Infrastructure Security) is desired.

Applicants must have experience in managing people and projects with multidisciplinary and geographically dispersed teams. Applicants are expected to exhibit proactive behaviour, propose improvements and innovations and provide constructive feedback.

Key Responsibilities:

• Manage teams, projects and relationship with clients on daily basis
• Manage project finances and work assignment and allocation
• Participate in business development and sales activities (including responses to RFPs)
• Lead offering development and contribute to innovation activities as a Subject Matter Expert
• Contribute to the internal professional community
• Perform quality assurance of services provided to the client
• Provide advisory to different groups (Technology, Developers, Digital Transformation, etc.)
• Define and execute training program for different teams
• Define managed application security service lifecycle for large projects and teams
• Define applications security architecture elements
• Define documentation of security requirements for applications (web, mobile, host, SOA, etc.).
• Definition of KPI and KRI related to managed application security services
• Work with senior management on defining roadmaps, needs and provide short and mid-term forecasting
• Collaborate with clients to define best approach to maximize the security posture

Qualifications:

Education:

• Master Degree in Computer Science, Telecommunications or Information Security
• Certifications such as CSSLP, CISSP, CEH, OSCP, CISM, etc. are preferred
• Certifications from application security testing vendors (ex: SAST, DAST, SCA) are beneficial

Work Experience:

• 3+ years of experience in Application Security Testing

Work Requirements:

• Willing to travel and attend meetings/workshops on client premises and work from client premises within the country or abroad

Knowledge/Skills Requirements:

• Has a passion for Application Security
• Experience in management and definition of security in the software development lifecycle (SDLC)
• Working knowledge of Waterfall, Agile and primarily DevOps development methodologies
• Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis)
• Understanding of security testing of virtualization and container technologies (Docker, OpenShift, ?)
• Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10
• Experience in Web and Mobile applications and common vulnerabilities
• Knowledge of SOA security
• Knowledge of the WS-Security standard
• Knowledge of security in mobile applications (REST security, JSON, OpenID, OpenAuth, WebToken, SSO)
• Knowledge of security in micro-services is valuable
• Vulnerability Management and Vulnerability Lifecycle experience
• Client focus
• Communications skills including the ability to understand client process in any area in detail

• Excellent coordination and communication skills
• Business writing skills (capturing needs and writing it down on formal documents)

• Reliable and with attention to detail
• Ability to work alone and bring results
• Leadership and coordination skills for teams and projects, role will manage customer expectations & deadlines and will participate on business activities

• Coaching and people development skills