Vedere l'offerta completa

STAFF APPLICATION SECURITY ENGINEER

Descrizione dell'offerta di lavoro

Candidate Note: This position is 100% remote for candidates based in Germany, Italy, Spain or France only. As a Staff Application Security Engineer at EDB, you will report directly to the Director of Information Risk Management as a trusted member of the CISO staff. Your role leads the transformation of the security and development processes within EDB, helping the organization identify, repair, and protect against vulnerabilities throughout a secure software development lifecycle (SDLC). You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders, and promoting best practices across all EDB products. The ideal candidate must be comfortable working in a global environment that supports flexible work schedules and a distributed security model. What your impact will be: Support the development and implementation of EDB’s application security services to be consumed by product teams and within our global infrastructure. Serve as an expert on application security frameworks and objectives by assisting owners as they define new control activities and seek maturity in their development processes. Build tools, processes, and solutions that improve the security of EDB’s products and data. Collaborate with internal engineering stakeholders on addressing systemic security issues. Grow and mature relationships with internal security SMEs in a way that bridges the gap between product teams and information security. Support Vulnerability Disclosure Program, triage, assess, and analyze vulnerability reports submitted through the VDP, prioritizing them based on severity, risk, and exploitability. Coordinate vulnerability remediation, work with internal development teams to reproduce, validate, and prioritize vulnerabilities. Facilitate timely patch development and deployment, ensuring efficient resolution. Produce application security metrics that demonstrate a continually improving application security posture. Partner with InfoSec Program Management on the roadmap and execution of security initiatives. Support and manage EDB’s Vulnerability Disclosure program. Proficiency with threat modeling frameworks such as STRIDE, DREAD, PASTA, or OCTAVE. Experience with threat modeling tools, especially the process of selecting and implementing a new tool to partner with a new threat modeling process. Experience with Open Source Software (OSS) including familiarity with various open source licenses like MIT, GPL, Apache, etc. Experience with implementation of security best practices related to securing the software supply chain, including patch management, vulnerability scanning, package management, and tooling. What you will bring: Extensive experience working with developers and driving application security standards. Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom-built tooling. Conduct application design reviews and support the development of compensating security solutions. Drive the integration of secure development standards, tools, and processes into the development lifecycle. Experience in threat modeling frameworks and processes. Experience performing code audits on internal and open source libraries. Experience with DAST, SAST, SCA as well as manual testing techniques. Ability to demonstrate strategic thinking beyond the specific responsibilities of the role. Effective communication skills with the ability to translate technical concerns into business risk impacts. Personal management of multiple projects, security events, and incidents as required for the role. Seek to understand, lead with a collaboration first approach. Experience assessing technical footprints found within on-prem and cloud environments. Strong experience in NIST 800-218 SSDF, BSIMM, OWASP SAMM, or similar frameworks. What will give you an edge: Red Team knowledge and experience. Experience performing security code reviews. Experience with IaaS cloud infrastructure, Infrastructure as code, Kubernetes container technologies, and software-oriented architecture. Knowledge of the MITRE ATT&CK Framework and attack chains. Experience building and operating security tools in multiple operating systems and various languages (C, Go, JavaScript, Python, Ruby, etc). #J-18808-Ljbffr

Vedere l'offerta completa

Dettagli dell'offerta

Azienda

EnterpriseDB Corporation

Località

Tutta l'Italia

Indirizzo

Imprecisato - Imprecisato

Data di pubblicazione

25/11/2024

Data di scadenza

23/02/2025

Come riconoscere le false offerte di lavoro

NETWORK SECURITY ENGINEER

365 gradi srl

Per realtà giovane, dinamica e altamente qualificata il cui core business è la sicurezza informatica, parte di uno dei più importanti gruppi italiani del settore it, stiamo ricercando un/a network security engineer... competenze gradite (non requisito): - routing&switching;- endpoint security;- competenza......

CYBER SECURITY SPECIALIST

365 gradi srl

Per l’head quarter di una realtà metalmeccanica di grandi dimensioni, multinazionale italiana leader di settore, stiamo ricercando un/a cyber security specialist... buona conoscenza della lingua inglese scritta e parlata; requisiti preferenziali: conoscenza in ambito ot/opsec (operational technology......

Devops Engineer

Key Partner srl

Platform engineer... il platform engineer partecipa alla progettazione, all'implementazione e al supporto continuo dei servizi di produzione, delle applicazioni e dei componenti della piattaforma... nell’ambito di un’importante strategia di crescita, stiamo cercando un devops engineer per rafforzare......

Analista funzionale security

Sincrono formazione srl

Ruolo ricoperto: analista funzionale security competenze richieste: verifica tecnica di conformità ai requisiti di sicurezza aziendali attivita’: attività di security governance normative competenze linguistiche: inglese: livello b1 titoli accademici richiesti: laurea in ambito scientifico certificazioni......

Data Engineer

Sincrono Formazione Srl

Ruolo ricoperto: -data engineer competenze richieste: -data warehousing / business intelligence -google cloud bigquery -big data & analytics, -cloudera, mongodb, -jenkins, git -kubernetes competenze linguistiche: -inglese: livello b1 seniority: +3 anni sede di lavoro: residenza in una delle città menzionate:......

Analista tecnico security

Sincrono Formazione Srl

Ruolo ricoperto:-analista tecnico securitycompetenze richieste:-capacità di comprensione di sistemi complessi, in particolare software, con l'obiettivo di analizzare le problematiche di security connesse-capacità di relazionarsi con le linee di ingegneria/sviluppo dei sistemi, con i clienti e con i fornitoricompetenze......

Cybersecurity System Engineer

Sincrono Formazione Srl

Ruolo ricoperto:-cybersecurity system engineercompetenze richieste:-capacità di comprensione di sistemi complessi, in particolare software, con l'obiettivo di analizzare le problematiche di security connesse-capacità di relazione con le linee di ingegneria/sviluppo dei sistemi, con i clienti e con i......

Advanced Software Engineer

Sincrono Formazione Srl

Ruolo ricoperto:-advanced software engineercompetenze richieste:-java-apache tomcat-jboss application serverrequisiti linguistici:-inglese: livello b1seniority: +5 annisede di lavoro: roma ( sw parziale)impegno: full time dal lunedì al venerdìsi offre:contratto e retribuzione commisurata alla reale esperienza......

Process Engineer - Processisti Impianti Industriali

3a engineering

Per ampliamento dell'organico nel team di processo impianti chimici, siamo alla ricercare un process engineer la persona si occuperà di: elaborazione bilancio di materia e di energia; preparazione e stesura di diagrammi di flusso; preparazione e stesura di diagrammi p&i; dimensionamento e calcolo delle......

Software Engineer

Adami & associati selezione del personale

Ruolo: software engineer siamo alla ricerca di un software engineer talentuoso per unirsi al team a calenzano, firenze... ottime capacità interpersonali e di comunicazione con i clienti... buona conoscenza linguaggio c-sharp competenze sistemistiche a livello di rete pacchetto retributivo: pacchetto......

Altre ricerche di lavoro simili

Security engineer application cloud

Application security engineer

System application engineer staff

Senior security engineer application

Senior staff application engineer

Digital application security engineer

Principal application security engineer

Sales engineer application security

Security system engineer

Application engineer multinazionale

STAFF APPLICATION SECURITY ENGINEER

Descrizione dell'offerta di lavoro

Dettagli dell'offerta

Altre ricerche di lavoro simili

Diventa parte di Jobatus