We are looking for an experienced Security Manager SecDevOps who can assure Security by Design, both in runtime as well as design time. You will be responsible for ensuring that all security related aspects are covered in the solution delivery process and in each release. As a Security Manager you will help in embedding security principles, guidelines and best practices in our design, build and delivery processes as much as possible. Additionally you will arrange, execute and support regular assessments on the new platform and IT artefacts. You work 32-40 hours and your position is based in Breda.
More specifically, you will:
- Support the feature teams on understanding the IT security requirements and implications;
- Evaluate epics and user stories by executing threat analysis and define protection measures;
- Support the creation and maintenance of the classification of information objects;
- Advice on security controls in the CI/CD delivery pipeline to ensure continuous security and compliance;
- Create and maintain the security documentation, like IT security concepts and conformity statements, for a regulated banking environment;
- Support the risk management process with your peers in HQ and other locations;
- Support the vulnerability management process with your peers in HQ and other locations;
- Act as contact person for third parties that provide security services, like audits and penetration tests;
- Create security awareness within the program and provide training to developers on delivering secure applications;
- Provide traffic lights for sprint releases.
Over de werkgever
In this role you will be working in an international team of highly qualified staff.
Our client is in the process of replacing its core applications with a Service Oriented Architecture using an agile way of working with a DevOps approach. This new IT architecture is based on IT artifacts such as business processes and workflow, business rules, micro services, cloud infrastructure and plain Java code.
Wat wij bieden
You will be working in an very professional international team with only senior professionals. The scale of the solutions, as you expect in a company with an year global revenue more than 100 billion euros, are complex in a challenging environment.
- You are a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA); CCSP certification or comparable is an advantage;
- You have a strong understanding of IT/OT protective technology, data security, application security in context of the financial services industry;
- Proven track record of defining and driving implementation of security policies and strategies in a technical multi-tiered environment within a large corporate enterprise;
- Experience with relevant standards and frameworks (e.g. ISO 270001, NIST, IEC 62443) is a must;
- 5+ years of experience developing and testing on J2EE (Java /Angular) based platforms;
- 3+ years of experience analyzing security vulnerabilities;
- Application and operations security expertise with a technical foundation in programming, system administration and security technologies such as DNS, Routing, IAM, VPN, proxy services, DDoS protection, threat modelling and analysis, firewalls, IDP;
- Hands-on expertise with embedding security controls in CI/CD (eg. Sonar, Contrast Assess, Gatling);
- Hands-on experience in working with scaled agile processes (LeSS, SAFe);
- Knowledge of Kubernetes cloud security approaches and best practices, specifically MS Azure;
- Good communication skills with peers, product owners, feature teams, architects and stakeholders;
- Eager to solve complex problems with innovative solutions in a structured and organized approach;
- Proficient in business English, both in writing and speaking. Dutch and German is an advantage;
- Willing to travel across Europe (occasionally);
- Creative, results oriented, self-steering, cooperative mindset and excellent interpersonal skills.
Wat wij bieden