Oferty pracy

< Back

(Cybersecurity) Secure Development Lifecycle Consultant Specialist

Salary:
1100 - 1550 pln net/md + VAT
Type of employment:
B2B
Date:
2024.03.25
Location:
Kraków
Job description

Creating an inspiring place to thrive for the talented, we use their expertise and courage to introduce the technology of the future into your business. - This is the foundation of Mindbox and the goal of our business and technology journey. We operate and develop in four areas:

🤖 Autonomous Enterprise - automation of business processes using RPA, OCR, and AI.

🌐Business Managment Systems ERP - we implement, adapt, optimize, and maintain flexible, safe, and open ERP of production and distribution companies worldwide.

🤝Talent Network - we provide access to the best specialists.

☁️ Modern Architecture - we build integrated, sustainable, and open CI / CD environments based on containers enabling safe and more frequent delivery of proven changes in the application code.

We treat technology as a tool to achieve a goal. Thanks to our consultants' reliability and proactive approach, initial projects usually become long-term cooperation. For over 16 years, it has provided various services to support clients in digital transformation.

#LI-remote

#Poland

 

Offer
  • We are open to the employment form according to your preferences 
  • Work with experienced and engaged team, willing to learn, share knowledge and open for growth and new ideas 
  • Hybrid or remote working system 
  • Mindbox is a dynamically growing IT company, but still not a large one – everybody can have a real impact on where we are going next
  • We invest in developing skills and abilities of our employees
  • We have attractive benefits and provide all the tools required for work f.e. computer
  • Interpolska Health Care, Multisport, Warta Insurance, training platform (Sages) 
Tasks

This job role is responsible for operating as part of a global/local team within the Cybersecurity organisation, to analyse and execute activities around Cybersecurity process, controls, standards and regulatory requirements.

The role will carry out some or all the following activities:

  • Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability, and segregation of duties.
  • Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations.
  • Analyse and execute activities to ensure compliance with our Cybersecurity policies and standards.
  • Contribute to process, procedures and tool identification/development that will strength the bank’s response to threats and incidents.
  • Assess new technology products and projects utilising security technologies pertinent to the department.
  • Act as a role model to more junior members of the team.
  • Engagement with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.
  • Expand their skills, knowledge, and experience to enhance the overall capability of the function.

Key Responsibilities:

  • Contribute to the ongoing development and adoption of Automated Dynamic Application Security Testing (DAST) security scanning service.
  • Drive continual improvement in DAST security scanning product efficacy, coverage, and quality.
  • Support DAST security scanning product vision, strategy, and metrics.
  • Support development teams by assisting in the creation of authentication scripts, using JavaScript and tool native scripting, to facilitate authenticated DAST web applications and APIs scanning.
Requirements
  • Strong understanding of general security concepts and principles and application specific security concepts and principles.
  • Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
  • Excellent understanding of platform-specific security risks, common vulnerabilities for web applications and microservices (REST, SOAP) architecture and their mitigations
  • Proven troubleshooting ability
  • Development and Scripting experience (JavaScript)
  • Understanding of common technologies, protocols and architectures that are commonly used by web applications and APIs. (HTML, XML, JavaScript, JSON, REST, Microservices etc.)
  • Knowledge of Common Vulnerability Scoring System (CVSS)
  • Understanding of emerging technologies and its corresponding security threats would be a plus.

This position requires an individual who is:

  • Typically educated to degree level or equivalent (ideally within IT security)
  • 3+ years of development experience in JavaScript
  • 2+ year experience on Dynamic Application Security Testing and related security scanning tools such as Invicti (Netsparker), Contrast, AppScan etc.
  • 2+ year experience on consultancy and support to application teams including security scanning tool onboarding, vulnerability review and triage, false positive and rating challenges, scanning eligibility and exceptions etc.
  • Professional Qualification: CEH, CISSP, GIAC or Cloud Security Certifications will be an added advantage.