Job Purpose Summary :
Be the secure code specialist across Maersk sitting with PSE organisation. As we are embarking to in-house our software development we have found the need for a person that is the go to person in relation to code vulnerabilities.
Your responsibility will be to drive secure coding standards using the standard Maersk tools. You will start by joining a Security Assessment and Remediation team to provide secure code SMEs inputs to develop and mature an application and security assessment framework.
Accountable for reviewing and triaging security vulnerabilities reports, support the application teams to : (i) understand results;
ii) implement the right remediation solution to address the identified vulnerabilities and (iii) challenge and validate remediation timelines and effort estimates provided by the application teams.
Key responsibilities :
Execute triage of SAST (Static Analysis) identified vulnerabilities
Support the Product teams to understand the vulnerabilities identified on their applications
Provide remediation guidance and validate remediation plans and estimates
Pro-actively analyse current processes and practises, suggesting and driving improvements to test coverage, execution and automation
Drive Secure code practices across Product Groups
Is result oriented and has a high degree of accountability, commitment and responsibility.
Responsible for propagating - Secure by Design- principles for Code Secure for any new Platform or Application being planned in the Technology eco-system Primary
Project Managers, Product Owners
Cyber Security Solution Architect, Product Architect
Enterprise Architecture team
Cyber Security Test team
Primary external Stakeholders :
3rd party vendors
Product suppliers and vendors
Required experience & Skills :
A degree in Computer Science, Information Management or another related area
Minimum 5 to 7 year's experience of information security in a global and similar size business
Advanced knowledge of Secure Software Development principles and Life Cycle
Knowledge and experience with remediating OWASP Top 10 Vulnerabilities
Knowledge of secure best practices across multiple languages : C, C++, C#, Java, Java Script
Knowledge of secure best practices in Scala, and Swift, Python, PHP is advantage
Previous experience with Coverity and Blackduck is an advantage
Good understanding of CI / CD principle
Ability to work with teams and clearly articulate technical concepts over conference calls.
Actively pursuing continuous learning to constantly update skills and keep abreast of current developments in the industry
Ability to strategize and look ahead at the big picture
Experience of Threat Modelling is beneficial
Excels at stakeholder management, communication and able to build credibility and demonstrate the value of writing code securely
Security related certifications (CISSP, CISM, CISA, Ethical Hacking) desirable