We are currently looking for a "DevSecOps" to strengthen the Cronos Europa team.
Mission:
- Contribute to the design of the overall application security.
- Define security requirements and derive technical actions targeting the application components and code base.
- Draft documentation such as architecture design descriptions, assessment reports and configuration.
- Take an active part in developing and improving application security
- Vulnerability assessment (SAST and DAST) and definition of corrective actions. Categorize incidents and vulnerabilities based on relevance, exposure, and impact. Understanding of risk assessment.
Technical skills :
- Excellent knowledge of application security. Experience in the security aspects of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorization, secrets management, application security testing).
- Overall experience in the security domain.
- Experience in penetration testing and ethical hacking.
- Cloud skills are considered a strong asset.
- Automation skills to optimize and understand DevSecOps pipelines.
- Java and Python development skills.
- Flask, Spring Framework, Spring Boot technical skills.
Profile :
- English at a professional level (communication is mainly in English)
- · Min 5 years’ experience in the development
- Bachelor’s degree in IT minimum.
- Good understanding of 3rd-party dependency security assessment (libraries, container and VM images).
- Rapid self-starting capability and experience in team working.
- Ability to participate in multi-lingual meetings, ease of communication.
- Experience with the ISO 27000 family of standards or equivalent security standards, implementation, and knowledge of ITSRM2 are a plus.
- Experience with secure IT development patterns.
- Experience with security testing tools (i.e.: Fortify, Burp Suite, OWASP Dependency-Check, or equivalents) and web site vulnerability scans.
- Knowledge of OWASP
- Knowledge of the Agile methodology.
- Excellent interpersonal and communication skills. Good redaction skills, experience in preparation of written reports.
- Capability of integration in an international/multicultural environment.
- The following certifications are considered an asset:
- Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or equivalent,
- Any other information security certification
Why Cronos Group? We’ll propose you:
- An attractive salary package with or without car.
- A good work-life balance environment.
- The assurance of working with cutting-edge technologies with an intrapreneurial spirit
- The opportunity to develop your skills thanks to tailor-made training courses according to your needs.
- A good job in a friendly place.
If you wish to integrate a dynamic structure on a human scale while working with the latest technologies, don't wait anymore and join Cronos!