Description
We are looking for Application Security Specialist- Permanent Contract
NextLink Solution, a Swiss IT Consultancy Company that has been providing both IT services and IT staffing to major customers for the past 20 years, has an excellent opportunity that can take your career to the next level.
General Information:
Job title : Application Security Specialist
Location : Spain, Sant Cugat
Type : Permanent
Industry : Pharmaceutical
Remote/Home Office: Yes initially , later will be Onsite
Traveling required: No
Language(s) : English
Notes : Candidates need to be able to work onsite . Ideally someone Spain based
Job Purpose:
Reporting to the Head of Digital Security, the Application Security Specialist is responsible to develop, implement, and enforce policies and procedures of the organization's security and privacy program in accordance with applicable laws and regulations. He/she assists the businesses to setup processes and technical controls to support the data security and privacy strategy, ensures cloud platforms and digital solutions are secure and in accordance with business strategy.
The Application Security Specialist provides in depth knowledge of data protection, information security practice and helping define requirements and give guidance to internal and external stakeholders regarding security topics.
He/she works in collaboration with Digital teams such as Architecture, DevOps, Application Support, Software Development, Technical Leads, Quality Assurance, etc., conducting risk assessments, code reviews, application security testing and coordinate penetration tests, vulnerability assessment, bug bounty program, etc.
The specialist should demonstrate experience of taking accountability and working in a global security and privacy program and the attitude to become trusted partner, pro-active, positive and provides high quality response. This role would be suitable for candidates with the right skills and mindset who also share the Client values and make an active contribution to achieve our vision.
*What are the key technical skills that all candidates must attain?
• Bachelor Degree in Computer Science, Telecommunications or equivalent Engineering.
- 7+ years of experience in Information Security Management, Compliance or Risk Management role in IT or Digital context.
- 7+ years of professional experience in international security teams, preferably in regulated
environments of the diagnostics and/or pharmaceutical industry or card payment industry.
- Direct experience in a large-scale cloud based services (including SaaS, PaaS, IaaS) and understand security challenges involved in cloud applications and services.
- 5+ years of software development or application security testing experience, and exposed to the OWASP
Top 10: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities
- Experience working with automated DAST, SAST, IAST, and SCA scanning tools.
- Comfortable working in agile methodologies and DevOps/DevSecOps tools.
- Deep understanding of web and mobile applications security threats and significant experience with vulnerability management and penetration testing against a wide variety of application layer platforms, including web, mobile and desktop solutions, above and beyond running automated tools.
- Highly responsive with an ability to handle escalations quickly and professionally.
- Ability to deliver reporting on and providing fixes to identified vulnerabilities at the code level in a developer friendly way.
- Excellent in English reading, writing, listening and speaking skills to support Global R&D and Digital teams and partners.
- Ability to travel internationally as required up to 20% of the time.
- *Are there any industries you would prefer to see candidates from, if so which ones?
- Relevant Security Certifications is desirable: CISSP, CEH, OSCP, CCSP or any other SANS / GIAC certification, etc
Key Accountability:.
- Develop and maintain an application security policy within the organization's software development lifecycle; design of security policy education, training, and awareness activities; monitoring compliance with security policy and applicable law; and coordinating investigation and reporting of security incidents.
- Conduct information security risk management process of digital solutions and define the security requirements, follow up of security and privacy preventive/corrective actions of the digital solutions making sure are compliant with company’s requirements and are solved in a timely manner.
- Conduct internal audits of existing platforms and systems to assess if they follow best practices and meet security requirements and applicable data privacy and health regulations.
- Perform security review of solution design/architecture and propose changes if required, reviewing the security features of existing and new digital solutions to assess that they meet the security requirements for key health regulations, privacy law and Client standards and policies.
- Develop a DevSecOps mindset and process in the organization, helping to automate security testing within the software development lifecycle, manage code reviews, vulnerability scans and penetration test of our digital solutions.
- Work closely with developers reviewing automated security scans of source code, analyzing vulnerabilities, etc. and helping to create and evaluate remediation action for those vulnerabilities, making sure findings are solved in a timely manner.
- Manage penetration test activities of applications and infrastructure components, working with relevant teams to close all findings and confirm completion before going live.
- Internal
- Transform the current processes to be able to operate in a DevSecOps model depending on the maturity of the organization and/or product.
- Documents and report any security incident in a timely manner to senior management and other relevant Client security teams.
- Be a security subject matter expert and respond to any security questions/request, specialized in application security.
- Fostering application security awareness and education across RDC Global R&D and Digital
Ps send your response to