- Region Vaud (Canton)
- Type of contract Permanent full time
- Sector of activity Pharmaceutical / Biotechnology / Chemical
For one of our client, a global player in medical imaging, we are looking for a Senior Application Security Engineer.
Description of the mission
As a member of the global R&D organization, you will be responsible for creating and implementing cutting-edge security solutions and infrastructures that will ensure products are secure and resilient.
This role will provide opportunities to influence stakeholders as well as members of the core product development team in a professional manner, provide leadership of work streams and deliver results effectively while working cross-functionally with technical and other professional talent, from various facilities and from diverse technical and non-technical backgrounds.
Ongoing training and education would be offered on security domains and technologies for this position.
Your main responsibilities will be:
• Partner with the product and software engineering teams to assist with design reviews, code reviews, threat modelling, penetration testing, security issues remediation, and other security related activities.
• Support developers of business units and provide guidance regarding mitigations to emerging threats and remediation planning.
• Build security champions within product and R&D teams and to help mature their secure software development practices.
• Develop and leverage partnerships effectively with cross-functional teams including, R&D Quality, Manufacturing and Regulatory to achieve business results.
• Develop security training and deliver to internal development teams and other stakeholders.
• Lead the evaluation of new security tools and technologies and build internal tools as needed.
• Lead security tools integration such as Static Code Analysis (SAST), Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST) tools.
• Other duties and responsibilities as required to support the changing security needs of the organization.
The candidate will have a Bachelor of Science in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering, Computer Systems Engineering, or a related discipline.
A minimum of 5 years' experience in systems security administration control and/or software engineering experience or other related experience will be required and 3 years' experience in product security testing, security consultancy or equivalent.
To be successful in that role, you will have acquired a good knowledge of industry standards and frameworks such as OWASP, NIST, SANS, MITRE ATT&CK, etc. You have both a strong interpersonal and communication skills and a strong technical writing and presentation skills. You have demonstrated success in implementing effective Secure SDLC frameworks. You have excellent communication, influencing skills and an ability to gain buy-in for initiatives. You have an experience working with a multi-discipline, global team and you have shown problem-solving and leadership skills.
We will prefer candidates with:
• Development experience in C#, C++ or Java (preferred but not required)
• Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE) certification (preferred but not required)
• Cloud security experience (preferred)
• Experience with embedded systems, firmware and IoT security
For this position we are considering candidates maintaining citizenship and residency within one of the following countries: Belgium, France, Germany, the Netherlands, Switzerland, or the U.S.
The company will offer:
• Inspiring and innovative work environment
• Career & personal development opportunities
• Excellent employee benefit conditions
- Reference INT-034271
- Published on 28 septembre 2022