|Location: Malmö, Sweden||Salary: 500kr - 525kr per hour|
|Sector: Consultancy||Type: Contract|
|Reference #: CR/072751_1596014675|
Application Security Engineer / Sweden (Remote during pandemic) / 4 months / Start ASAP
* Partner with Application Development, DevOps, Quality Engineering, Quality Assurance, and Infrastructure teams to support a continuous "Secure by Design" model to integrate into the full Software Development Life-cycle.
* Discover opportunities to drive integration& automation of application& cloud security controls into CI/CD pipelines.
* Lead vulnerability management for application and AWS cloud security and provide remediation support and security expertise.
* Track and report security vulnerabilities and remediation activities to Ikano Security
* Design threat models to assess security risks with new applications or features.
* Perform application security reviews, verify cloud security configuration, and assess for secure code development.
* Communicate technical application security concepts and recommendations to developers, architects, and functional leaders.
* Promote secure coding practices within the software development teams.
* Continually research and maintain awareness of current vulnerabilities, exploits, and application related cyber threats.
* Provide support, maintenance & policy creation, for SAST, DAST, SCA, Container Security & WAF solutions.
Experience and Skills needed:
* Minimum 5 years of direct experience in application security, software development security, and/or application penetration testing.
* Application or security certifications preferred (e.g., CISSP, CCSP, CSSLP, OSCP, GWEB, CEH, etc.)
* Experience working with fast moving Agile development teams
* Experience in Cloud security including AWS.
* Developing, integrating, and enabling security engineering test automation into a CI/CD pipeline.
* Experience with any of the application security tools as SonarQube, OWASP Dependency Track, OWASP Dependency Check, Portswigger BurpSuite.
* Experience with security in containerized infrastructure (Docker, Kubernetes, EKS)
* Hands-on on container security tools like Anchor, Docker Bench, Kube Bench
* Know and recognize application security issues such as cross-site scripting, cross-site request forgery, authorization, injection attacks, etc. in code and provide remediation recommendations.
* Subject matter expert of OWASP or SANS.