Job description:
**💻 Ework Group**
- founded in 2000, listed on Nasdaq Stockholm, with around 13,000 independent professionals on assignment
- we are the total talent solutions provider who partners with clients, in both the private and public sector, and professionals to create sustainable talent supply chains.
With a focus on IT/OT, R&D, Engineering and Business Development, we deliver sustainable value through a holistic and independent approach to total talent management.
By providing comprehensive talent solutions, combined with vast industry experience and excellence in execution, we form successful collaborations. We bridge clients and partners & professionals throughout the talent supply chain, for the benefit of individuals, organizations and society.
🔹 For our Client from automotive industry we are looking for **Senior Application Security Engineer** 🔹
**✔️About the Role:**
We are seeking a highly skilled and experienced Senior Application Security Engineer to join dynamic team. The ideal candidate will have a deep understanding of application security principles, a passion for developing secure applications, and a proven track record in identifying, assessing, and mitigating security risks within software development lifecycles. This role will play a critical part in enhancing the security posture of our applications, ensuring they are designed and built with security in mind from inception to deployment.
**✔️Profile of the Perfect Candidate:**
The ideal Senior Application Security Engineer is a seasoned professional with a comprehensive understanding of secure software development practices, including threat modeling, code reviews, and vulnerability management. They are well-versed in current security tools, technologies, and best practices. The candidate should possess a proactive approach to security, staying up-to-date with the latest threats and trends in cybersecurity. They should be comfortable working in a fast-paced environment, collaborating with cross-functional teams, and communicating complex security concepts to both technical and non-technical stakeholders. Strong analytical skills, attention to detail, and a passion for continuous learning and improvement are key attributes of the perfect candidate.
**✔️Key Responsibilities:**
* Secure Software Development: Collaborate with development teams to integrate security into the software development lifecycle, ensuring secure coding practices and tools are effectively used.
* Vulnerability Assessment and Management: Conduct regular security assessments, including static and dynamic code analysis, and vulnerability scanning. Help teams identify, prioritize, and remediate security vulnerabilities in web and mobile applications.
* Security Architecture and Design: Work closely with architects and engineers to teach them how to design secure applications and systems, focusing on threat modeling, security patterns, and best practices.
* Incident Response: Provide expert support to the teams during potential security incidents, including analysis, containment, and remediation of security breaches and vulnerabilities.
* Security Awareness and Training: Develop and deliver security awareness training for development and engineering teams, promoting a culture of security-first development.
* Policy and Compliance: Ensure compliance with security policies, standards, and regulatory requirements across all stages of the software development lifecycle.
* Continuous Improvement: Stay current with emerging security threats and vulnerabilities, and continuously evaluate and improve security processes, tools, and technologies.
* Collaboration and Communication: Act as a liaison between development teams and security, fostering a culture of security awareness and best practices across the organization.
**✔️Requirements:**
* Educational Background: Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
* Experience: 5
- years of experience in application security or a related field, with at least 2 years in a senior or lead role.
**Technical Skills:**
* Proficiency in security assessment tools and scanners (e.g., BlackDuck, Nexus IQ, OWASP ZAP, Fortify, Sonarqube).
* In-depth knowledge of secure coding practices and security standards (e.g., OWASP, NIST).
* Experience with programming languages (e.g., Python, Java, .NET) and scripting.
* Familiarity with DevSecOps practices and tools (e.g., Jenkins, Docker, Kubernetes, CI/CD pipelines).
**Certifications:**
* Relevant certifications such as CISSP, CEH, OSCP, or GWAPT are highly desirable.
**Soft Skills:**
* Excellent communication and interpersonal skills.
* Strong problem-solving and analytical abilities.
* Ability to work collaboratively in a cross-functional team environment.
**Mindset:**
* Proactive, self-motivated, and passionate about staying current with the latest trends and threats in cybersecurity.
**✔️ We offer:**
* B2B agreement
* Transparent working conditions with both Ework and the client
* Current support during our cooperation
* Possibility to work in an international environment
* Collaborative environment in Swedish organizational culture
* Private medical care
* Life insurance
* Multisport
* Teambuilding events
Contact person: anita.tukindorf@eworkgroup.com
Client code: AV01
Do you know someone who would fit this position? Recommend a candidate by sending her/his CV to: polecenia@eworkgroup.com