Software Security Officer

Information about the offer
  • Type of Employment: COW
  • Offer ID:
  • Category: Network Specialist
  • Place: Prague, Czech Republic
Requirements
  • Minimal level of education: Secondary Education
  • Minimal experience: Between 2 and 5 years

VACANCY DESCRIPTION

The Software Security Officers (SSO) are points of reference for security expertise in the Identity and Biometric Business line delivery team.
Their main objective is to help teams build and grow a solid and sustainable security foundation through the development of the security skills required to fulfill their missions in compliance with the company security policies.

As such, Platform and Service Delivery (P&SD) SSOs are responsible for every aspects of the implementation of the Software Security Assurance process and of the Personal Data Protection Policy (GDPR and GPDPP) in the Delivery teams. This covers the Assets-based security risk analysis, support of the teams during the execution of the Software Security Assurance process (guidance or direct execution). They contribute to the improvement of the process implementation, as well as of the process governance from security point of view.

In order to support the teams with the Security Assurance process they develop and share the technical security expertise required to guarantee an effective implementation of the processes.

Core mission:
Ensure project security quality via Assets based Information Security Risk Assessment (ISRA). SSO analyzes project assets, data flows and lists possible risks and vulnerabilities using project documentation. SSO guides project in risks explanations and mitigations. SSO helps or executes static (code) and dynamic scans.

DUTIES

Duties of a Software Security Officer:
Operational duties:
•Project assets-based risk analysis and ISRA form filling,
•Personal Data Evidences / GDPR
•Guidance for project teams in the security topics (Generic security alerts and/or HP Fortify reports)
•Support or active execution of dynamic scans (HP Web Inspect)
•Deploy the security and personal data protection processes to the new teams
•Take full responsible for project security on sensitive solutions (TLOT3),
•Provide security guidance and expertise to projects (generic security alerts or HP Fortify reports).
•Interface with customers when security expertise is required by a project developed by the DC,
•Review and audit project security when required.

Support duties:
•Train teams on the security and personal data protection processes,
•Support the Project Managers in the security phases of the process,
•Support the development/validation teams during the execution of all software security process activities,
•Support the development/validation teams with security tools.

Communication duties:
•Communicate the security and personal data protection processes improvement to the teams,
•Liaise with SSAs and other SSOs for all security and personal data protection matters,

Governance duties:
•Monitor KPI to measure progress

Transverse duties:
•Contribute to establish GBU software security policies, guidelines/good practices and bring local sites specific requirements into the picture,
•Contribute to the worldwide security program through participation to company Software Security Group working groups

REQUIREMENTS

•Experience with Information Security Risk Assessment
•Knowledge of OWASP / Network / Web Application vulnerabilities
•Technological background (networks, HA server deployments, PKI, cryptography, TLS)
•Analytical thinking
•Good communication skills

Advantage:
•Experience with Thread Modeling Tool and Experience with automated security testing tools (HP WebInspect, HPFortify) would be a plus
•Knowledge of Smarcards / PC/SC
•Knowledge of programming language Java / C#

WHAT WE OFFER

•Technical and personal trainings
•Language courses
•Transportation bonus (full reimbursement of yearly public transportation card in Prague)
•Multisport card/Benefit Plus (contribution for leisure time activities)
•Pension and Life insurance contribution
•5 weeks of paid holidays
•Meal tickets (100 CZK/working day)
•Sickdays
•Relocation bonus
•Personal Event Bonus
•Loyalty presents
•Team building activities
and much more

Salary

Negotiable depending on candidate's seniority