NATEK is a leading information technology, outsourcing and IT consulting company. Thanks to over 15 years of experience in Central Europe, we understand our customer’s IT challenges and help make them successful.
The company currently operates in Poland, Slovakia, Czech Republic and Bulgaria and enjoys stable 30% growth year-on-year. Our dynamic team of +560 employees come from over 20 different locations worldwide.
www.natek.eu

Software Security Officer

VACANCY DESCRIPTION

The Software Security Officers (SSO) are points of reference for security expertise in the Identity and Biometric Business line delivery team.
Their main objective is to help teams build and grow a solid and sustainable security foundation through the development of the security skills required to fulfill their missions in compliance with the company security policies.

As such, Platform and Service Delivery (P&SD) SSOs are responsible for every aspect of the implementation of the Software Security Assurance process and of the Personal Data Protection Policy (GDPR and GPDPP) in the Delivery teams. This covers the Assets-based security risk analysis, support of the teams during the execution of the Software Security Assurance process (guidance or direct execution). They contribute to the improvement of the process implementation, as well as of the process governance from a security point of view.

In order to support the teams with the Security Assurance process, they develop and share the technical security expertise required to guarantee an effective implementation of the processes.

Core mission:
Ensure project security quality via Assets based Information Security Risk Assessment (ISRA). SSO analyzes project assets, data flows and lists possible risks and vulnerabilities using project documentation. SSO guides project in risks explanations and mitigations. SSO helps or executes static (code) and dynamic scans.

DUTIES

Duties of a Software Security Officer:
Operational duties:
•Project assets-based risk analysis and ISRA form filling,
•Personal Data Evidences / GDPR
•Guidance for project teams in the security topics (Generic security alerts and/or HP Fortify reports)
•Support or active execution of dynamic scans (HP Web Inspect)
•Deploy the security and personal data protection processes to the new teams
•Take full responsibility for project security on sensitive solutions (TLOT3),
•Provide security guidance and expertise to projects (generic security alerts or HP Fortify reports).
•Interface with customers when security expertise is required by a project developed by the DC,
•Review and audit project security when required.

Support duties:
•Train teams on the security and personal data protection processes,
•Support the Project Managers in the security phases of the process,
•Support the development/validation teams during the execution of all software security process activities,
•Support the development/validation teams with security tools.

Communication duties:
•Communicate the security and personal data protection processes improvement to the teams,
•Liaise with SSAs and other SSOs for all security and personal data protection matters,

Governance duties:
•Monitor KPI to measure progress

Transverse duties:
•Contribute to establish GBU software security policies, guidelines/good practices and bring local sites specific requirements into the picture,
•Contribute to the worldwide security program through participation to company Software Security Group working groups

REQUIREMENTS

•Experience with Information Security Risk Assessment
•Knowledge of OWASP / Network / Web Application vulnerabilities
•Technological background (networks, HA server deployments, PKI, cryptography, TLS)
•Analytical thinking
•Good communication skills

Advantage:
•Experience with Thread Modeling Tool and Experience with automated security testing tools (HP WebInspect, HPFortify) would be a plus
•Knowledge of Smarcards / PC/SC
•Knowledge of programming language Java / C#
WHAT WE OFFER

•Technical and personal trainings
•Language courses
•Transportation bonus (full reimbursement of yearly public transportation card in Prague)
•Multisport card/Benefit Plus (contribution to leisure time activities)
•Pension and Life insurance contribution
•5 weeks of paid holidays
•Meal tickets (100 CZK/working day)
•Sickdays
•Relocation bonus
•Personal Event Bonus
•Loyalty presents
•Team building activities
and much more
Salary

Negotiable depending on candidate's seniority


Informace o pozici

Společnost
Natek
Address
Želetavská 1449/9, Praha – Michle
Required education: Bachelor's
Required languages: English (Intermediate)
Listed in: IS/IT: System and HW administration
Employment form
Employment form: Full-time work
Contract duration
Contract duration: Permanent
Employment contract
Employment contract: employment contract
Employer type: Employer

Máte šanci! Na tuto nabídku zatím odpověděli méně než 4 lidé.