NATEK is a leading information technology, outsourcing and IT consulting company. Thanks to over 15 years of experience in Central Europe, we understand our customer’s IT challenges and help make them successful.
The company currently operates in Poland, Slovakia, Czech Republic and Bulgaria and enjoys stable 30% growth year-on-year. Our dynamic team of +560 employees come from over 20 different locations worldwide.
Software Security Officer
The Software Security Officers (SSO) are points of reference for security expertise in the Identity and Biometric Business line delivery team.
Their main objective is to help teams build and grow a solid and sustainable security foundation through the development of the security skills required to fulfill their missions in compliance with the company security policies.
As such, Platform and Service Delivery (P&SD) SSOs are responsible for every aspect of the implementation of the Software Security Assurance process and of the Personal Data Protection Policy (GDPR and GPDPP) in the Delivery teams. This covers the Assets-based security risk analysis, support of the teams during the execution of the Software Security Assurance process (guidance or direct execution). They contribute to the improvement of the process implementation, as well as of the process governance from a security point of view.
In order to support the teams with the Security Assurance process, they develop and share the technical security expertise required to guarantee an effective implementation of the processes.
Ensure project security quality via Assets based Information Security Risk Assessment (ISRA). SSO analyzes project assets, data flows and lists possible risks and vulnerabilities using project documentation. SSO guides project in risks explanations and mitigations. SSO helps or executes static (code) and dynamic scans.
Duties of a Software Security Officer:
•Project assets-based risk analysis and ISRA form filling,
•Personal Data Evidences / GDPR
•Guidance for project teams in the security topics (Generic security alerts and/or HP Fortify reports)
•Support or active execution of dynamic scans (HP Web Inspect)
•Deploy the security and personal data protection processes to the new teams
•Take full responsibility for project security on sensitive solutions (TLOT3),
•Provide security guidance and expertise to projects (generic security alerts or HP Fortify reports).
•Interface with customers when security expertise is required by a project developed by the DC,
•Review and audit project security when required.
•Train teams on the security and personal data protection processes,
•Support the Project Managers in the security phases of the process,
•Support the development/validation teams during the execution of all software security process activities,
•Support the development/validation teams with security tools.
•Communicate the security and personal data protection processes improvement to the teams,
•Liaise with SSAs and other SSOs for all security and personal data protection matters,
•Monitor KPI to measure progress
•Contribute to establish GBU software security policies, guidelines/good practices and bring local sites specific requirements into the picture,
•Contribute to the worldwide security program through participation to company Software Security Group working groups
•Experience with Information Security Risk Assessment
•Knowledge of OWASP / Network / Web Application vulnerabilities
•Technological background (networks, HA server deployments, PKI, cryptography, TLS)
•Good communication skills
•Experience with Thread Modeling Tool and Experience with automated security testing tools (HP WebInspect, HPFortify) would be a plus
•Knowledge of Smarcards / PC/SC
•Knowledge of programming language Java / C#
WHAT WE OFFER
•Technical and personal trainings
•Transportation bonus (full reimbursement of yearly public transportation card in Prague)
•Multisport card/Benefit Plus (contribution to leisure time activities)
•Pension and Life insurance contribution
•5 weeks of paid holidays
•Meal tickets (100 CZK/working day)
•Personal Event Bonus
•Team building activities
and much more
Negotiable depending on candidate's seniority
Informace o pozici
- Želetavská 1449/9, Praha – Michle
- Required education: Bachelor's
- Required languages: English (Intermediate)
- Listed in: IS/IT: System and HW administration
- Employment form
- Employment form: Full-time work
- Contract duration
- Contract duration: Permanent
- Employment contract
- Employment contract: employment contract
- Employer type: Employer