Application Security Engineer
Schibsted
- Norge
- Fast
- Fulltid
As an application security engineer, where you will be instrumental in fortifying our applications and products against potential threats and vulnerabilities. Your expertise will be crucial in conducting security assessments, implementing best practices, and ensuring the integrity and resilience of our digital assets. You will work closely with software developers, architects, and system engineers to integrate security measures throughout the software development lifecycle. You will be providing the right security solutions for our products, developing and implementing robust security measures to safeguard our digital assets. You will play a significant role in our burgeoning cybersecurity team, focusing on fortifying our applications against potential threats and vulnerabilities from cloud, to application and product security. You will report to the Head of Cybersecruity, Bernard Helou.We have several open positions for this role, the main responsibilities are:
- Design, develop, and implement application security strategies, protocols, and best practices to ensure the integrity and resilience of our software systems and cloud environments.
- Support the different teams in remediating security issues or vulnerabilities in accordance with the best practices.
- Contribute to the development of security training and education programs.
- Collaborate with cross-functional teams to integrate security into the software development lifecycle.
- Provide guidance and mentorship to junior team members, fostering a culture of security awareness and knowledge sharing within the organisation.
- Develop and maintain security documentation, policies, and procedures to ensure compliance with regulatory requirements and industry standards.
- Stay updated on emerging threats and industry trends, making recommendations for continuous improvement of our security posture.
- Implement and manage security tools and technologies to enhance application security.
- Act as a key contributor to building a robust cybersecurity culture within the organisation.
- Depending on your level of experience, provide guidance and mentorship to junior team members, fostering a culture of security awareness and knowledge sharing within the organisation.
We are building the cybersecurity team to support Schibsted Media and the journalists along their journey for free and independent press. Located in Norway and Sweden, the team is responsible for providing, supporting and maintaining cybersecurity tools for the company as well as providing safe products and services to our customers and journalists. We are part of the tech department, the cybersecurity team collaborates with other parts of the organisation, including journalists, editors, it-infrastructure, network, user devices, collaboration software, among others.Key competencies:
- 2 - 8 years of experience in application security roles, with a background in software development and secure coding practices.
- Experience with vulnerability scanners such as Wiz, Detectify, Github Advanced security.
- Good knowledge of common application security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
- Experience with security assessment tools such as Burp Suite, OWASP ZAP, and Metasploit.
- Proficiency in programming languages commonly used in web development such as Java, Python, along with familiarity with web technologies like JavaScript, HTML, and CSS.
- Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks effectively.
- Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certified Ethical Hacker (CEH) would be appreciated.
- A good understanding of the threat landscape of a media company.