This position as Application Security Engineer’s purpose is to:
1. Implement a segregation of duties within security where the Security & Governance CoE is accountable, and the AppSecEng Chapter is co-responsible of execution with the squad members
2. Control what is asked of our squads and ensure proper goals and exit criteria are defined, then define the how (process) to execute the activity efficiently with the squads while meeting the what expected by the CoE
3. Work closer to the squads to educate and support them more effectively with an AppSecEng allocated to each squad
4. Improve efficiency and awareness of the squads regarding security matters (educators rather than security cops)
The Application Security Engineer goal is to support the different teams implement a complete, efficient and painless Security standards while guaranteeing the highest possible Security level to the company and its customers. The role involves the definition of the processes (the how) and their execution support by the teams: the right candidate will support the team, teach them with the goal to not be needed anymore for that activity and let the team be self-sufficient. Continuous improvement of the processes is expected, to make things simpler, faster, painless.
Also, We aims at improving its Identity management by ensuring procedures exists for all applications onboarding/offboarding of users, but also streamlining the process through standardized applications (SailPoint, AD). The IAM coordinator will drive the activity from the Application Engineering side, supporting and ensuring that all our apps use the new system by end of 2024.
・ Build and manage multi-disciplined engineering teams and oversee the development processes using industry best practices within us.
・ Educate squads on Security matters (it’s an educator role, not a security cop role)
・ Control that what is asked from squads is well defined (what: scope, when: achievable timeline, how: process, closure condition: exit criteria)
・ Defend the squad produced documents during spot checks
・ Not do the security work instead of the squads but ensure that it’s done, done right, done on time and understood by squads.
・ Strive to make oneself and one’s team expendable by raising Security awareness within every squad
・ Continuous improvement of the Security process, to make them more seamless, failsafe, faster and easier to grasp for everyone
・ Strive to continuously improve the Security level of our applications
・ Manage multiple tasks and responsibilities in high-pressure environments; excelling at pinpointing and resolving problems in early project stages to avoid cost/time expenses
・ Build upon the existing implementation of our NWOW, maturing SDLC methodologies and practices across the organization
・ Work closely with squads, POs, and stakeholders to ensure delivery of product