Software Security Engineer
Present in Romania for over 40 years, Thales is expanding its presence in the country by growing its Digital capabilities and by developing a Group Engineering Competence Centre (ECC). Operating from Bucharest, Thales delivers solutions in a number of core businesses, from ground transportation, space and defence, to security and aeronautics.
Several professional opportunities have arisen. If you are looking for the solidity of a Global Group that is at the forefront of innovation, but with the agility of a human structure that tailors to the personal development of its employees and allows opportunities for evolution in an international environment, then this is the place for you!
The Security partner role is part of the Thales Digital Factory (TDF) global White team (security partners).
The responsibility is to:
- Provide support in all phases of secure SDLC (Software development lifecycle);
- Collaborate closely with development teams to help them quickly overcome all security impediments;
- Perform risk assessment and threat modeling;
- Formulate actionable Cloud Security Policies;
- Secure architecture design and implementation;
- Coach developers to write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices;
- SAST, DAST, pentest, infrastructure vulnerability scanning reports review and mitigation, proposal for vulnerabilities (advise development teams on remediation).
Additionally, the Security partner will need to:
- Collaborate within security partners team, to enhance TDF security policies, procedures and best practices;
- Collaboration will also be needed with the TDF Blue team, to ensure that the products are security compliant and to respond to different incidents detected by blue team;
- Collaborate with TDF Red teem to plan the pentest and bug bounty programs;
- Coordinate external audit/accreditation procedures.
Skills & experience:
- 3+ years experience in Application Security;
- Knowledge of OWASP TOP 10 web application risks;
- Knowledge of security policies (BSS, CSS);
- Knowledge of secure coding practices;
- Knowledge of security architecture best practices;
- Azure security;
- Can read and understand the code;
- English language.
Nice to have:
- Knowledge of the modern, cloud based web application architecture;
- Security certifications like CEH, CISSP, CompTIA Security+, OSCP;
- Basic programming skills;
- French language.
At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here.