Spennende mulighet innenfor IT hos Nord Pool!
- Nord Pool AS
- IT Secure Development Lead (1 year contract)
We are looking for an experienced cybersecurity professional to lead our IT Secure Development Initiative forward.
This is a 1-year contract with a possibility to renew.
In this role you will be responsible for leading and evolving secure development practices, working closely with our Product Development Team to ensure the secure development and deployment of our IT Products and IT Services.
We offer interesting challenges in the energy industry sector, as well as opportunities to develop your skills DevSecOps skills in an Agile working environment.
- Design, Build, integrate and manage security controls into Agile Software Development Lifecycle and CI/CD pipeline in accordance with defined Cyber Security Strategy Objectives and DevSecOps principles.
- Work closely with Product Development Teams, assisting in the overall security architecture, ensuring security by design and the effective implementation of security controls.
- Support security-related projects and major IT projects with security requirements.
- Develop, Implement and manage automated security testing controls in the development pipeline ( Static and Dynamic Security Testing).
- Coordinate regular external Application Penetration tests.
- Coordinate Vulnerability Management practices ensuring the timely reporting, evaluation, remediation of identified vulnerabilities.
- Actively support the continued development of security architecture and technology road map providing the framework for the application of security controls.
- Develop, maintain, and communicate secure development standards and training material.
- Establish a network of secure development champions, raising competence via engagement, awareness and training.
- Develop and validate benchmark security configurations for security systems and applications.
- Monitor, evaluate and report security performance and risks to Cyber Security Steering Group.
What we would like you to bring
Education, Skills and Experience
- Education: Bachelor or Master’s level education in Information Technology (or similar).
- One or more professional security certification(s).
- Minimum 5 years IT security experience, with direct experience in an IT Security Lead or Manager role.
- Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM).
- Experience performing vulnerability testing, risk analyses and security assessment in SDLC activities like Threat Modeling, DAST, SAST, OSS Scanning and Penetrating Testing.
- Experience with building and implementing static and dynamic analysis tools, open-source scanning tools and integrating security into a CI/CD workflow.
- Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
- Solid understanding how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
- Experience implementing security tools (SAST, DAST) and integrating them with Agile workflows and development platforms (Jira, Bitbucket, Bamboo, Octopus, Slack, Pagerduty) and cloud platforms(Azure).
- Familiarity with security standards and best practices (for example ISO 27k, NIST, OWASP, CIS).
- Highly Motivated team player, with a can-do attitude and the ability to get things done.
- Aptitude for solving problems and acting on own initiative.
- Strong Organisation skills, with the ability to manage tasks, time & resources.
- Ability to understand and solve complex issues with clear, balanced & implementable solutions.
- Capacity to quickly learn new skills and adapt to new environments.
- Fluent in English both Written & Verbal.
Why you'll love working at Nord Pool
At Nord Pool, you will get to leave your mark and make a real difference on our products and way of working. You will be part of a motivated, tech-savvy and friendly team. We believe in giving you the freedom to deliver your best work: that is why we are flexible around hours, tools and working methods. With us, you can build your career at an international, forward-thinking and profitable company. We’ll give you opportunities to learn and create something new.
Nord Pool is Europe's leading power market and offers trading, clearing, settlement and associated services in both day-ahead and intraday markets across 16 European countries.
360 companies from 20 countries trade on our markets in the Nordic and Baltic regions, the UK, Central Western Europe (covering Austria, Belgium, France, Germany, Luxembourg and The Netherlands) and Poland.
Nord Pool is owned by Euronext (66%), and the Nordic Transmission System Operators and Litgrid (Lithuanian TSO) retain 34% ownership through a joint holding company.
- Lilleakerveien 2A, 0283 Oslo
- Kraft og energi
- IT utvikling / IT-sikkerhet,
- IT utvikling / Utvikler (generell)
cybersecurity, development, Nordpool, cybersikkerhet, ITproducts
|Sist endret||15. jun. 2021 10:23|