Spennende mulighet innenfor IT hos Nord Pool!

We are looking for an experienced cybersecurity professional to lead our IT Secure Development Initiative forward.

This is a 1-year contract with a possibility to renew.

In this role you will be responsible for leading and evolving secure development practices, working closely with our Product Development Team to ensure the secure development and deployment of our IT Products and IT Services.

We offer interesting challenges in the energy industry sector, as well as opportunities to develop your skills DevSecOps skills in an Agile working environment.

Your responsibilities:

• Design, Build, integrate and manage security controls into Agile Software Development Lifecycle and CI/CD pipeline in accordance with defined Cyber Security Strategy Objectives and DevSecOps principles.
• Work closely with Product Development Teams, assisting in the overall security architecture, ensuring security by design and the effective implementation of security controls.
• Support security-related projects and major IT projects with security requirements.
• Develop, Implement and manage automated security testing controls in the development pipeline ( Static and Dynamic Security Testing).
• Coordinate regular external Application Penetration tests.
• Coordinate Vulnerability Management practices ensuring the timely reporting, evaluation, remediation of identified vulnerabilities.
• Actively support the continued development of security architecture and technology road map providing the framework for the application of security controls.
• Develop, maintain, and communicate secure development standards and training material.
• Establish a network of secure development champions, raising competence via engagement, awareness and training.
• Develop and validate benchmark security configurations for security systems and applications.
• Monitor, evaluate and report security performance and risks to Cyber Security Steering Group.

What we would like you to bring

Education, Skills and Experience

• Education: Bachelor or Master’s level education in Information Technology (or similar).
• One or more professional security certification(s).
• Minimum 5 years IT security experience, with direct experience in an IT Security Lead or Manager role.
• Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM).
• Experience performing vulnerability testing, risk analyses and security assessment in SDLC activities like Threat Modeling, DAST, SAST, OSS Scanning and Penetrating Testing.
• Experience with building and implementing static and dynamic analysis tools, open-source scanning tools and integrating security into a CI/CD workflow.
• Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
• Solid understanding how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
• Experience implementing security tools (SAST, DAST) and integrating them with Agile workflows and development platforms (Jira, Bitbucket, Bamboo, Octopus, Slack, Pagerduty) and cloud platforms(Azure).
• Familiarity with security standards and best practices (for example ISO 27k, NIST, OWASP, CIS).

Personal Competencies

• Highly Motivated team player, with a can-do attitude and the ability to get things done.
• Aptitude for solving problems and acting on own initiative.
• Strong Organisation skills, with the ability to manage tasks, time & resources.
• Ability to understand and solve complex issues with clear, balanced & implementable solutions.
• Capacity to quickly learn new skills and adapt to new environments.
• Fluent in English both Written & Verbal.

Why you'll love working at Nord Pool

At Nord Pool, you will get to leave your mark and make a real difference on our products and way of working. You will be part of a motivated, tech-savvy and friendly team. We believe in giving you the freedom to deliver your best work: that is why we are flexible around hours, tools and working methods. With us, you can build your career at an international, forward-thinking and profitable company. We’ll give you opportunities to learn and create something new.