Talent.com
Deze vacature is niet beschikbaar in je land.
Application Security Engineer

Application Security Engineer

Dassault Systèmes's-Hertogenbosch, Noord-Brabant, Netherlands
11 dagen geleden
Functieomschrijving

As an Application Security Engineer , you will play a key role in assessing our Secure Software Development Lifecycle maturity, defining a security roadmap, and driving the implementation and improvement of cybersecurity activities.

This is a full-time, permanent role based in the DELMIA R&D Lab in 's-Hertogenbosch, the Netherlands. We expect you to work inside this office for at least 3 days a week.

YOUR RESPONSIBILITIES :

  • Lead our “shift left” security efforts to build security into the software development lifecycle.
  • Conduct secure design reviews and threat modeling sessions. Identify and prioritize risks, attack surfaces, and vulnerabilities.
  • Be available to conduct security code reviews and advise developers on remediating vulnerabilities and following secure coding practices.
  • Take charge of our vulnerability management program. Triage and prioritize vulnerabilities from scans, audits, and bug bounty submissions. Track remediation and validate fixes.
  • Research and recommend security tools and technologies to strengthen defenses against emerging threats targeting machine learning systems.
  • Develop and document security policies, standards, and playbooks. Conduct security awareness training sessions for engineers.
  • Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development.
  • Be the main DELMIA Quintiq R&D contact for security-related subjects, such as answering questions related to our security development practices, tools, and processes.

YOUR QUALIFICATIONS :

  • Have 3+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments.
  • Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels towards building security into the product lifecycle.
  • Be able to use creative and strategic thinking to reduce risks through secure design and simplicity, not just controls.
  • Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall attack surface.
  • Have the ability to distill complex security concepts into clear actions and drive consensus without direct authority.
  • Have a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and security-related education.
  • Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes.
  • Have experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses.
  • Be passionate about security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design.

    • J-18808-Ljbffr