SECURITY ENGINEER

Job DescriptionVerisure, operating under two brand names (Securitas Direct & Verisure) in Verisure, we’re constantly developing new technology to better protect our customers. Our highly skilled and experienced product teams work with urgency and passion when researching and developing new ways to keep our customers safe. The role will reports to the Head of Security Architecture & Engineering (day to day work will be coordinated and supervised by the Technical Lead of Software & Hardware Security Assurance area) and will work with Security Architecture & Engineering team members, SW Developers and Engineers, Product Owners, Business Owners, Regional Information Security Managers, Global Governance, Risk and Assurance Analysts Technical SMEs.Responsibilities:The Software Security Engineer (SSE) is responsible for improving the software security posture of Verisure software globally. In particular the SSE will maintain and improve the secure development standard and guidelines and automate the security tools and controls in the software development pipelines for all development and engineering teams in Verisure. As a Software Security Engineer you will also support the development teams to understand and solve security vulnerabilities detected in their code and applications. In principle, the support will be provided to teams located in South region (Spain, Portugal, Italy, France, LATAM), but can expand globally to North region as well. The Software Security Engineer will prepare and deliver training for developers on security best practices and how to use software security tools. Furthermore, you will coordinate the pentesting service globally for Verisure, contributing as well technically by conducting activities that include verifying vulnerabilities, and discussing and guiding developers on how to mitigate vulnerabilities. As a member of the Group InfoSec team, the SSE will also cultivate a culture of security awareness and incorporate a security mindset in developers’ daily work.this role is based in our office in Madrid, under a Hybrid Model with the possibility to work from home a couple days a week.Qualifications:You are a perfect match for this position if you bring an excellent academic record in Computer Science or similar degree, you are eager to learn new things in a fast paced environment, have a good experience in software development, and bring passion for the interplay between cybersecurity and software. You will work in an international environment with many teams and people from different nationalities, so having a collaborative approach and strong communication skills are a must. We expect you to have a a thorough knowledge and experience of Cybersecurity, Secure SW development, SAST, SCA and IAST/DAST tools. Furthermore we see that you have previous experience within SW development (preferable Java, C and Python), SW testing and package management tools like Maven, Gradle and NPM, as well as CI/CD environments.More specifically:5+ years of experience in IT / Cybersecurity, of which 3+ years within software security.Deep knowledge of software development practices, tools and processes.Expert knowledge of software security best practice and frameworks (e.g. OWASP).Expert knowledge of security tooling as SAST, SCA and IAST/DAST.Experience of security review of Java, C and Python code.Experience of working with CI/CD.Experience of working package management tools like Maven, Gradle and NPM.Integrity and the ability to handle confidential matters.Excellent written and verbal communication skills.Fluent in Spanish and English, both written and verbal.DesiredExperience working with IoT products and ecosystems.Experience of working with cloud solutionsExperience with risk and regulation frameworks and standards, such as NIST 800, ISO 270/01/17/18, ISF SOGP, ISF SOGP, etc.Experience and trainingWork with Infosec teams and development teams to achieve alignment between information security and business objectives.Develop and communicate software security guidelines, standards and procedures of mandatory applicability by all Verisure developers, engineers and third-party providers.Educate SW developers in secure development best practices.Establish tooling (SAST, SCA, IAST/DAST, etc.) for the purpose of evaluating security standards and security controls within CI/CD.Support developers to mitigate identified security weaknesses.Risk assessment; identity risks and help stakeholders to understand the implications towards making an informed decision.Coordinate pentesting service globally, interacting with providers and application owners.