Senior Engineer, Cyber Security Engineering (SWCoE) (Bucharest, RO)

Senior Engineer, Cyber Security Engineering (SWCoE)
The job responsibilities outlined in this document are not exhaustive and may evolve over time and be reviewed according to business needs.
ROLE DESCRIPTION SUMMARY
In this position you will be responsible for integrating security practices into the software development lifecy-cle. Your primary focus will be on ensuring the security of applications through both static and dynamic code analysis but also ensuring that the application is designed by following system security concepts standards and best practices. You will manage and advise several projects and BizDevOps teams to deliver resilient zero trust solutions in a diverse and fast paced environment, ensuring secure application design and ade-quate security controls are in use.
PRIMARY RESPONSIBILITIES / KEY RESULT AREAS
Work in close collaboration with the Software Center of Expertise (SWCoE) and software development teams to integrate security seamlessly into the development process. Identify critical areas for security implementation and ensure adherence to secure coding practices.

• Conduct thorough analysis of code vulnerabilities using both static and dynamic analysis tools. Identify, document, and prioritize vulnerabilities, and work with development teams to remediate them
• Automate security controls, data protection, and vulnerability management systems within deployment pipelines. Develop and implement automation scripts to enhance security testing and monitoring
• Develop, document, and disseminate security best practices, standards, and guidelines for software de-velopment. Conduct training sessions and workshops for development teams on secure coding practices and threat modeling.
• Work closely with cross-functional teams, including development, operations, and security, to ensure a cohesive approach to security throughout the software development lifecycle.
• Stay updated with the latest security trends, vulnerabilities, and technologies. Continuously improve se-curity processes and tools to enhance the overall security posture of the organization.
• Translate advanced security requirements into comprehensive, effective and efficient technical security concepts in line with industry and governmental security standards that effectively mitigate security re-lated risks, threats and vulnerabilities while accommodating complex operational needs in complex hy-brid infrastructures.Autonomously lead complex cyber security implementation projects as laid out in SES's information security strategy and deliver them within time, cost and scope.

COMPETENCIES

• Independent, passionate and self-motivated with proven ability to deliver on complex and time critical tasks/projects
• Effective project management skills, able to handle multiple projects simultaneously and steer cross-functional and/or virtual project teams
• Strong analytical skills and stress resistance
• Innovative, result, solution and stakeholder-oriented mindset
• Strong ability to overcome resistance to change, mediate in conflicts and resolve issues, and to secure stakeholder buy-in to the proposed solution
• Proficient written and verbal communication skills: ability to explain security rationales and controls to non-technical audiences
• Passionate team player, motivated to work in an international environment, collaborating with interdisci-plinary teams
• Versatile and able to grasp new concepts and technologies quickly

QUALIFICATIONS & EXPERIENCE
Required Qualifications

• Degree in Computer Science or Software Engineering and a minimum of 5 years of experience with a strong focus on security and DevOps practices
• Proficiency in various DevSecOps toolkits. Familiarity with information security frameworks and stand-ards.
• Knowledge of attacker techniques and how to mitigate them in complex environments
• Experience with DevOps automation tools such as Terraform, GitHub Actions, and CI/CD pipelines.
• In-depth knowledge of static and dynamic code analysis tools, vulnerability management, and secure software development practices.
• Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks effec-tively.
• Security standards, best practices and guidelines (e.g., NIST SP-800 series, DISA STIGs, CIS)
• Vulnerability, compliance and patch management solutions for complex, heterogeneous systems
• Experience managing and understanding Web Application Firewalls
• Experience with 1 or more Identity and Access Management and with Strong Authentication Systems; knowledge of Azure AD, Active Directory, Kerberos, SSO, SAML, and/or OAuth Excellent communica-tion and collaboration skills, with the ability to work effectively with cross-functional teams
• Proficiency with English

Preferred Qualifications

• Experience in developing and deploying zero trust security controls in Microsoft Azure and Ofice365 en-vironments, including knowledge of Intune, Conditional Access, Cloud App, Microsoft Purview Infor-mation Protection, Microsoft Purview Data Loss PreventionExperience with Microsoft DevOps
• Experience with MITRE ATT&CK framework for Enterprise and Cloud
• Cloud security certifications
• Solid knowledge of cyber security threats, vulnerabilities, security technologies, controls and best prac-tices

SES is an Equal Opportunity and Affirmative Action Employer
SES and its Affiliated Companies are committed to providing fair and equal employment opportunities to all. We are an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, disability, or any other basis protected by local, state, or federal law.
For more information on SES, click here .