otouczelnie - Application/Product Security Engineer

ABB (ABBN: SIX Swiss Ex) is a pioneering technology leader in electrification products, robotics andmotion, industrial automation and power grids, serving customers in utilities, industry and transport infrastructure globally. Continuing a history of innovation spanning more than 130 years, ABB today is writing the future of industrial digitalization with two clear value propositions: bringing electricity from any power plant to any plug and automating industries from natural resources to finished products. As title partner of Formula E, the fully electric international FIA motorsport class, ABB is pushing the boundaries of e-mobility to contribute to a sustainable future. ABB operates in more than 100 countries with about 135,000 employees. www.abb.com

Firma: ABB Sp z o.o. | Application/Product Security Engineer

Miejsce: Kraków, małopolskie; Łódź, łódzkie

Nr ref. PL91637513_E7

Opis stanowiska

• Security Assessments: Conduct regular security assessments, including threat modeling, At-tack Surface Analysis, Critical Analysis.

• Security Architecture: Design and implement security architecture and controls for new and existing products.

•Code Review: Review source code for security vulnerabilities and provide actionable feedback to development teams.

•Secure Coding Practices: Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation.

• Tool Implementation: Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes.

• Incident Response: Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies.

•Collaboration: Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process.

• Monitoring and Reporting: Monitor application security metrics and provide regular reports to management on security posture and compliance.

Wymagania

University degree in Computer Science or similar field
Understanding of programming languages such as Java, C#, Python, or JavaScript.
Strong understanding of application security principles and secure coding practices.
Strong understanding of application security principles like network security, encryption, access management and their best practices
Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti)
Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, ISO 27001), cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features
Hands on experience with containerization and orchestration tools such as Docker and Kubernetes
Fluency in English
Certifications: Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus.