Job Description

Maersk is the largest shipping and container logistics company in the world. A $40bn organisation with over 85,000 people, we ship roughly 20% of the world\xe2\x80\x99s container freight. We\xe2\x80\x99re bringing our organisation together to become an integrated container shipping and logistics company, fundamentally re-thinking how we do business.
Maersk is going through times of unprecedented change. As we aspire to secure sustainable growth of our businesses, we need to re-think the way we engage with our customers and partners. Digitisation and IT are taking centre stage in enabling this engagement. Join us in Transport and Logistics IT as we re-think what technology can do to drive growth.

We Offer\xe2\x80\xa6
Joining Maersk T&L will embark you on a great journey with career development in a global organisation. As an Engineer you\xe2\x80\x99ll be working in Secure-by-Design Tooling team within our Cyber Organisation You will gain broad business knowledge of the company\xe2\x80\x99s activities globally, as well as understand how the complexity of IT supports the transport and logistics business.
You will be exposed to a wide and challenging range of business issues through regular engagement with key stakeholders across all management levels within Maersk.
You will work and communicate across geographical and cultural borders that will enable you to build a strong professional network. We believe people thrive when they are in charge of their career paths and professional growth. We will provide you with opportunities to broaden your knowledge and strengthen your technical and professional foundation.
At Maersk we value the diversity of our talent and will always strive to recruit the best person for the job \xe2\x80\x93 we value diversity in all its forms, including but not limited to gender, age, nationality, race, sexual orientation, disability or religious beliefs. We are proud of our diversity and see it as a genuine source of strength for building high performing teams.

What we are looking for\xe2\x80\xa6
Are you an engineer with programming experience with a passion for Application Security?
Do you have 3+ years in any JAVA, .NET, C#, Go, Python?
Are you interested in gaining\xe2\x80\xa6 or developing your experience in the Application Security space? Read on\xe2\x80\xa6

Our Secure-by-Design product is looking for a Security Engineer / Developer to join their team to assist with application security tools, vulnerability triage, remediation process and related support. have a genuine interest and passion for developing yourself further in the security space, the team will happily help you develop and upskill.

Key Responsibilities:

• Act as a Cyber Security Engineer in the SbD tooling team, collaborating with the Business Platforms, DevOps and Tooling and Cloud Engineering teams on the design, deployment and management of Application Security tooling focusing remediating vulnerabilities and risk reduction
• Work as part of the CSP (Cyber Security Platform) on Application Security tools and capabilities based on the level of risk identified
• Analysing vulnerabilities, spotting issues in code, designing technical solutions / code fixes to address security weaknesses
• Apply knowledge of security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities.
• Providing technical leadership, guidance, and direction to the engineering teams on application security vulnerabilities and remediation assistance
• Professionally Handle communications with engineering teams and design appropriate mitigation strategies for reported vulnerabilities
• Establish clear understanding and documentation of processes related to application security tooling, policies, and procedures
• Leverage security automation process and develop playbooks and workflows based on operational use cases
• Maintain detailed knowledge of emerging threats, risks, technical innovations and security capabilities
• Participate in sprint planning, backlog refinement and task estimation

Qualifications:

• 5+ years of hands-on experience on Security with Development background with broad understanding of SAST, SCA, Container and Infrastructure-as-Code scanning, into CI/CD pipeline, Agile Methodology, remediations and awareness programs
• Experience working multiple programming languages: Java, Net, C#, JavaScript, Python, Go, SQL and strong source code skills
• Experience with Polaris, Black Duck, Prisma Cloud, GHAS security tools
• Strong experience working closely with developers
• Strong understanding and experience on attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE etc
• Deep understanding of OWASP Top 10, SANS Top 25, WASC, NIST or SANS Security Guidelines
• Deep knowledge and understanding on vulnerability management process
• Good understanding of Manual, Automated Application Security Testing, Automation knowledge and problem-solving skills
• Experience with security development, attack and defence solutions for SDLC in a fast-paced environment
• Understanding of security controls, coding best practices, security standards, code reviews and design reviews
• A well-organised, motivated and self-starting individual with strong written and verbal communication skills and able to be understood by both technical and non-technical personnel

Nice to have:

• Experience working on scripting languages, threat modelling, DevSecOps
• Experience contributing to the security community and other open-source projects, public research, presentations, etc

Defensive cyber security operations (Real time and historical), preventing network intrusion and malicious activity. Deployment, configuration, and use of Cyber Security Tooling

The purpose guides us in being at our best \xe2\x80\x93 and that, we imagine, you share with us.

At Maersk, we\'re building a culture where everyone can feel at home. We don\'t just work across continents, we work across different genders, generations, cultures, sexual orientations, religions, disabilities and perspectives. Together, we succeed as one global team. We want to encourage innovation and empower our teams to share new ways of thinking, making the most of our diverse talents. But it\xe2\x80\x99s also about feeling involved and encouraged to be yourself.

We\xe2\x80\x99re excited for you to become part of our team and fully join in the adventure ahead.