Job Description

In this role, you will be owning application security for Turbocharging. You will ensure that developed and acquired applications across the IT landscape are secured in alignment with internal security policies and market requirements. You will provide clear guidance and recommendations to the IT organization to deliver reliable and secure solutions to the business.


Your responsibilities

• Responsible to design, implementing, and maintaining the framework to deliver the application security services in scope, within budget, and in line with the customer’s expectations.
• Collaborating with other security team members and the overall IT organization to establish and maintain the framework for application security for managing security resilience.
• Participating in discussions with application and asset owners or designated technical contacts to execute and explain results of assessments and tests as well as determine remediation steps/time needed.
• Collaborating with application owners and business owners providing them with clear guidance and recommendations to deliver reliable and secure solutions.
• Delivering and providing risk-driven guidance aiming to improve overall security posture across the Turbocharging IT landscape and minimize potential negative business and reputation impact in case of a security incident.
• Ensuring periodic security posture reporting to the IT management and business and suggests risk-driven resolutions.

• Bachelor’s or Master’s degree in Information Technology, Computer Science, Software Engineering, or related qualification, and/or proven capability through past employment experience.
• Minimum of 5+ years of information security.
• Proven experience in conducting assessments and translating assessment results based on multiple industry standards and frameworks such as SOC1, SOC2, ISO2700x, NIST, and COBIT.
• Strong practical knowledge of Secure Software Development Life Cycle (SSDLC) process and software exploitation skills (web, client-server and mobile) on modern operating systems. Familiarization with XSS, SSJS, filter bypassing, Injection, CSRF, etc.
• Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
• Detailed knowledge of current international best practices.
• CISM (Certified Information Security Manager), and CISSP (Certified Information Systems Security Professional) certifications are preferred.

• Attractive compensation & benefits.
• Employee Assistance Program.
• Global parental leave program.
• Flexible working models.