Product Security Engineer (2) Sector 4

Product Security Engineer (2)
Bucureşti
Sector 4, București, Romania

Faites un pas en avant et
- vous surprendre par Edenred.

Chaque jour, nous fournissons des solutions innovantes pour améliorer la vie de millions de personnes, en connectant les employés, les entreprises et les commerçants dans le monde entier.  

Nous savons qu'il y a des centaines de façons pour vous d'évoluer. Avec nous, vous développerez vos compétences dans un environnement multiculturel, stimulant et dynamique.  

Osez rejoindre Edenred et préparez-vous à vous épanouir dans une entreprise internationale qui vous offrira des opportunités infinies.

La méritocratie fait partie de notre ADN.

Chez Edenred, nous reconnaissons, recrutons et développons tous les talents.

Venez comme vous êtes, dans le respect de votre singularité et contribuer à l'aventure Edenred avec nous.

Nous nous engageons à prévenir toute forme de discrimination et à proposer à tous nos candidats des opportunités égales indépendamment de leur genre et expression de genre, handicap, origine, croyance religieuse et orientation sexuelle ou tout autre critère.

About EDENRED

Edenred is a pioneer, a tech leader and the everyday companion for people at work across 45 countries.

Our 12, 000 employees are committed to making the world of work a better place for all, one that is safer, more efficient and more
- friendly. At Edenred, our passion for customers, respect, imagination, simplicity and entrepreneurial spirit are our values. For anyone who needs to vibe in their professional life, we are the best place for you to work and grow.

The Edenred Digital Center (EDC) in Bucharest, Romania is Edenred Group's new Digital hub for strategic IT projects.

Context/Role

Edenred's Benefits & Engagement business line is searching for a dedicated Product Security Engineer.

You will cover multiple Business units (17) distributed in Europe and be responsible for assisting and guaranteeing Security by Design, Network Security and Secure Coding practices in projects. Align security tests and managing vulnerabilities with the Europe Business Units. You will communicate with other departments and business units within the organization, tracking and remediating issues.

Your role

You will be in charge of:

»Integrate and manage vulnerability management tools and scanners and application firewall policies.

»Integrate and roll out security tools (e. g. , DLP, IAM/PAM) to enhance application security.

»Collaborate with
- party penetration testing teams, providing necessary support and facilitating the preparation and scoping of tests.

»Support
- stack vulnerability management efforts by coordinating with the Cyber Defense team within B&E Europe.

»Report and follow up on vulnerability remediation plans with stakeholders and development teams within the business units.

»Review and validate secure architecture and processes, ensuring security measures are embedded from the outset (Security by Design).

»Assist in defining and implementing
- layer security monitoring for business platforms.

»Maintain and control regional applications referential.

»Define the run book for each Change implementation and participate on the CAB meeting when required

»Support incident response capabilities, especially for incidents impacting Merchant/User/Clients applications.

»Engage with the Application Security Center of Expertise for support on security initiatives.

»Contribute to incident response efforts for
- layer vulnerabilities as needed, in coordination with Edenred CERT or the Cyber Defense team.

»Stay current on the latest security trends, vulnerabilities, and mitigation techniques.

»Ensure Quality Control and Lessons Learned of Security Actions on the other Security layers.

»Govern and Manage related security procedures, guidelines, diagrams and baselines.

This position requires rigorous coordination skills to cover the full scope composed of several number of assets across multiple countries.

You will be in direct contact with the different CPOs, CTOs and Infra leaders distributed in our Business units.

You will be supported by Group teams which provide expertise on the different cyber security domains.

This is a great opportunity to work with experts from different locations, with different skills, and a shared commitment to deploy & strengthen the Whole group security

This position reports directly to the B&E Europe security leader.

 Your Responsibilities

»Partner with product and engineering teams to identify, assess, and mitigate security risks early in the design process

»Perform threat modeling and security design reviews for new and existing products

»Collaborate with development teams to integrate security best practices into the software development lifecycle

»Conduct threat modeling, security assessments, and code reviews to identify vulnerabilities

»Collaborate with Dev
Ops to implement security automation in CI/CD pipelines (SAST, DAST, SCA, etc. )

»Work closely with engineering teams to remediate security issues and implement secure coding practices

»Perform security testing, including static and dynamic analysis

»Develop and deliver security training and awareness programs for developers

»Contribute to incident response related to product or application vulnerabilities

»Stay up to date with the latest security trends, vulnerabilities, and mitigation techniques

 Your profile

»Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience

»3+ years of experience in application security or product security roles

»Strong understanding of secure coding practices, secure design patterns and common vulnerabilities (e. g. , OWASP Top 10)

»Experience performing or facilitating threat modeling and security assessments (STRIDE, PASTA, or equivalent)

»Strong understanding of security monitoring tools, with experience in static and dynamic analysis (DAST, SAST, and EDR technologies)

»Knowledge of cloud security, container security, or Dev
Sec
Ops practices

»Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and
- technical stakeholders

»Fluent English level (mandatory)

»Strong analytical and
- solving skills and attention to detail

»Proactive,
- oriented, and
- driven, with strong organizational skills.

»Experience in matrix and international IT organizations is a plus; previous consulting experience is also appreciated.

Nice to have

»Relevant certifications: CISSP, GCSA, CSSLP, CEH, OSWE, or equivalent.

VIBE WITH US

Joining us means:

»Becoming part of a team that embraced the digitalization challenge and enjoys this transformation every day

»Living our values every day: passions for customers, respect, imagination, simplicity, entrepreneurial spirit.

Because:

»You will get exposure to various global cultures and teams

»You will be working with the newest technologies to build a new platform from scratch

»We offer you a very pleasant working environment, close to Bucharest city center

»We also have for you: meal tickets, holiday vouchers, health subscription, flexible hours, a

remote work policy 2d /week in the office

»Flexible benefits system,
-
- job training &
- learning platforms.

And we do not stop here!

OUR COMMITMENT

Edenred is all about meritocracy. You come as you are, and you contribute. Indeed, the Edenred Group recognizes, recruits and develops all talents and singularities. We are committed to preventing all forms of dis crimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression, disability, origin, religious belief and sexual orientation or any other criteria.

Apply now and Vibe with Us!