Security Officer – Mobile Secure Development Lifecycle

Security Officer – Mobile Secure Development Lifecycle

Arbetsbeskrivning

We are currently looking for a Security Officer to improve security posture for mobile and embedded/car applications delivered in Polestar.

Let us describe the challenge we offer

The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more to markets will come in a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cyber security related and to protect against that a solid foundation of security practices are needed.

The department is organized in several areas. This role will be in the Security Competence Support area that is supporting the Polestar organization with security processes and skills. The idea is to build a network of Security Champions in the development organization and work with and through them to secure the IT landscape by defining and perform the roll-out of an SDLC where you will play a significant role.

The other areas in the InfoSec department will provide other specialized skills, like cryptography, Red Team/Pen testing, Security Architecture and Privacy to name a few. People that are interested in security sometimes have a diverse background and skill base. So will your colleagues and we will all complement each other.

About the role

The role will have as a main mission to support SDLC for the teams that deliver mobile and embedded/car applications in Polestar. Guide them on what to do in information and cyber security as part of their development. You will use Threat Modeling as the main tool to bring awareness of the need for SDLC practices and then help the teams scope and assess risks and mitigations. Then as a next step, rollout SDLC practices as Secure Coding, different analysis tools etc.

In Polestar we are still a new company. You will need to be able to both work with SDLC and chip in and bring your superpowers to use in other areas.

What you'll do

Support/Improve rollout a SDLC process that balance speed with risk. Polestar is a fast-moving company so the security practices you select for rollout will have to be efficient and concrete.

- Assist in the training of users and InfoSec staff in SDLC in “on the job” fashion with workshops or short training sessions to give a group of developer’s new insights
- Balance security with convenience. If a practice becomes too cumbersome, users will find ways around it. We must focus on the efficiency of the employees as we are still a small organization and all the employees time is crucial to protect.
- Threat watch is essential. This is of course a collective thing, but you need to take special care on the threats for the department you currently are helping, like Ransomware or even Internal Fraud risk in finance area. We are about to launch Threat Modeling as a great way to put the finger on areas that are sensitive in a way that people can understand. There is an infinite number of good practices out there, but the real risks based on a real threat agent using a vulnerability is a different thing. So, you need to master the difference between risks and a vulnerability.
- Together with the CISO and other colleagues with the same role, you will be the responsible for the SDLC with all the practices and guidelines targeting the developers and other stakeholders involved.
- In many countries, legislation is driving investments into the security area. Data protection, privacy and car related legislation is on the rise, and it is part of the job to ensure that we are compliant in full and SDLC is needed to comply. But we do not do it for compliance only, our main mission is to have state of the art security and not a paper product.


Who you are

- At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution.
- You want to create the best and most efficient protection for the company
- Open minded. While you shape and create the reflection on how security is adapted to the
- You can express what people must or need to do in a clear and convincing way
- Manage workshops and working trough others
- Embraces a culture of trust, free thought complete transparency
- Patient and open to inform, motivate and train others on their subject


Your background

- Solid experience of mobile (IOS, Android) development and architecture.
- Experience of SDLC rollouts and security in Mobile and/or Embedded/Car is necessary
- Understanding for design of a security architecture and necessary interfaces between the different components and stakeholders.
- Understanding relationships with Product Owner, Scrum Master, Design Lead and rest of technical team members.
- Experience managing technical priorities
- Knowledge of relevant industry standards (e.g., NIST 800-53, ISO 27001, ISO 27018, EN 62443)
- Experience working with Information Security in two or more Control Areas of the ISO 27001:2022
- Good understanding of the current threat landscape and how to protect against them in an effective manner
- Good scoping skills. Understanding legal requirements and incorporate that into your solution proposal is a plus.
- Risk management and Threat Modeling is a big plus


People at Polestar

At Polestar, you will be part of a cross-functional and international team, with English as a natural language for written and spoken communication. Since Polestar’s in a scale-up phase you thrive by working in a fast-paced environment.

We know that a change is needed. We also know that each one of us can help bring about that change. Our commitment to becoming climate-neutral by 2040 is just as important to us as being inclusive, diverse, and innovative. Together, we are creating, collaborating and experimenting to usher in a new era of sustainable mobility.

We are an electric performance brand, determined to improve the society we live in.

Is this you? If you are interested in joining the Polestar family, don't wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.

Are you ready for the journey? Which is electric by the way...

Sammanfattning

  • Arbetsplats: Polestar
  • 1 plats
  • Tills vidare
  • Heltid
  • Fast månads- vecko- eller timlön
  • Publicerat: 13 september 2022
  • Ansök senast: 2 mars 2023

Liknande jobb


20 december 2024

Servicetekniker IT/Säkerhet till VO Jönköping/Växjö

Servicetekniker IT/Säkerhet till VO Jönköping/Växjö

20 december 2024

IT-säkerhetsarkitekt

IT-säkerhetsarkitekt

17 december 2024

IT-säkerhetsarkitekt

IT-säkerhetsarkitekt

17 december 2024