OBS! Ansökningsperioden för denna annonsen har
passerat.
Arbetsbeskrivning
About Schibsted
Schibsted is an innovative and entrepreneurial leader in the Nordics, with a proven track record of success. Our philosophy is built on challenging the status quo to lead the market. The Product & Application Security team within Schibsted takes a modern non-blocking approach to Application Security and Cloud Security; automate as much as possible, good UX is paramount in everything we do and we collaborate with others to find good solutions. This requires a risk-based approach of integration security into strategies, processes and technology.
About the role
This role will be part of the Product & Application Security team which enables teams in Schibsted to secure their applications and cloud accounts. As a Security Engineer you will be part of "the centre of technical excellence” in the data security domain. You will work closely together with engineers and product owners in order to implement the needed best practice in terms of processes, tools and awareness. You will join the central Product and Application Security team which today consists of four Security Engineers.
Your main responsibilities will be:
- Contribute or lead security initiatives from idea to rollout in over 60 companies spread across over 100 teams.
- Use and integrate the security tools we acquire, making them self-service for developers.
- Help developers understand bug classes and how they can fix them.
- Enabling secure defaults by contributing with code on tools, libraries and infrastructure.
- Run and scale security activities in our DevSecOps lifecycle, including but not limited to threat modelling, code scanning, web app scanning, and threat detection.
- Run and evolve our private bug bounty program.
- Follow up on reported vulnerabilities from security scanners like Detectify, Vulcan and Github Advanced Security (CodeQL).
- Provide subject matter expertise on topics such as secure design, security controls, programming practises, encryption, web security standards.
- Improve our Identify, Detect, Protect, Respond and Recover (as defined in the NIST Cybersecurity Framework) capabilities in Application Security and Cloud Security.
Skills and Requirements:
- Software development experience (preferable JVM based or Go)
- Development and Operations (DevOps) experience
- Terraform (or similar Infrastructure as Code tool) experience
- Ability to proactively solve problems and react to security challenges in real-time
- Excellent skills in spoken and written English
- Bachelor's degree in computer science or equivalent work experience
- CodeQL experience would be great :)
Personal profile:
- Positive and can-do attitude
- Empathise with the needs of the business side and local tech teams
- Solution oriented
- Good listening capability
- Deep interest and curiousness in the technology space of data security
- Perseverance and focus on implementing from start to completion
We offer you:
- Dedicated 10% research time
- Plenty of challenges and opportunities
- Working in a team with other Security Engineers
- An exciting position in the heart of one of the biggest tech companies in the Nordics
- Work with modern technology like kubernetes, CodeQL, AWS and GCP
Schibsted is a family of digital brands with a strong Nordic position, and more than 5,000 employees. Millions of people interact with our companies every day through our leading online marketplaces, world-class media houses. We also help new promising businesses grow. Our joint mission of empowering people in their daily lives is rooted in the values of our media heritage and a legacy of bold change. At our best, we are a fearless force for change in a society built on trust and transparency.
Data & Tech is a central product and tech unit that serves all of Schibsted. We are about 250+ people in Oslo, Stockholm and Krakow, and collaborate closely with other product and tech teams in all units in Schibsted. Areas of responsibilities include data & technology strategy, privacy/data trends/responsible data & machine learning, information security and internal IT.