Lyreco Group
Application Security Engineer
Lyreco Group, Poland, Indiana, United States, 47868
Lyreco Group
The Lyreco Group is the European leader and the third largest distributor of workplace products and services in the world. A specialist of the work environment, Lyreco's expertise covers all workplace needs: office supplies, stationery, office...Lyreco is looking for an experienced Application Security Engineer to join our cybersecurity team. You will be responsible for integrating security practices into CI/CD pipelines and ensuring code security at every stage of development. You will collaborate with DevOps and development teams to strengthen the security posture of Lyreco's digital landscape.Are you excited for your new career adventure? At Lyreco, we offer more than just a job, but a career! Our IT Team is looking for a talented and ambitious new Application Security Expert to join our team in HQ in Gdansk.Responsibilities:Secure the development cycle (SDLC): Integrate SAST/DAST tools and automate security within CI/CD pipelines.Code review: Analyze source code to identify and fix vulnerabilities.Implement security controls: Ensure relevant security controls (like authentication, access control, data encryption, etc.) are implemented in Lyreco applications.Support developers: Promote secure coding best practices (Advisories, CTF, bug bounty programs, etc.).Compliance and security assessment: Ensure applications security compliance with industry standards (ISO 2700X, OWASP, etc.) best practices and Lyreco internal guidelines, participate in security assessment, penetration tests, and support resolving issues after risk assessment.Vulnerability management: Assess, fix, and monitor application security risks.Configure security tools: Select, implement, manage and continuously develop security solutions such as WAF, SIEM, etc.Continuous monitoring and alerting applications thread landscape and propose relevant countermeasures.Required Skills:CI/CD and application security tools: Jenkins, GitLab CI, GitHub Actions, SAST (SonarQube, Checkmarx), DAST (OWASP ZAP, Burp Suite), IAST, RASP, WAF, securing APIs and microservices.Secure coding: Mastery of secure coding practices (OWASP, CWE/SANS) and web frameworks (JS, SOAP, JSON, etc.), code review (Sonarqube, Checkmarx, Fortify), secrets management (Hashicorp Vault, Azure Key Vault), and certificate management.Cloud Security: Experience with cloud security such as Azure, GCP, AWS.Container Security: Experience with Docker, Kubernetes, and container scanning tools (Trivy, Clair).Automation: Scripting (Python, Bash) and infrastructure-as-code (Terraform, Ansible).Vulnerability management: Deep understanding of application related vulnerabilities (XSS, CSRF, LFI, etc.) and remediation methods, familiarity with CVSS.Collaboration: Ability to work closely with DevOps and development teams and communicate effectively.Certifications: OSCP, OSE, OSWE, GIAC Advanced, CSSLP, CEH, AWS Certified Security is a plus.Reasons to join LYRECO:A full-time job in a dynamic, passionate, international team.Annual bonus, based on individual objectives.Competitive salary.Hybrid work model (twice a week).If the above job description interests you and you think you are a good fit, apply now! (CV in English) We look forward to receiving your application.
#J-18808-Ljbffr
The Lyreco Group is the European leader and the third largest distributor of workplace products and services in the world. A specialist of the work environment, Lyreco's expertise covers all workplace needs: office supplies, stationery, office...Lyreco is looking for an experienced Application Security Engineer to join our cybersecurity team. You will be responsible for integrating security practices into CI/CD pipelines and ensuring code security at every stage of development. You will collaborate with DevOps and development teams to strengthen the security posture of Lyreco's digital landscape.Are you excited for your new career adventure? At Lyreco, we offer more than just a job, but a career! Our IT Team is looking for a talented and ambitious new Application Security Expert to join our team in HQ in Gdansk.Responsibilities:Secure the development cycle (SDLC): Integrate SAST/DAST tools and automate security within CI/CD pipelines.Code review: Analyze source code to identify and fix vulnerabilities.Implement security controls: Ensure relevant security controls (like authentication, access control, data encryption, etc.) are implemented in Lyreco applications.Support developers: Promote secure coding best practices (Advisories, CTF, bug bounty programs, etc.).Compliance and security assessment: Ensure applications security compliance with industry standards (ISO 2700X, OWASP, etc.) best practices and Lyreco internal guidelines, participate in security assessment, penetration tests, and support resolving issues after risk assessment.Vulnerability management: Assess, fix, and monitor application security risks.Configure security tools: Select, implement, manage and continuously develop security solutions such as WAF, SIEM, etc.Continuous monitoring and alerting applications thread landscape and propose relevant countermeasures.Required Skills:CI/CD and application security tools: Jenkins, GitLab CI, GitHub Actions, SAST (SonarQube, Checkmarx), DAST (OWASP ZAP, Burp Suite), IAST, RASP, WAF, securing APIs and microservices.Secure coding: Mastery of secure coding practices (OWASP, CWE/SANS) and web frameworks (JS, SOAP, JSON, etc.), code review (Sonarqube, Checkmarx, Fortify), secrets management (Hashicorp Vault, Azure Key Vault), and certificate management.Cloud Security: Experience with cloud security such as Azure, GCP, AWS.Container Security: Experience with Docker, Kubernetes, and container scanning tools (Trivy, Clair).Automation: Scripting (Python, Bash) and infrastructure-as-code (Terraform, Ansible).Vulnerability management: Deep understanding of application related vulnerabilities (XSS, CSRF, LFI, etc.) and remediation methods, familiarity with CVSS.Collaboration: Ability to work closely with DevOps and development teams and communicate effectively.Certifications: OSCP, OSE, OSWE, GIAC Advanced, CSSLP, CEH, AWS Certified Security is a plus.Reasons to join LYRECO:A full-time job in a dynamic, passionate, international team.Annual bonus, based on individual objectives.Competitive salary.Hybrid work model (twice a week).If the above job description interests you and you think you are a good fit, apply now! (CV in English) We look forward to receiving your application.
#J-18808-Ljbffr