Global Application Security Manager

  • Job area - Project Management & Engineering
  • Hours - 45
  • Location - Global Application Security Manager
CEVA Logistics is one of the largest logistics service providers in the world. We take care of our clients in the area of Contract Logistics, Freight and Transport Management. The strength of our company lies in the talent of our people; together we want to improve ourselves every day. At CEVA you receive plenty of room for your ideas and sufficient opportunities to develop yourself. How far do you want to go?
  • Job description
    As a Global Application Security Manager, you will be the global lead and SME for application security within CEVA and will take care of: implementing secure coding practices, security testing and mitigation, developers training. You will also be responsible for a team of appsec professionals and penetration testers.
    Key Accountabilities
    • Implement SSDLC (Secure Software Development Life Cycle) across CEVA globally
    • Research and protect against typical threats, exploits
    • Develop and execute training session for CEVA’s development units to increase knowledge and awareness around SSDLC.
    • Overall responsibility over application and end to end security testing
    • Act as a subject matter expert for secure coding practices, security around new software products (both internally developed and off the shelf solutions implemented in CEVA).
    • Implement appropriate set of tools to support automation of application security as part of the development lifecycle, including: testing tools, code review technologies, (application) vulnerability management etc.
    • Act as the deputy for CEVA’s CISO for all other matters of Information Security, globally.
  • Requirements
    Experience / Skills
    • University degree in the field of computer science or Information Security,
    • CISSP, CISM or CISA certifications
    • OSCE or OSCP certifications  OR GPEN, GWAPT, GXPN certifications
    • 8-10 years of managing application security and/or development. In case of development background, at least 5 years dedicated to security within the development unit.
    • Past proven experience with implementing SSDLC.
    • Past experience in working with different development methodologies, including: Waterfall and Agile.
    • Past experience with implementing security within DevOps teams desired.
    • Hands on technical knowledge – capable of running application penetration testing with automated tools as well as manuals tests.
    • Experienced with typical application security vulnerabilities and threat modelling.
    • Programming languages/scripting - such as: Java, .NET, Java Script, Perl, Python, PowerShell, Linux Scripting (such as Bash).
    • Reasonable knowledge of DB Security (with emphasis on Oracle)
    • Proven past experience with security auditing/ review (for both technical and non-technical aspects)
    • Past experience with security code review
    • Past experience with developing and executing secure coding courses
    • Penetration testing and secure coding experience of mobile apps for IOS and Android.
    • Past experience with Openstack technologies
    • Knowledge of GDPR and/or other national or other international privacy regulations.
    • Fluent in English, both written and spoken
    • Strong presentation skills
    • Excellent interpersonal skills – capable to act as a team player and negotiate the value of security with internal and external senior executives.
    • Customer driven (for both internal and external customers).
    • Capable to efficiently manage both direct and indirect employees
    • Efficient management of budget.

Robin Barnby