DevSecOps

Cronos Europa

We are currently looking for a "DevSecOps" to strengthen the Cronos Europa team.Mission:

Contribute to the design of the overall application security.
Define security requirements and derive technical actions targeting the application components and code base.
Draft documentation such as architecture design descriptions, assessment reports and configuration.
Take an active part in developing and improving application security
Vulnerability assessment (SAST and DAST) and definition of corrective actions. Categorize incidents and vulnerabilities based on relevance, exposure, and impact. Understanding of risk assessment.

Technical skills :

Excellent knowledge of application security. Experience in the security aspects of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorization, secrets management, application security testing).
Overall experience in the security domain.
Experience in penetration testing and ethical hacking.
Cloud skills are considered a strong asset.
Automation skills to optimize and understand DevSecOps pipelines.
Java and Python development skills.
Flask, Spring Framework, Spring Boot technical skills.

Profile :

English at a professional level (communication is mainly in English)
· Min 5 years' experience in the development
Bachelor's degree in IT minimum.
Good understanding of 3rd-party dependency security assessment (libraries, container and VM images).
Rapid self-starting capability and experience in team working.
Ability to participate in multi-lingual meetings, ease of communication.
Experience with the ISO 27000 family of standards or equivalent security standards, implementation, and knowledge of ITSRM2 are a plus.
Experience with secure IT development patterns.
Experience with security testing tools (i.e.: Fortify, Burp Suite, OWASP Dependency-Check, or equivalents) and web site vulnerability scans.
Knowledge of OWASP
Knowledge of the Agile methodology.
Excellent interpersonal and communication skills. Good redaction skills, experience in preparation of written reports.
Capability of integration in an international/multicultural environment.
The following certifications are considered an asset:
Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM),
Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or equivalent,
Any other information security certification

Why Cronos Group? We'll propose you:

An attractive salary package with or without car.
A good work-life balance environment.
The assurance of working with cutting-edge technologies with an intrapreneurial spirit
The opportunity to develop your skills thanks to tailor-made training courses according to your needs.
A good job in a friendly place.

If you wish to integrate a dynamic structure on a human scale while working with the latest technologies, don't wait anymore and join Cronos!