DevSecOps | Application Security Specialist
Did you know that about 10% of all insurance payouts are flowing directly into the pockets of fraudsters? The future of insurance starts with Decisions Made Better.
Shift Technology harnesses the power of AI to enable the world’s leading insurance organizations to make better decisions. Our products automate and optimize decisions from underwriting to claims, resulting in increased operational efficiency, reduced costs, and superior customer experiences for millions of people around the globe.
Our culture is built on innovation, trust, and a drive to transform the insurance industry by imagining and innovating solutions that impact insurers and their customers - like you! We come from more than 40 different countries and cultures and together we are creating the future of insurance.
The security team is a critical component of Shift Technology as no organization is immune to cyber-crime. The team is responsible for protecting information throughout the security infrastructure, edge devices, networks, and data. We strive to stay up to date with the latest tactics hackers are employing in the field in order to prevent data breaches by monitoring and reacting to attacks but the first step is finding the most qualified professionals to lead the way.
Please not this role will be based either in France, Spain, England or Germany.
What you'll do...
As a Sr. Application Security Specialist within Shift, you will own, maintain and promote the security tools of the CI/CD pipeline, continuously test (manually and automatically), and monitor software security from design to production and supervise part of the SOC while handling security incidents too. You’ll join a team and a company where you can own and drive, and progress your career to the next level. As part of the information security department, this role reports to the CISO.
- Working with data scientists and software development teams to ensure technical security standards and architectures are well understood and best practices are followed so the software is developed with Security and Privacy by Design and by Default in mind.
- Support, share your expertise and advise the DS and Software development team with the proper security practices, act as a mentor
- Raise the awareness of our developers about security best practices
- Automation of security testing (SAST, DAST, SCA, Vulnerability management, threat modelling, etc.) and acquaintance with relevant tooling eg. ThreadFix, DefectDojo, Veracode, ZAP, Burp, Bug Bounty, etc.
- Interest in Data Science and Engineering and ML Security on Azure and AWS.
- Membership of Application Security Chapters helping define technical policies and guidelines for security relating to software development and championing these through the organisation.
- Working with engineering leads on identified security risks and software vulnerabilities.
- Operate a software vulnerability management program.
- Occasional security auditing of software developed by the company and its partners.
- Oversee security managed services and outsourced security capabilities
- Create, maintain, and execute appropriate incident response processes to enable timely escalation, containment, and recovery of cyber security events
- Work with other teams to identify recurring patterns and propose strategic actions to reduce risk
- Provide clear, concise, and easily consumable communication with key technical and non-technical stakeholders so that incidents are understood and appropriately addressed
- Ensure accurate and clear communication with all stakeholders
- Provide appropriate KPIs and KRIs to key stakeholders
- Technical liaison with third parties on application security related discussions related to security.
SKILLS & BACKGROUND
- 3 years experience with a degree in Computer Science, IT, Systems Engineering or a related qualification.
- Familiarity with applicable standards, methods, models, and approaches (OWASP, CWEs, etc.).
- Knowledge of common development language frameworks C#, .NET, Python is crucial while others are a plus.
- At least one scripting language knowledge (Python, Ruby, Rust, etc.).
- Strong knowledge of API and Web Apps security.
- Collaboration - Engagement with the tech teams and other stakeholders, especially in a remote setting.
- Good understanding of software security principles and top 10s.
- Excellent communication skills; comfortable to represent the cyber security team at all levels of the organisation, and with partners and vendors.
- Good awareness of cybersecurity trends.
- Strong attention to detail, a can do attitude, and an analytical mind and outstanding problem solving.
- HR Screening
- Security team interview
- Technical interview
- CISO interview
- CTO interview
To support our employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight:
- Flexible remote and hybrid working options
- Competitive Salary and a variable component tied to personal and company performance
- Company equity
- Focus Fridays, a half-day each month to focus on learning and personal growth
- Generous PTO and paid holidays
- Mental health benefits
- 2 MAD Days per year (Make A Difference Days for paid volunteering)
Additional benefits may be offered by country - ask your recruiter for more information.
At Shift we strive to be a diverse and inclusive workforce. We hire and trust people without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.
Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email email@example.com and we will work with you to meet your accessibility needs.
Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.