You will be the main subject matter expert on application security, SDLC and penetration testing within the EMEA Information Security Department of Canon. You will lead all application security related projects, designs and testing throughout the various IT services life cycle, you will also be responsible for implementation of SDLC, training and assisting other members of IT, development companies and Canon's strategic partners in the field of application security
Would you like to become a part of a crack security team? Work alongside other multinational security experts in order to tackle modern security threats? Well look no further as you've found the team you've been looking for! Canon Europe's application security team is looking for the Application Security Lead.
You will be the main subject matter expert on application security, SDLC and penetration testing within the EMEA Information Security Department of Canon. You will lead all application security related projects, designs and testing throughout the various IT services life cycle, you will also be responsible for implementation of SDLC, training and assisting other members of IT, development companies and Canon's strategic partners in the field of application security and will act on behalf of Canon EMEA in professional forums to further progress Canon as a thought leader in the field of Information Security.
You will also be responsible to manage all security testing of Canon's own products within the region, as well as advise Canon Inc. on security within new developed services and solutions.
- Assume overall responsibility for application security management within Canon EMEA including: SDLC implementation, penetration testing ("ethical hacking"), product security testing, DevOps security support.
- Translate security policies into risk controls for new and existing projects.
- Manage and develop further all application security toolsets, including: penetration testing tools, automated security solutions, code review solutions etc.
- Advise Canon Inc. on the security of new (software) services and solutions.
- Support developers and project managers to assist with improving existing anManage the technical security auditing process within Canon's internal IT transformation program as well as Canon's B2C program and ensure auditing follow up and mitigation actionsd new solutions in terms of application security.
- Keep abreast of current industry security solutions and trends and be able to apply to business and IT issues
- Improve the level of security understanding and practices in the relevant areas of Canon and our 3rd parties
Participate in other regular activities of the EISD including: technical and non technical audits, change management, incident management, policy maintenance and adherence.
- Be visible in the information security industry, by participating in industry vents, driving Canon's vision to be a thought leader in information security
- Manage the security audit budget.
What We Ask:
We need people who can achieve the exceptional by working collaboratively, who have the courage to risk new ways of doing things and the ability to see the world the way their customers see it. We're looking for creative problem-solvers like you, someone who can ensure Canon stays ahead in an ever-changing world.
- experience in a technical capacity in an information security, IT security or corporate security departments (specialising in IT Security) with at least 3 years in security auditing of software and/or penetration testing.
- Strong technical background (with preference to software development)
- Ability to gain new knowledge in a non-structured way (self-tutoring)
- Presentation Testing training skills, the ability to translate technical and security "Jargon" to business and non-technical terms.
- Proven experience in executing configuration reviews, penetration tests and web application security tests, as well as to follow up tests performed by others and conduct audit response management. Strong "hands on" capability is a must.
- Able to work under pressure meeting strict deadlines.
- Team player.
- Fluent English, both written and spoken.
- Eligibility to work in the Netherlands.
Specific security & IT skills:
Knowledge of and experience with:
- Low level network protocols as can be found in an enterprise environment from protocol debugging to high level design
- Programming languages/scripting
- Mobile security
- Antimalware technologies and antimalware response
- Reasonable knowledge of DB Security (with emphasis on Oracle)
- Reasonable knowledge of various security aspects of ERP systems (Oracle EBS, SAP, Siebel
- Reasonable knowledge of SFDC CRM
- Good knowledge of security of Agile/DevOps environments as well as Waterfall based development.
- Proven past experience with security auditing/ review (for both technical and non-technical aspects)
Relevant university degree and/or relevant certification in the field of information security (CISSP, CISM, GIAC, OSCP).
- IT Security
- Cyber Security
- Penetration testing
- Application Lead