DevSecOps / AppSec Information Security Engineer
Wrocław, Lower Silesian Voivodeship, Poland
Applications have closed
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft.
In 2014 Ryanair decided to open the first state-of-the-art digital & IT innovation hub - Ryanair Labs Wrocław. More than 200 IT enthusiasts working on 30+ projects with a collaboration with Dublin, Madrid and Portugal Labs are making your travel experience unique. As a result of our continued expansion, we want to hear from the best IT experts the European market has to offer to join our Labs.
The Role
We are looking for an Information Security Engineer, comfortable in working with minimal supervision. Will perform security architecture reviews of new and existing platforms. Partner with business units, departments providing input on security standard methodologies throughout project-lifecycles. Contribute to the Security program by performing reviews and security audits. Talk confidently about our Cyber Security program, and help integrate our business needs with our Cyber Security needs. The SecDevOps Engineer provides operational & security expertise in executing technology strategies implementing secure software development measures into CI/CD pipelines and collaborating with dev teams to apply a shift-left security strategy in the development lifecycle.
Responsibilities:
- Contributing features to internally developed Cybersecurity tools and integrating those tools into the DevOps pipelines
- Oversee development lifecycles and analyze security information related
- Driving continuous improvement to the DevOps pipelines and processes and the Cybersecurity tools, services, and processes
- Performing technology research from a security context for strategic, tactical, and operational business needs and deliver research results to internal stakeholders
- Research appropriate security testing tools
- Whitebox code review of these products, applications, and integrations where appropriate
- Blackbox review of products, applications, and integrations where appropriate
- Aligns security deliverables with legal, regulatory and contractual requirements that conform with security framework and standards such as NIST SP 800-53 rev 4, ISO/IEC 27000 series, OWASP Top 10, SANS Top 20, CIS Top 20.
Requirements
- Experience working with Cloud in a security-enabled environment
- Strong experience with AWS is required
- Proven ability to work independently, collaboratively as part of a global team and deliver to multiple deployment schedules
- Proven experience with Web Application Security Testing, Code Reviews, Vulnerability Assessment, Penetration Testing & Generating Reports
- Experience with (NIST, PCI) security controls, governance & risk management protocols
- Relevant experience with application security, secure software development, and building security into software development workstreams
- Demonstrated proficiency in preparing high-quality documentation and presentation skills
Benefits
The work that you do will be seen by the millions of customers across Europe!
Our offer:
- Contract of employment (permanent after trial period) with possibility of hybrid home office
- Flight tickets discounts from day one!
- Multisport card
- Private health care
- Insurance
- Referral system
- Office located in the city center with a view for an Old Market Square
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS CI/CD Cloud DevOps DevSecOps Governance NIST NIST 800-53 OWASP Pentesting Risk management SANS Security strategy Strategy
Perks/benefits: Health care
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.