Application Security Engineer

Lyreco is looking for an experienced Application Security Engineer to join our cybersecurity team. You will be responsible for integrating security practices into CI/CD pipelines and ensuring code security at every stage of development. You will collaborate with DevOps and development teams to strengthen the security posture of Lyreco digital landscape.

Are you excited for your new career adventure?  
At Lyreco, we offer more than just a job, but a career! Our IT Team is looking for a talented and ambitious new Application Security Expert to join our team in HQ in Gdansk.

Lyreco is the European leader and the third largest distributor of workplace products and services in the world.  A privately owned company since 1926, Lyreco has constantly adapted to the evolutions of workplace thanks to its focus on excellence in customer experience, strong partnerships with renowned suppliers, and efficient logistics.  

 
With more than 12,000 employees, Lyreco directly operates in 25 countries in Europe and Asia and covers 17 additional markets on 4 continents through a network of distribution partners.   

Lyreco cares about People. 

We are committed to delivering a A Great Working Day for both customers and employees.  
This means that at Lyreco, we actively cultivate talent and make sure that all our employees get to have a A Great Working Day. To make sure we continuously develop our employees, we upskill our people and offer internal mobility when hiring for an open position - The sky is the limit at Lyreco!  

At Lyreco, we value Excellence, Passion, Respect and Agility. We know that people are at the heart of everything we do, therefore at Lyreco we do our best to support our employees wherever they work, whatever their mission, with the best possible work experience to achieve employee excellence. 

Responsibilities:

• Secure the development cycle (SDLC): Integrate SAST/DAST tools and automate security within CI/CD pipelines.

• Code review: Analyze source code to identify and fix vulnerabilities.

• Implement security controls: Ensure relevant security controls (like authentication, access control, data encryption, etc.) are implemented in Lyreco applications.

• Support developers: Promote secure coding best practices (Advisories, CTF, bug bounty programs, etc.).

• Compliance and security assessment: Ensure applications security compliance with industry standards (ISO 2700X, OWASP, etc.) best practices and Lyreco internal guidelines, participate in security assessment, penetration tests, and support resolving issues after risk assessment.

• Vulnerability management: Assess, fix, and monitor application security risks.

• Configure security tools: Select, implement, manage and continuously develop security solutions such as WAF, SIEM, etc.

• Continuous monitoring and alerting applications thread landscape and propose relevant countermeasures.

Required Skills:

• CI/CD and application security tools: Jenkins, GitLab CI, GitHub Actions, SAST (SonarQube, Checkmarx), DAST (OWASP ZAP, Burp Suite), IAST, RASP, WAF, securing APIs and microservices.

• Secure coding: Mastery of secure coding practices (OWASP, CWE/SANS) and web frameworks (JS, SOAP, JSON, etc.), code review (Sonarqube, Checkmarx, Fortify), secrets management (Hashicorp Vault, Azure Key Vault), and certificate management.

• Cloud Security: Experience with cloud security such as Azure, GCP, AWS.

• Container Security: Experience with Docker, Kubernetes, and container scanning tools (Trivy, Clair).

• Automation: Scripting (Python, Bash) and infrastructure-as-code (Terraform, Ansible).

• Vulnerability management: Deep understanding of application related vulnerabilities (XSS, CSRF, LFI, etc.) and remediation methods, familiarity with CVSS.

• Collaboration: Ability to work closely with DevOps and development teams and communicate effectively.

• Certifications: OSCP, OSE, OSWE, GIAC Advanced, CSSLP, CEH, AWS Certified Security is a plus.

Reasons to join LYRECO

• A full- time job in a dynamic, passionate, international team

• Annual bonus, based on individual objectives.

• Competitive salary

• Hybrid work model (twice a week)

If the above job description interests you and you think you are a good fit, apply now! (CV in English) We look forward to receiving your application. 

#LI-Hybrid

#LI-CC1

#managementPL