Senior Security Expert
Wrocław, PL
msg global solutions
msg global solutions is a systems integrator, software development partner and managed services provider focused on SAP solutions.What you will do
As a Senior Security Expert, you will play an essential role in ensuring the security of our multi-tenant cloud product. You will focus on product security, work proactively with DevOps Engineers, Developers, QA Engineers, System Analysts, and Project Managers to integrate robust security measures, and ensure a secure product lifecycle. Your role will involve hands-on security assessments, implementing automated security tools, and representing product security both within the organization and externally.
Key Responsibilities:
- Threat Modeling, Risk Assessment, and Security Requirements:
- Conduct threat modeling and risk assessments to identify and prioritize vulnerabilities in our multi-tenant cloud environment as well as set security requirements from the start of the development lifecycle.
- Security Testing and Vulnerability Management:
- Lead static (SAST) and dynamic (DAST) application security testing, as well as SAP-initiated validations like penetration tests to ensure vulnerabilities are remediated prior to deployment.
- Oversee the integration and maintenance of security tools (e.g., Mend, Checkmarx) in CI/CD pipelines, manage ticket processing for vulnerabilities and drive continuous automation in security testing.
- Integration of Security in the Development Lifecycle (SDLC):
- Embed security throughout the SDLC, enforce secure coding standards and collaborate with DevSecOps to integrate automated security checks.
- Drive the setup and integration of additional security checks (e.g., Docker binary scans) within development pipelines to ensure comprehensive product security.
- Identity and Access Management (IAM):
- Implement identity and access management (IAM) policies, enforce least privilege principles, and manage role-based access control (RBAC) with DevOps to secure multi-tenant environments.
- Security Policy Development and Enforcement:
- Develop, document, and enforce security policies and standards, while integrating best practices across the product lifecycle.
- Regularly review and adjust policies to align with the latest security threats and industry as well as SAP standards.
- External Representation and Product Security Advocacy:
- Represent product security in interactions with SAP and external stakeholders, while leveraging expertise in cloud security to address challenges and drive innovation, including initiatives like Zero Trust Architecture.
- Develop an in-depth understanding of the product’s architecture and infrastructure to provide comprehensive security insights.
- Conduct regular security training for development and operations teams, promoting secure coding and a security-first culture.
- Keep teams updated on emerging threats, vulnerabilities, and best practices.
What we are looking for
Requirements
- Minimum 7 years of proven experience in cloud product security, ideally with exposure to SAP BTP or similar platforms.
- Strong technical expertise in security assessments, penetration testing, threat modeling, and managing product security response processes.
- Hands-on experience with security scanning tools (e.g Mend, Checkmarx) along with SAST/DAST testing capabilities and familiarity with Docker and binary scanning tools.
- Knowledge of security frameworks (like OWASP).
- Demonstrated ability to lead initiatives and drive continuous security improvements in a collaborative environment.
- Strong communication and collaboration skills to work effectively with DevOps, DevSecOps, compliance as well as engineering teams.
- A proactive, hands-on approach to security with the ability to advocate for security best practices at all levels.
- Fluency in English, written and spoken.
What we offer
- A place where individuals are equally valued and where diversity and cultural differences are cherished.
- A global team of highly respected SAP and industry experts where you can make a difference.
- Competitive salaries and a broad range of benefits (Company Bike, Employee Wellbeing Benefits, New Office Space...)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Checkmarx CI/CD Cloud Compliance DAST DevOps DevSecOps Docker IAM OWASP Pentesting Product security Risk assessment SAP SAST SDLC Security assessment Vulnerabilities Vulnerability management Zero Trust
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.