Requirements: English, Ukrainian
Company: Xenoss
Region: Wrocaw , Lower Silesian Voivodeship
Introduction:
TheHeadofSecurity(Application CloudSecurity)isresponsible for designing, implementing, and managing thesecurity strategy for the TGCSs applications, cloud environments, and DevSecOps processes. This role focuses onsecuring software development and cloud infrastructure and ensuring compliance with industrysecurityframeworks. The ideal candidate will leadsecurityinitiatives, partner with engineering teams including our Toshiba Security Governance inJapan, and establish robustsecuritycontrols tosafeguard applications, data, and cloud-based assets from threats.
Key Responsibilities
SecurityStrategy Leadership
- Define and execute theapplication and cloudsecuritystrategy, aligning with business and SaaS objectives.
- Lead theApplicationSecurity(AppSec) and CloudSecurityteams, ensuring best-in-classsecuritypractices.
- Drive asecurity-first cultureacross development and infrastructure teams.
- Provide executive leadership with regularsecurityupdates, risk assessments, and mitigation plans.
- Evaluate and implementmodernsecuritytools and technologiestoenhancesecurityposture.
ApplicationSecurityDevSecOps
- Integratesecurityinto the software development lifecycle (SDLC), enabling secure-by-design development.
- Implement and manageSAST, DAST, and SCA toolsfor automatedsecuritytesting.
- Definesecure coding standardsand provide guidance todevelopment teams.
- Work closely withDevOps teamstoimplementDevSecOps practices, automatingsecuritywithin CI/CDpipelines.
- Lead threat modeling exercises and penetration testing toidentify vulnerabilities inapplications.
CloudSecurityInfrastructure Protection
- Design and enforcesecuritybest practicesfor multi-cloud and hybrid cloud environments (AWS, Azure, GCP).
- Implementcloudsecurityposture management (CSPM) solutionstomonitor and secure cloud configurations.
- Ensureidentity and access management (IAM) policies, encryption, and zero-trust principles are followed.
- Monitor and respond tocloudsecurityincidents, working closely withIT and SOCteams.
- Lead compliance efforts forISO 27001, SOC 2, NIST, GDPR, and other cloudsecurityframeworks.
Threat Detection, Incident Response Risk Management
- Overseesecuritymonitoring, log analysis, and threat intelligencefor cloud and application environments.
- ImplementSIEM, XDR, and SOAR solutionsfor real-timesecurityevent detection and response.
- Defineincident response playbooksfor cloud and applicationsecuritythreats.
- Conductregularsecurityaudits, red teaming, and penetration testingtoidentify and mitigate risks.
Compliance, Governance SecurityAwareness
- Ensure compliance with industrysecuritystandards (NIST, OWASP, CSA, ISO 27001, SOC 2, GDPR, CCPA).
- Leadcloudsecurityrisk assessments, ensuring vendors and third parties meetsecurityrequirements.
- Develop and enforcesecuritypolicies, training programs, and awareness campaigns.
- Partner with legal and compliance teams to ensure data protection and privacy regulations are met.
Qualifications Experience
- Bachelors orMasters degreeinCybersecurity, Computer Science, orrelated field.
- 10+years ofexperienceinapplicationsecurity, cloudsecurity, orcybersecurityleadershiproles.
- Expertise insecuringAzure, GCP, AWS and Kubernetes environments.
- Strong background inDevSecOps, CI/CDsecurity, and softwaresecurityprinciples.
- Hands-on experience withSAST, DAST, SCA, CSPM, and SIEMtools.
- Deep knowledge ofcloudsecurityframeworks (CIS Benchmarks, CSA, NIST, OWASP Cloud-NativeSecurity).
- Strong understanding ofidentity and access management (IAM), zero trust, and containersecurity.
Preferred Certifications
- CISSP(Certified Information SystemsSecurityProfessional)
- CCSP(Certified CloudSecurityProfessional)
- OSCP(OffensiveSecurityCertified Professional)
- CISM(Certified InformationSecurityManager)
Azure CertifiedSecurity Specialty, Google CloudSecurityEngineer, orAWSSecurityEngineer
Introduction:
TheHeadofSecurity(Application CloudSecurity)isresponsible for designing, implementing, and managing thesecurity strategy for t