Security Manager

Position Title: Security Manager

Location: Strasbourg, France

Duration: 12 Months

Languages: English

Hybrid (60% onsite & 40% remote)

Job Description:

·        Work closely with software development teams or contractors to ensure secure coding practices are followed throughout the software development lifecycle (SDLC).

·        Review code for vulnerabilities and recommend secure coding standards.

·        Conduct security risk assessments on new and existing applications, focusing on potential threats and weaknesses.

·        Support DevSecOps practices by integrating security into CI/CD pipelines.

·        Support in integrating the security tools in the CI/CD pipelines.

·        Ensure compliance with relevant industry standards and regulations (e.g., EU DPR, ISO 27001, NIST).

·        Collaborate on security documentation, including policies, procedures, and risk assessments.

·        Educate and train staff on secure development and security best practices.

Requirements:

·        Possess at least a High School diploma

·        At least 7 years of experience in dealing with ICT security issues.

·        Demonstrated experience in conducting comprehensive security assessments of ICT projects and systems, utilizing standards such as ISO 15408 and ISO 2700x or equivalent.

·        Ability to collaborate with multidisciplinary project teams to ensure consistent application of security policies, measures, and standards across all technology initiatives, systems, and services, both on-premises and in the cloud.

·        Experience partnering with developers to integrate security checkpoints throughout the Software Development Lifecycle SDLC), following industry-accepted standards such as NIST SP 800-115 and/or ISO security guidelines.

·        Proficiency in performing System Security Risk Assessments.

·        Expertise in preparing and submitting security-related documentation, including vulnerability assessments.

·        Capability to develop secure coding practices in alignment with organizational strategy and security framework.

·        Experience in supporting DevSecOps practices by embedding security within CI/CD pipelines, performing code reviews for vulnerabilities, and recommending secure coding standards.

·        Skill in educating and training staff on secure development methodologies and best practices in security.