UN Security Engineer

Manpower Group, in collaboration with F2A, part of the SD Worx group, is looking for a UN Security Engineer (m / f / x)to join the Milan office.

We are looking for an Application Security Specialist to support us in building a best in class application security program from our SD Worx Italy (F2A) headquarters in Milano.

The function is open for people from diverse professional background (e.g. development / test / consulting experience) and we are willing to adapt and further grow the function based on the experience and interests of the candidate.

You will be working on the following major activities :

• Assessment and improvement of the maturity of development teams in the use of pentesting, bug bounty, threat modeling architecture reviews, and optionally code review
• Guiding and assisting product development teams in building increasingly secure applications and in improving the security of current products
• Contributing to security by design & by default and converting this into a continuous improvement process by focusing on awareness
• Following up on secure product development practices and trends and provide suggestions to further improve our secure development processes
• Assisting in defining standards for security application development lifecycle
• Improving automated security testing through various methods and tools

Relevant topics : AppSec, IT Security, SDLC, Agile, DevOps, Penetration testing, Pentest, Security Breach, Ethical hacker, Threat Modeling, OWASP, Application Security, Web Application Testing, Security Testing Automation, TLS, Veracode, SAST, DAST, API, Bug bounty, vulnerability management

• At least 3+ years of experience in software engineering
• Previous coding experience in at least one language
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• You are familiar with the foundations of secure development and application security (AppSec / DevSecOps) concepts and practices and you are curious to learn more in this fast changing field
• You are confident in coaching your fellow software engineers
• Experience in preventing and mitigating application security vulnerabilities, and more specifically with concepts such as OWASP Top 10 and CWE Top 25
• Penetration testing and bug bounty experience is beneficial but not required

Personal Competences :

• Fast learner that is not afraid to continuously learn new skills and adapt to a fast changing environment
• You are a team player that is interested in working with product developers or product owners to improve their application security skills
• You take initiative and like to get things done
• You are able to take a pragmatic approach in order to come up with solutions which are simple and feasible while keeping the end user in mind
• Good English and Italian language skills

On site or remote working