Senior Software Cybersecurity Specialist [Technical Risk Assessment] @MMCTech Cluj-Napoca

Provide an
- depth cybersecurity analysis of commercial
-
- shelf software and cybersecurity practices to integrate
- based information systems in the organization, as a component of MMC technology onboarding process;

Provide
- depth security risk evaluation on information systems such as software applications, web browser extensions, opensource software, cloud service integration, and wide deployment of software tools. These security
- based evaluations will outline adherence to MMC information security policy, standards, and controls; and will include enumerations of risks and recommendations for actions or mitigations to reduce risk;

Identify of security concerns and the assessment of technical risks in software applications, web browser extensions and
- ins, opensource components, cloud service integration, and wide deployment of software tools.  

Engage with the service requesting team to understand the purpose of the software component and its requirements for deployment;

Review the context of the solution, software sourcing, analysis of vulnerabilities, deployment plans, to ensure alignment to Global Information Security requirements;

Work with technology teams, technology product owners, desktop engineering, application owners, security leaders, and business teams (stakeholders) to identify the information systems’ security capabilities, security gaps, configuration requirements and technical security implementation recommendations;

Perform a technical risk evaluation of the information systems, including
- depth technical security aspects, such as the current software vulnerabilities, severity of these vulnerabilities, malware detection, vendor’s security practices such as periodic software vulnerability testing and remediation, patching practices, the use of FIPS 140-2/3 for security requirements for cryptographic modules, and reverse engineering of object code and opensource code and SBOM;

Produce risk reports and documentation to enable information system’s stakeholders to understand outcomes of analysis, including technical security implementation recommendations, references to appropriate policies and standards and gaps in the solution capability;

Engage with service requesting teams to understand the purpose of the
- based information system under evaluation and its requirements for deployment;

Review the software’s security capabilities, address potential security and deployment plans and against applicable security standards and controls to ensure alignment to Global Information Security requirements;

Participate in larger technology reviews with multiple workstreams and project stakeholders, ensuring the timeliness and quality of the desktop software security review;

Produce reports and documentation to enable security and technology team members to understand outcomes of security analysis, including references to appropriate policies and standards and gaps in the solution capability;

Ensuring a timely completion of desktop software assessments. Assess various projects simultaneously by managing the expectation of multiple stakeholders with competing priorities;

Collaborate with other Technical Risk Assessment team and technology implementation teams within MMC in the creation and improvement of security implementation guidelines and standards, ensuring alignment to policy;

Advise the global security team on best practices and standards around application security and tools with main focus on comprehensive software security and risk reporting, and with the ultimate goal of enabling application teams to integrate desktop software securely;

Through training, and collaboration with other technology teams, the Senior specialist, software security will acquire the knowledge, further expertise, and update information and practices to maintaining an excellent level of performance demanded by pervasive security threats and evolving security practices.

An opportunity to work in a
- growing, innovative company with lots of room for progression and career growth

A
- friendly environment that encourages learning and initiative;

A yearly budget and the opportunity to build your flexible benefits package (up to 20% of your annual salary)

30+ days off (25 legal days off, 1 extra day off on your birthday, public holiday replacement days, extra buy/sell from your benefits budget)

Performance Bonus scheme

Matching charity contributions, charity days off, and the Pay it Forward charity challenge

Core benefits - Pension, Life and Medical Insurance, Meal Vouchers, Travel Insurance

We champion flexible working, and our mission is to help you find YOUR
- life balance, whether that's standard working,
- time working, or working from home

Bachelor’s degree in IT/Computer Science, or equivalent experience;

5+ years of working experience in IT security;

3+ years working on software vulnerability assessments;

Strong knowledge of computer operation systems, software engineering, and software assessment practices;

In-depth knowledge in software testing, SDLC, information security, technical risk evaluation;

Experience in software/application analysis tools, such as fuzzers, static code analysis, opensource software composition analysis (SCA);

Solid understanding of software vulnerability scoring, cryptography, and the FIPS 140-2/3 standards;

Effective communication skills to all levels of the organization & external contacts;

Excellent verbal and written communication skills in Romanian and English;

Experience coding/scripting with common languages such as Java Script, Python & Perl is preferred;

Solid technical knowledge of information security concepts, such as authentication, access control, network security;

Deep understanding of identity and access management (IAM) technologies and standards ─inclusive of cloud identity platforms & Microsoft AD─ encryption, networking, firewalls, web applications,
- premises, and cloud application hosting environments.

Reverse software engineering experience;

Must be a
- starter, work with limited supervision & be able to work well with others in a globally diverse IT environment;

CISSP and/or CSSLP certification or other Information Security oriented certifications;