Principal Technical Security Expert – Applications and Development
Wroclaw, Poland
AXA XL has an exciting opportunity for a Principal Technical Security Expert, who will be responsible for embedding security (people, processes, and technology) within AXA XL’s application and development teams.
You will be required to work with projects and operational teams to develop an appropriate security strategy, architecture and practices that will be embedded into our cloud and identity solutions, securing appropriately our IT platforms and solutions.
DISCOVER your opportunity
The successful candidate will have a track record associated with technical security consulting / security architecture with knowledge of secure application development and testing:
Provide thought leadership across Group Technology regarding the design and implementation of secure development techniques and testing mechanisms Manage and influence key stakeholders (capability owners) to provide input and support initiatives related to application development and testing improvements and enhancements Drive the development and enhancement of the secure development across the AXA XL IT estate Challenge the application testing status quo to enable the application lifecycle to be secure but also meet the needs of the business Take input from key stakeholder to develop and maintain the secure development and testing roadmap Be the global security expert / owner, for large-scale complex projects that are related to the development of new applications Managing the input from multiple architectures, engineers, and operations personnel to secure development and testing artefacts Drive the development of the security control environment for the AXA XL secure development and testing utilized by AXA XL Lead the security remediation projects technically related to the application development and testing Represent AXA XL to other AXA Group and other entities in the field of application development and testing Be able to demonstrate how proposed designs comply to AXA XL security policies and AXA Group Security standards Responsible for taking security architecture designs through AXA XL’s governance processes Development and continuous evolution of our security target architecture and roadmaps based on sound enterprise architecture practices Working with Global Technology, Information Security, Data Protection Office and IRM teams to align the cloud and identity security control environment Work with Project Managers and other stake holders to produce agreed sets of deliverables, work to project plans and report progress.
Provide input to planning, forecasting process and RAID logs where required. Review security technologies, tools, and services, and make recommendations to the broader security and development teams for their use, based on security, financial, and operational metrics You will report within the AXA XL Cyber Defense Team, that is part of the AXA XL IT team.
SHARE your talent
We’re looking for someone who has these abilities and skills:
Previous experience in either application development or application security testing Experience embedding security into development pipelines Experience of creating secure development process and governance; implemting those structures within development pipelines to secure the design, coding and testing of applications Knowledge of industry standards such as ISO 27001, HIPAA, FedRAMP, Cloud Security Alliance, NIST frameworks and risk methodologies Experience with developing security architecture within frameworks such as SABSA Understanding of threat landscapes and threat modeling, security threat and vulnerability management, and security monitoring Awareness of tools and techniques used by attackers to compromise applications, including common application and the flaws and vulnerabilities that make them insecure Experience working in a consulting (internal or external) type of role Working knowledge of design principles relating to DLP, IDS/ IPS, Firewalls, Proxies, Identity Access Management, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management. Experience in working with the Solutions and Technical Architects to ensure solutions designs include the appropriate security guardrails to reduce risk and protect sensitive internal and external client information. Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences Experience in taking ownership of tasks and demonstrate high degree of automony to ensure completion Personable and foster good stakeholder and peer group working relationships Experience in driving and supporting RFP/RFIs & SOWs, including managing suppliers Recognised Cyber Security certifications, such as CISSP, CIISEC (member of fellow), CISM, SANS, SABSA, OSCP are advantageous FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks.
For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.
How?
By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Inclusion & Diversity