We are looking for two strong Application Security Leads to strengthen our Canon EMEA Information Security Department (EISD). These roles will be responsible for ensuring that our projects and applications are held to a high standard of security, by performing security reviews and assessments, providing education and guidance for the implementation of security controls, and by being a security thought leader for our IT initiatives.
What we give
With Canon, you'll get the support and encouragement you need to grow, from people who share your ambition. We'll invest in your professional development to help you learn and progress in your role with us. You'll find leaders who give you the freedom to explore new things and a team where knowledge is shared openly.
At Canon we have a clear vision: to be committed to creating a more inclusive and equitable culture where employees are valued and can thrive personally and professionally.
Canon also has a strong commitment to sustainability, encompassed by our Kyosei philosophy of living and working together for the common good, focused on reducing our environmental impact and creating opportunities to make positive social contribution.
As an Application Security Lead you will:
1. Work closely with the business and IT stakeholders, and in close cooperation with all the functions in the Canon EMEA Information Security Department (EISD).
2. Act as the security representative within project streams for new and upcoming initiatives.
3. Conduct security architecture and design reviews.
4. Translate security policies into security requirements for new and existing projects.
5. Support project and development teams with relevant security knowledge.
6. Assist with the implementation of security design principles.
7. Guide development and project teams in the remediation of identified security deficiencies.
8. Support the planning and execution of application pentests, and the follow-up of remediation measures.
9. Recommend and assist in the implementation of security controls in the SDLC of supported applications.
What we ask
We are looking for the following in our future colleagues:
10. Significant working experience in a technical capacity in a Security or IT department, preferably across multiple security domains.
11. Demonstrable experience in performing security assessments and security design reviews.
12. In-depth security knowledge of computer networks, infrastructure, and cloud platforms, mainly Azure and AWS.
13. Experience in software development and Application Security.
14. Knowledge and expertise in secure software development lifecycle (SSDLC) is highly desirable.
15. Ability to understand, follow up and progress mitigation activities for security auditing reports, penetration testing reports and/or configuration reviews.
16. Good stakeholder management and communication skills.
17. Experience working in large international organizations and in handling large enterprise projects is a plus.
18. Attention to detail.
19. Skilled at working independently and collaboratively in a cross-functional environment.
20. A continuous learning mindset, to stay up to date with the latest developments in the industry.
21. Degrees and certifications are welcome, but are not required.
Knowledge in one or more of the following are highly desirable:
22. Secure Architecture and Design principles
23. Pentesting tools and techniques, and experience in performing pentests
24. Threat Modelling
25. Secure coding for common languages and platforms
26. Security frameworks, such as OWASP, NIST CSF, CIS etc.
27. Understanding of EU and international compliance requirements, such as GDPR, PCI-DSS, NIS2 etc.
28. Containers and serverless technologies
You will need
Competencies
29. Confident
30. Problem Solving
31. Team player
32. Self-starter
33. Apply Business Acumen
34. Focus on the Customer
35. Take Ownership and Accountability