For over 80 years, GfK has been a reliable and trusted insight partner for the world’s biggest companies and leading brands who make a difference in every consumer’s life - and we will continue to build on this. We connect data, science and innovative digital research solutions to provide answers for key business questions around consumers, markets, brands and media. With our headquarters in Germany and a presence in around 60 countries worldwide, you benefit from our global company with a diverse community of ~9,000 employees.
Harnessing the power of our workforce, the greatest asset we have is our people. As part of GfK, you can take your future into your own hands. We value talent, skills and responsibility and support your development within our international teams. We are proud of our heritage and our future: Currently we are in the latter stages of a transformational journey from a traditional market research company to a trusted provider of prescriptive data analytics powered by innovative technology. This is only possible with extraordinary people and this is why we are looking for YOU to help create our future. For our employees as well as for our clients we pursue one goal: Growth from Knowledge!
- Work with Engineering squads (Developers, SREs & QAs) to ensure that projects are secure on delivery
- Provide KPIs/metrics to ensure testing coverage and vulnerabilities are remediated within agreed SLAs
- Integrate security tools into the SDLC
- Build/maintain/support security testing tools
- Manually validate findings from security scans to eliminate false positives
- Work in a fast-paced environment to identify and assist troubleshooting of vulnerabilities identified during application vulnerability scans
- Explain risk and criticality of identified vulnerabilities to business owners/technical teams and advise on remediation activities, including attending development/engineering stand-ups
- Work with business application owners/technical engineering teams on remediation plans and provide assistance to the teams on what to fix and how to fix it
- Perform threat modelling on web applications, public cloud environments and containers
- Support security incidents involving Cloud environments and web services
- Assist with management and tuning of the Web Application Firewall (WAF)
- Assist maintaining a CMDB of web applications and performing risk assessments of the applications
- Contribute to the application security framework
- Part of the Security Community of Practice (CoP)
- Run static scans/perform code/third-party library reviews to identify security weaknesses
- Conduct risk assessments of web applications
- Take ownership of additional duties as required
Skills & Experience Required
- Be able to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism
- Have the ability and desire to quickly learn new technologies
- Excellent communication skills and ability to work with global counterparts
- Ability to work in a fast-paced environment
- Promote DevSecOps, leading by example to change existing systems and practices for the better
- Good troubleshooting skills
- Forward looking approach to addressing existing & upcoming security challenges
- A good understanding of securing public cloud technologies (AWS & GCP)
- Ability to work with APIs and plugins to integrate security tools into established CI/CD pipelines
- DevOps Automation using Jenkins, Puppet, Ansible, GitLab etc
- Experience with securing container technologies including Docker and Kubernetes
- Experience integrating DAST, SAST, IAST & SCA tools into the SDLC
- Hands-on experience of infrastructure as code and Hashicorp Vault
- Full understanding of web stack, web security and common vulnerabilities (e.g. SQLi, XSS etc.)
- Development skills to facilitate code reviews or tool development
- Understanding of network devices like firewalls, routers, etc. and platforms such as Windows, Unix, etc
- Proficiency in Bash, Python, Pearl, PowerShell or other scripting languages
- Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
- Capability to prepare security vulnerability and risk management reports for management.
- Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
- Strong knowledge of OWASP
- Ability to think like a hacker
- Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization
- Minimum of 5 years’ experience of relevant IT experience, with at least 3 years devoted specifically to DevSecOps
- Educated in Cyber Security/Computer Studies/Engineering
- Public cloud security certificate from AWS/GCP preferred
- SANS training or GIAC/OSCP/OSWE desirable
- Experience working in an Agile/Sprint based delivery environment (using Jira/Confluence or other bug tracking tools) would be an advantage in this role
- Prior DevOps/Development/QA experience would be beneficial
We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit. We make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.
Can there be a better place to take center stage in the digital revolution? We are excited to getting to know you!