For over 80 years, GfK has been a reliable and trusted insight partner for the world’s biggest companies and leading brands who make a difference in every consumer’s life - and we will continue to build on this. We connect data, science and innovative digital research solutions to provide answers for key business questions around consumers, markets, brands and media. With our headquarters in Germany and a presence in around 60 countries worldwide, you benefit from our global company with a diverse community of ~9,000 employees.
Harnessing the power of our workforce, the greatest asset we have is our people. As part of GfK, you can take your future into your own hands. We value talent, skills and responsibility and support your development within our international teams. We are proud of our heritage and our future: Currently we are in the latter stages of a transformational journey from a traditional market research company to a trusted provider of prescriptive data analytics powered by innovative technology. This is only possible with extraordinary people and this is why we are looking for YOU to help create our future. For our employees as well as for our clients we pursue one goal: Growth from Knowledge!
The Senior IT Security Analyst works within the Product Security team to improve the security maturity of GfK large web application portfolio. The role involves close collaboration with technical engineering teams and product owners to ensure application security requirements and security capabilities are implemented throughout the software development lifecycle, enabling a secure by design culture within GfK.
• Work with engineering squads (Developers, SREs & QAs) to ensure that projects are secure on delivery
• Provide engineering teams with guidance in security web applications, APIs & Cloud Native Services
• Coordinate and perform technical application security assessments & reviews
• Explain risk and criticality of identified vulnerabilities to business owners/technical teams and advise on remediation activities
• Support engineering teams with security remediations, helping them meet agreed KPIs & SLAs
• Conduct application threat modelling supporting definition of security requirements & controls
• Integrate security tools & capabilities into product teams’ CI / CD pipelines as part of SDLC
• Build/maintain/support security testing tools
• Manage & coordinate third-party penetration tests of GfK products
• Provide application security coaching & training of junior security peers and engineering colleagues
• Contribute to defining & maintaining application security framework & associated standards
• Use of dynamic & static security testing tools to assess GfK product artefacts, such as source code, third-party libraries & containerised environments
• Support SOC during security incidents involving Cloud environments and/or web services
• Take a lead role in GfK’s Application Security Community of Practice (CoP)
Skills & Experience Required
• Be able to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism
• Have the ability and desire to quickly learn new technologies
• Excellent communication skills and ability to work with global counterparts
• Promote Secure by Design culture, leading by example to change existing systems and practices for the better
• Good troubleshooting skills
• Forward looking approach to addressing existing & upcoming security challenges
• Able to review complex technical designs
• Strong knowledge of OWASP
• Understanding of application-level penetration testing & ethical hacking
• Understanding of end-to-end security within the software development lifecycle
• Working knowledge of application security with respect to web and enterprise application development
• Full understanding of web stack, web security and common vulnerabilities (e.g. SQLi, XSS etc.)
• Development/coding skills to facilitate code review, tool development & security remediations
• Experience working with Development, SRE & Engineering teams in a dynamic environment to promote/implement the Secure by Design practices throughout GfK products
• Experience with web application penetration testing & ethical hacking
• Prior DevOps/Development/QA experience beneficial
• Experience working in an Agile/Sprint based delivery environment (using Jira/Confluence or other bug tracking tools) would be an advantage in this role
• Relevant application security certification desirable
We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit. We make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.
Can there be a better place to take center stage in the digital revolution? We are excited to getting to know you!