PManpower Group, in collaboration with F2A, part of the SD Worx group, is looking for a UN Security Engineer (m / f / x)to join the Milan office. /ppWe are looking for an Application Security Specialist to support us in building a best in class application security program from our SD Worx Italy (F2A) headquarters in Milano. /ppThe function is open for people from diverse professional background (e.g. development / test / consulting experience) and we are willing to adapt and further grow the function based on the experience and interests of the candidate. /ppbYou will be working on the following major activities : /b /pulliAssessment and improvement of the maturity of development teams in the use of pentesting, bug bounty, threat modeling architecture reviews, and optionally code review /liliGuiding and assisting product development teams in building increasingly secure applications and in improving the security of current products /liliContributing to security by design by default and converting this into a continuous improvement process by focusing on awareness /liliFollowing up on secure product development practices and trends and provide suggestions to further improve our secure development processes /liliAssisting in defining standards for security application development lifecycle /liliImproving automated security testing through various methods and tools /li /ulpuRelevant topics : /u AppSec, IT Security, SDLC, Agile, DevOps, Penetration testing, Pentest, Security Breach, Ethical hacker, Threat Modeling, OWASP, Application Security, Web Application Testing, Security Testing Automation, TLS, Veracode, SAST, DAST, API, Bug bounty, vulnerability management /pulliAt least 3+ years of experience in software engineering /liliPrevious coding experience in at least one language /liliExcellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment /liliYou are familiar with the foundations of secure development and application security (AppSec / DevSecOps) concepts and practices and you are curious to learn more in this fast changing field /liliYou are confident in coaching your fellow software engineers /liliExperience in preventing and mitigating application security vulnerabilities, and more specifically with concepts such as OWASP Top 10 and CWE Top 25 /liliPenetration testing and bug bounty experience is beneficial but not required /li /ulpbPersonal Competences : /b /pulliFast learner that is not afraid to continuously learn new skills and adapt to a fast changing environment /liliYou are a team player that is interested in working with product developers or product owners to improve their application security skills /liliYou take initiative and like to get things done /liliYou are able to take a pragmatic approach in order to come up with solutions which are simple and feasible while keeping the end user in mind /liliGood English and Italian language skills /li /ulpOn site or remote working /p #J-18808-Ljbffr