Job TitlePrincipal Security Specialist - Application Security AdvertSage is a global company with a local heart. The market leader for cloud-based accounting, financials, enterprise management, people, and payroll software, we empower the world's business heroesfrom single-person startups to large enterprises. Our people are passionate and positive. We inspire our colleagues to serve business builders everywhere and champion their success. As a FTSE 100 company with 14,000 colleagues across 24 countries, we do business the right way, while giving back to our local communities through the Sage Foundation. Be Sage, build on.
Sage Software is an Equal Opportunity Employer. We comply with the laws set forth in the Equal Employment Opportunity in The Law poster: http://1sa.ge/EjaS30kzhpR
Sage is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment and need special assistance or an accommodation to use our website to apply for a position, please contact us at email@example.com We evaluate requests for reasonable accommodation on a case-by-case basis. Job DescriptionOVERVIEW:
Every day, Sage customers entrust us with their precious business data. As we accelerate the global expansion of our cloud products, it becomes more and more vital that we do the right things to justify our customers' trust in us by surrounding our products with world class information security. As part of our Application Security team, you will be part of a team with global reach and a great reputation, that works tirelessly to keep our customers' data safe and secure.
We need a passionate and curious colleague to ensure that we continue to grow our capability in security. You will be based in our Frankfurt office and be part of our team there, but you will also collaborate with colleagues around the world to lead and accelerate our security journey. We can offer a great environment with flexible working patterns and benefits.
As a team we champion the security of our customers' data across the entire product lifecycle, from development to launch and throughout the operational life of the product. We value flexibility and understand the value that diverse points of view can bring, so if any of these sound like you we would love to hear from you:
You love to crunch ideas with software architects and designers using threat modelling or similar techniques to build defence in depth and build systems that are secure by design.
You feel very comfortable with code and can talk to developers in their own language to help them grow their security expertise and develop software that our customers can trust.
You enjoy seeking out vulnerabilities and security flaws and then sitting down alongside development teams to help them figure how to fix them now and how to avoid the same mistakes in the future.
You have seen the power and agility that a DevOps approach can bring and understand how DevOps and security can come together to build secure software, faster.
Whatever your technical profile, we put equal value on influencing and communication skills. You will be mentoring and coaching individuals and teams to help them build security in from the ground up. We will need you to do this in an agile way that embraces everything the most modern public cloud platforms have to offer. We are not your stereotypical "preventers of information services".
To drive improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations, covering major strategic customer-facing products and internally developed colleague-facing applications. To work with security champions to develop a strong security culture and capability and to evolve the security champions program as a whole. To ensure that new product/system releases are secure and that vulnerabilities discovered in live products and systems are quickly and effectively addressed. Key ResponsibilitiesKey accountability and decision ownership:
Working with Security Champions to develop a strong security capability in teams and improving the effectiveness of the overall Security Champion program
Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern DevSecOps approach
Acts as the main point of contact on security issues for Product Delivery and EAD teams on major strategic groups of products/systems
Assessing major strategic groups of Sage products, application or systems to identify security weaknesses and creating improvement plans where required
Supporting security compliance as it relates to assigned products
Identifies the need for new tools and vendors and leads their evaluation
Drives significant improvement in key processes/standards and designs and implements new processes/standards
Contributes to performance evaluation and technical mentoring of junior team members
Provides technical security leadership for significant projects or workstreams
Active contributor to relevant industry bodies, conferences, open source projects etc.
Skills, know-how and experience:
Significant experience in implementing security in the software development lifecycle
Experience in implementing security in public cloud based SaaS applications
Proficiency in English written and verbal
Experience of working with geographically dispersed teams
Experience working in an agile, DevOps/DevSecOps environment
Experience in security operations
Experience of formal compliance frameworks (e.g. SOC, ISO27001, PCI or similar)
Technical / professional qualifications:
Relevant professional security qualification such a CISSP, CSSLP or similar
Relevant degree and >8 years commercial experience FunctionGlobal Information Security CountryUnited States Office LocationAtlanta Location Region