Head of Security, Ukrainian Team @ Xenoss
(práce v Polsku)

Head of Security, Ukrainian Team @ Xenoss

Qualifications & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• 10+ years of experience in application security, cloud security, or cybersecurity leadership roles.
• Expertise in securing Azure, GCP, AWS and Kubernetes environments.
• Strong background in DevSecOps, CI/CD security, and software security principles.
• Hands-on experience with SAST, DAST, SCA, CSPM, and SIEM tools.
• Deep knowledge of cloud security frameworks (CIS Benchmarks, CSA, NIST, OWASP Cloud-Native Security).
• Strong understanding of identity and access management (IAM), zero trust, and container security.

Preferred Certifications

• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• OSCP (Offensive Security Certified Professional)
• CISM (Certified Information Security Manager)

Azure Certified Security — Specialty, Google Cloud Security Engineer, or AWS Security Engineer

Introduction:

The Head of Security (Application & Cloud Security) is responsible for designing, implementing, and managing the security strategy for the TGCS’s applications, cloud environments, and DevSecOps processes. This role focuses on securing software development and cloud infrastructure and ensuring compliance with industry security frameworks. The ideal candidate will lead security initiatives, partner with engineering teams including our Toshiba Security Governance in Japan, and establish robust security controls to safeguard applications, data, and cloud-based assets from threats.

Key Responsibilities

Security Strategy & Leadership

• Define and execute the application and cloud security strategy, aligning with business and SaaS objectives.
• Lead the Application Security (AppSec) and Cloud Security teams, ensuring best-in-class security practices.
• Drive a security-first culture across development and infrastructure teams.
• Provide executive leadership with regular security updates, risk assessments, and mitigation plans.
• Evaluate and implement modern security tools and technologies to enhance security posture.

Application Security & DevSecOps

• Integrate security into the software development lifecycle (SDLC), enabling secure-by-design development.
• Implement and manage SAST, DAST, and SCA tools for automated security testing.
• Define secure coding standards and provide guidance to development teams.
• Work closely with DevOps teams to implement DevSecOps practices, automating security within CI/CD pipelines.
• Lead threat modeling exercises and penetration testing to identify vulnerabilities in applications.

Cloud Security & Infrastructure Protection

• Design and enforce security best practices for multi-cloud and hybrid cloud environments (AWS, Azure, GCP).
• Implement cloud security posture management (CSPM) solutions to monitor and secure cloud configurations.
• Ensure identity and access management (IAM) policies, encryption, and zero-trust principles are followed.
• Monitor and respond to cloud security incidents, working closely with IT and SOC teams.
• Lead compliance efforts for ISO 27001, SOC 2, NIST, GDPR, and other cloud security frameworks.

Threat Detection, Incident Response & Risk Management

• Oversee security monitoring, log analysis, and threat intelligence for cloud and application environments.
• Implement SIEM, XDR, and SOAR solutions for real-time security event detection and response.
• Define incident response playbooks for cloud and application security threats.
• Conduct regular security audits, red teaming, and penetration testing to identify and mitigate risks.

Compliance, Governance & Security Awareness

• Ensure compliance with industry security standards (NIST, OWASP, CSA, ISO 27001, SOC 2, GDPR, CCPA).
• Lead cloud security risk assessments, ensuring vendors and third parties meet security requirements.
• Develop and enforce security policies, training programs, and awareness campaigns.
• Partner with legal and compliance teams to ensure data protection and privacy regulations are met.

Kategorie

security

Zajímavé nabídky práce v okolí: