Share this Job
Apply now »

Cyber and Digital Security Expert - Application Security

Cyber and Digital Security Expert - Application Security

 

 

About IT at Nestlé

We are a team of IT professionals from diverse cultures, genders and age groups in the world’s largest food and beverage company. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our con-sumers, customers and employees. 
We have exciting positions in our new Nestlé global services operations based in Banga-lore, which works alongside our Regional IT Hub in Sydney and Global IT hubs to provide technology services for Asia, Oceania and Africa (AOA). This set up will design, implement and maintain IT solutions and sharpen Nestlé’s focus in the growing areas of digital, ana-lytics and innovation to support changing customer, consumer and shopper focus. 
When you join our IT team, you’ll have the opportunity to collaborate across local and global Nestlé teams and external partners to deliver innovative technologies that create tangible business value and contribute proactively to our sustainability goals. Our diversity brings fresh and innovative thinking to how we approach new and existing challenges while embracing different cultures, genders, sexual orientation, abilities and flexible ways of working.

Position Summary

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition, and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 
 
In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist – Application Security. Together with a group of security specialists, your mission is to assess and protect Digital Properties of the Nestlé Group.

A day in the life of...

  • Directly contribute to growth and development related to our Application Security Testing (AST), SecDevOps and Web Application Firewall (WAF) solution and practices. 
  • Analyzing and developing policies and solutions to support AST and WAF security on an enterprise scale.
  • Liase with IT teams and vendors to implement, improve and solve operational issues and findings related to AST and WAFs.
  • Chair application security scanning reviews with DevOps.
  • Assist with project efforts to design security controls and processes that solve business problems.
  • Serve as a security expert in Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
  • Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.
  • Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
  • Develop, maintain, and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
  • Defend and translate to stakeholders’ technical choices from a security perspective.

What will make you successful

  • Degree in a technology-related field, or equivalent work- or education-related experience. 
  • 8+ years of experience in a combination of risk management, information security and IS/IT jobs. 
  • Professional security, cloud and software architecture certifications, such as a CISSP, CISSP-ISSAP, CSSLP, GIAC, AWS Solution Architect, Azure Solutions Architect or other similar credentials, is preferred. 
  • Knowledge of common information security management frameworks, such as ISO 27001 and NIST. 
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences (e.g. management, agencies, vendors).
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. 
  • Team player, high degree of initiative, dependability and ability to work with little supervision. 
  • Highly collaborative approach paired with excellent communication skills to balance trade-offs, pushbacks and negotiations to reach goals.
  • Solid experience in assessing and protecting public-facing applications.
  • Software development or application security testing experience, and exposed to WAF, SecDevOps, OWASP Top 10 and other frameworks: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities.
  • Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures.

About Nestlé

Nestlé enjoys a reputation as the world’s largest food and beverage company driven by our purpose - enhancing quality of life everyone, today and for generations to come. At Nestlé, we constantly explore and push the boundaries of what is possible with foods, beverages, and nutritional health solutions to enhance quality of life and contribute to a healthier future to better support individuals, families, communities, and the planet. We have more than 2000 brands ranging from global icons to local favorites and are present in 190 countries worldwide.

 

 

 

 

About IT at Nestlé

We are a team of IT professionals from diverse cultures, genders and age groups in the world’s largest food and beverage company. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our con-sumers, customers and employees. 
We have exciting positions in our new Nestlé global services operations based in Banga-lore, which works alongside our Regional IT Hub in Sydney and Global IT hubs to provide technology services for Asia, Oceania and Africa (AOA). This set up will design, implement and maintain IT solutions and sharpen Nestlé’s focus in the growing areas of digital, ana-lytics and innovation to support changing customer, consumer and shopper focus. 
When you join our IT team, you’ll have the opportunity to collaborate across local and global Nestlé teams and external partners to deliver innovative technologies that create tangible business value and contribute proactively to our sustainability goals. Our diversity brings fresh and innovative thinking to how we approach new and existing challenges while embracing different cultures, genders, sexual orientation, abilities and flexible ways of working.

Position Summary

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition, and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 
 
In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist – Application Security. Together with a group of security specialists, your mission is to assess and protect Digital Properties of the Nestlé Group.

A day in the life of...

  • Directly contribute to growth and development related to our Application Security Testing (AST), SecDevOps and Web Application Firewall (WAF) solution and practices. 
  • Analyzing and developing policies and solutions to support AST and WAF security on an enterprise scale.
  • Liase with IT teams and vendors to implement, improve and solve operational issues and findings related to AST and WAFs.
  • Chair application security scanning reviews with DevOps.
  • Assist with project efforts to design security controls and processes that solve business problems.
  • Serve as a security expert in Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
  • Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.
  • Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
  • Develop, maintain, and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
  • Defend and translate to stakeholders’ technical choices from a security perspective.

What will make you successful

  • Degree in a technology-related field, or equivalent work- or education-related experience. 
  • 8+ years of experience in a combination of risk management, information security and IS/IT jobs. 
  • Professional security, cloud and software architecture certifications, such as a CISSP, CISSP-ISSAP, CSSLP, GIAC, AWS Solution Architect, Azure Solutions Architect or other similar credentials, is preferred. 
  • Knowledge of common information security management frameworks, such as ISO 27001 and NIST. 
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences (e.g. management, agencies, vendors).
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. 
  • Team player, high degree of initiative, dependability and ability to work with little supervision. 
  • Highly collaborative approach paired with excellent communication skills to balance trade-offs, pushbacks and negotiations to reach goals.
  • Solid experience in assessing and protecting public-facing applications.
  • Software development or application security testing experience, and exposed to WAF, SecDevOps, OWASP Top 10 and other frameworks: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities.
  • Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures.

About Nestlé

Nestlé enjoys a reputation as the world’s largest food and beverage company driven by our purpose - enhancing quality of life everyone, today and for generations to come. At Nestlé, we constantly explore and push the boundaries of what is possible with foods, beverages, and nutritional health solutions to enhance quality of life and contribute to a healthier future to better support individuals, families, communities, and the planet. We have more than 2000 brands ranging from global icons to local favorites and are present in 190 countries worldwide.

 

 

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

Apply now »