Application Security Engineer

What will you do in this role? As an application security engineer, where you will be instrumental in fortifying our applications and products against potential threats and vulnerabilities. Your expertise will be crucial in conducting security assessments, implementing best practices, and ensuring the integrity and resilience of our digital assets. You will work closely with software developers, architects, and system engineers to integrate security measures throughout the software development lifecycle. You will be providing the right security solutions for our products, developing and implementing robust security measures to safeguard our digital assets. You will play a significant role in our burgeoning cybersecurity team, focusing on fortifying our applications against potential threats and vulnerabilities from cloud, to application and product security. You will report to the Head of Cybersecurity, Bernard Helou. We have several open positions for this role, the main responsibilities are: - Design, develop, and implement application security strategies, protocols, and best practices to ensure the integrity and resilience of our software systems and cloud environments. - Support the different teams in remediating security issues or vulnerabilities in accordance with the best practices. - Contribute to the development of security training and education programs. - Collaborate with cross-functional teams to integrate security into the software development lifecycle. - Provide guidance and mentorship to junior team members, fostering a culture of security awareness and knowledge sharing within the organisation. - Develop and maintain security documentation, policies, and procedures to ensure compliance with regulatory requirements and industry standards. - Stay updated on emerging threats and industry trends, making recommendations for continuous improvement of our security posture. - Implement and manage security tools and technologies to enhance application security. - Act as a key contributor to building a robust cybersecurity culture within the organisation. - Depending on your level of experience, provide guidance and mentorship to junior team members, fostering a culture of security awareness and knowledge sharing within the organisation. About the team: We are building the cybersecurity team to support Schibsted Media and the journalists along their journey for free and independent press. Located in Norway and Sweden, the team is responsible for providing, supporting and maintaining cybersecurity tools for the company as well as providing safe products and services to our customers and journalists. We are part of the tech department, the cybersecurity team collaborates with other parts of the organisation, including journalists, editors, it-infrastructure, network, user devices, collaboration software, among others. Key competencies: - 2 - 8 years of experience in application security roles, with a background in software development and secure coding practices. - Experience with vulnerability scanners such as Wiz, Detectify, Github Advanced security. - Good knowledge of common application security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques. - Experience with security assessment tools such as Burp Suite, OWASP ZAP, and Metasploit. - Proficiency in programming languages commonly used in web development such as Java, Python, along with familiarity with web technologies like JavaScript, HTML, and CSS. - Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks effectively. - Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders. Nice to haves: - Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certified Ethical Hacker (CEH) would be appreciated. - A good understanding of the threat landscape of a media company. On Media Our democracies depend on independent journalism - that’s our business! Schibsted Media consists of some of the leading Nordic newspapers and media brands like VG, Aftenposten, Svenska Dagbladet, Aftonbladet, and many more. Now, Schibsted Media starts its journey as a new, independent company, and our ambition is to become the leading media destination in Nordics. Schibsted is already at the forefront of technological development. Schibsted Media will continue to develop amazing products, strengthen authentic journalism and tailor make media content for our users. Everyone who works at Schibsted Media is a part of this bigger mission; reaching and empowering millions of people in their daily lives through offerings with superior relevance and authenticity. Join us in creating the media group of tomorrow. Schibsted is a family of digital brands with a strong Nordic position, and more than 6,000 employees. Millions of people interact with our companies every day through our leading online marketplaces, world-class media houses. We also help new promising businesses grow. Our joint mission of empowering people in their daily lives is rooted in the values of our media heritage and a legacy of bold change. At our best, we are a fearless force for change in a society built on trust and transparency. Product & Tech is responsible for product development and technology platforms for News Media brands. The unit consists of product managers, software engineers, UX experts, and user researchers. Most of our teams work distributed, with colleagues in Oslo, Stockholm, Krakow, Gdansk, Bergen, and Stavanger.