Details of the offer for Senior/Lead Security Engineer - GRC M/W about r-d at JUNG S.A.S in Paris

As Senior / Lead Security Engineer - GRC, Governance, Risks, and Compliance, preserving Back Market's information heritage is your first concern.

Through advice to teams and evangelization of best practices, risk analyzes, definitions and maintenance of policies, procedures and safety action plans, process audits, reviews and monitoring of compliance progress , you contribute to the continuous improvement of the security posture of the company, while keeping an eye on the indicators of threats.

We have huge ambitions, strive for excellence, and count on you to support and advise our teams on the technical security aspect of these challenges.

Required profile

  • You are a talented engineer with at least 3 years of experience in web application security in dynamic cloud environments

  • You are convinced of the importance of a risk analysis approach to define and maintain the security objectives, policies, procedures and action plans necessary for the smooth running of your mission

  • You are keen to explain the reasons for the security choices of the company, to help their understanding and adoption by your colleagues, and to define a security requirement without analysis or foundation is nonsense for you

  • Good practices and standards such as the ISO / IEC 27000 series, including 27005 or EBIOS, 27017, 27018, 27035, OWASP SAMM, OWASP ASVS or CSVS, or CIS benchmarks are some of your favorite references

  • You are curious, rigorous, structured, like to explore new methods and technologies, and know how to express your limits when asked for a position as a security expert

  • You demonstrate pedagogy to share your knowledge and make your colleagues aware of good safety practices, by supporting your proposals with concrete examples and technical demonstrations

  • Your skills are recognized by a standard certification (ISC) ² CISSP, CCSP or CSSLP, ISO 27001 Lead Implementer or Auditor, EBIOS Risk Manager, SANS GCCC - or you are ready to take it soon

  • In-depth knowledge of PCI-DSS and GDPR will be appreciated

  • For you, remote working is an opportunity

  • English is a language with which you are fluent in both written and spoken

  • You want to join a top technical environment: AWS, GCP, Kubernetes, Terraform, Terragrunt, Datadog, Spinnaker, Cloudflare, Docker, Aurora, etc., where you can learn, develop, and gain responsibility