Team Lead - Application Security

Responsibilities

• Setup and lead application security team.
• Triage High/Critical findings & drive mitigation. (SAST, SCA, DAST, VDP).
• Identify, approve high severity True or False positive vulnerabilities.
• Support Product teams implementing SAST/SCA  in their  CI/CD pipelines.
• Support Product Teams with Application security expertise for best mitigation of findings.
• Provide generic application security consultancy.
• Identify security risks in application architecture and infrastructure, drive mitigations.
• Contribute to the target S-SDLC framework.
• Support application security team strategically and technically developing and improving the main pillars of application security.
• Support Security & Privacy Engineering Key activities.

Role Description

• The Application Security Tech Lead is responsible for setting up, leading and functionally steering a team of application security engineers.
• Contribute to ensure that each steps of SDLC used by software engineers across METRO is following best practices in term of information security and data privacy.
• Contribute to develop and maintain the needed technologies and processes to be included in CI/CD to include tollgates to secure that security control validations are automatically performed during development and deployment phases
• Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses
• Serve as the technical authority, providing expert guidance to the security engineers where needed.

Technical & Soft Skills:

• In-Depth knowledge of application security technologies and tools such as SAST,SCA,DAST.
• Strong knowledge and skills in scripting, and development of automation in CI/CD.
• Good understanding of .git concepts and market leading vendors like GitHub, GitLab.
• Deep understanding of OWASP , ASVS is a must.
• Proficiency in concepts of vulnerability assessments and scans using automated tools (Qualys, Polaris, …)
• Understanding of common vulnerabilities and exposures (CVEs), Common Vulnerability Scoring System (CVSS), and vulnerability databases.
• Familiarity with vulnerability management frameworks and methodologies, such as the National Vulnerability Database (NVD) and the Common Vulnerability Enumeration (CVE) system.
• Excellent communication and interpersonal skills to effectively collaborate with clients, stakeholders, and internal teams.
• Proficient in producing reports, briefings, and presentations to communicate findings, trends, and recommendations to stakeholders.
• Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously.
• Ability to work under pressure.