IT Secure Development Lead (1 year contract) - Oslo or Espoo

Scroll to content

We have a plan, we are looking for an experienced cybersecurity professional capable of leading our IT Secure Development Initiative forward, ensuring defined objectives are achieved. This is a 1-year contract with a possibility to renew.

This role will be responsible for leading and evolving secure development practices, working closely with our Product Development Teams to ensure the secure development and deployment of our IT Products and IT Services.

We offer plenty of interesting challenges in the energy industry sector, as well as opportunities to develop your skills DevSecOps skills in an Agile working environment.

Your responsibilities:

  • Design, Build, integrate and manage security controls into Agile Software Development Lifecycle and CI/CD pipeline in accordance with defined Cyber Security Strategy Objectives and DevSecOps principles.
  • Work closely with Product Development Teams, assisting in the overall security architecture, ensuring security by design and the effective implementation of security controls.
  • Support security-related projects and major IT projects with security requirements.
  • Develop, Implement and manage automated security testing controls in the development pipeline ( Static and Dynamic Security Testing).
  • Coordinate regular external Application Penetration tests.
  • Coordinate Vulnerability Management practices ensuring the timely reporting, evaluation, remediation of identified vulnerabilities.
  • Actively support the continued development of security architecture and technology road map providing the framework for the application of security controls.
  • Develop, maintain, and communicate secure development standards and training material.
  • Establish a network of secure development champions, raising competence via engagement, awareness and training.
  • Develop and validate benchmark security configurations for security systems and applications.
  • Monitor, evaluate and report security performance and risks to Cyber Security Steering Group.

What we would like you to bring

Education, Skills and Experience

  • Education: Bachelor or Master’s level education in Information Technology (or similar).
  • One or more professional security certification(s).
  • Minimum 5 years IT security experience, with direct experience in an IT Security Lead or Manager role.
  • Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM).
  • Experience performing vulnerability testing, risk analyses and security assessment in SDLC activities like Threat Modeling, DAST, SAST, OSS Scanning and Penetrating Testing.
  • Experience with building and implementing static and dynamic analysis tools, open-source scanning tools and integrating security into a CI/CD workflow.
  • Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
  • Solid understanding how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
  • Experience implementing security tools (SAST, DAST) and integrating them with Agile workflows and development platforms (Jira, Bitbucket, Bamboo, Octopus, Slack, Pagerduty) and cloud platforms(Azure).
  • Familiarity with security standards and best practices (for example ISO 27k, NIST, OWASP, CIS).

Personal Competencies

  • Highly Motivated team player, with a can-do attitude and the ability to get things done.
  • Aptitude for solving problems and acting on own initiative.
  • Strong Organisation skills, with the ability to manage tasks, time & resources.
  • Ability to understand and solve complex issues with clear, balanced & implementable solutions.
  • Capacity to quickly learn new skills and adapt to new environments.
  • Fluent in English both Written & Verbal.


Why you'll love working at Nord Pool

At Nord Pool, you will get to leave your mark and make a real difference on our products and way of working. You will be part of a motivated, tech-savvy and friendly team. We believe in giving you the freedom to deliver your best work: that is why we are flexible around hours, tools and working methods. With us, you can build your career at an international, forward-thinking and profitable company. We’ll give you opportunities to learn and create something new.

Or, know someone who would be a perfect fit? Let them know!

Lilleakerveien 2A
0283 Oslo Directions norway@nordpoolgroup.com +47 67 10 91 00 View page

Together with Integrity towards Excellence

This is our value statement and it is what guides us in everything we do, from working with customers to working with each other.

We are a medium-sized international company with colleagues from 23 different countries. They include experts in programming, power markets, trading, laws and regulatory frameworks, to name just a few. We are a trusted partner and advise customers across the globe on creating efficient, simple and secure power markets. This involves continuous communication and a visible presence, not just in Europe but globally. We are big enough to be a serious player on the European energy markets but small enough for people to know each other on first name terms.

Already working at Nord Pool Group?

Let’s recruit together and find your next colleague.

email
@nordpoolgroup.com
Teamtailor

Applicant tracking system by Teamtailor