Security Engineer

Can you lead and inspire stakeholders across the world to live a brand every day and across every touch point? Can you demonstrate how people are making the difference in an asset driven, commoditized industry like container shipping? Can you hold the standard high, drive change and build commercial value through bringing the brand to life every day?

These are key roles in support of Maersk Technology's movement to platform-based development and increased usage of microservices, including (but not limited to) disconnected cloud platform (Azure). Joining Maersk Technology as a Security Engineer will enable you to gain broad business knowledge of the company’s activities globally, in addition to understanding how the complexity of technology supports the digitized transport and logistics business. The roles operate using agile methodology delivering timely and effective cyber security of general and bespoke solutions.

In this role successful candidates will be exposed to a wide and challenging range of business issues through regular engagement with stakeholders across all management levels within Maersk. You will work and communicate across geographical and cultural borders that will enable you to build a strong professional network. We will provide opportunities to broaden your knowledge and strengthen your technical and professional foundation.

We offer

Joining Maersk T&L will embark you on a great journey with career development in a global organisation. As a SecurityEngineer, you will gain broad business knowledge of the company’s activities globally, as well as understand how the com-plexity of IT supports the transport and logistics business.

You will be exposed to a wide and challenging range of business issues through regular engagement with key stakehold-ers across all management levels within Maersk.

At Maersk we value the diversity of our talent and will always strive to recruit the best person for the job – we value diversity in all its forms, including but not limited to: gender, age, nationality, race, sexual orientation, disability or religious beliefs. We are proud of our diversity and see it as a genuine source of strength for building high performing teams

Key responsibilities

•Within specific technical platform(s) be responsible for driving security improvement from design through delivery and into operations through good practices and representing the importance and business benefit of Cyber Security. Act as security evangelist and ‘mentor’ to the business and development teams.
•Take the lead on finding technical Cyber Security solutions - drawing on your previous knowledge, self-learning and formal training. Embedding Secure-by-Design and Secure Development Life Cycle principles
•Understand and clearly identify Cyber Security risk within an agile development environment. Highlighting risks to Cyber Security for inclusion on the Risk Register and to inform prioritisation of Cyber Security Backlog items.
•Ability to apply security principles and good practice to manage security and risk in cloud environments., e.g. authentication, role-based access, encryption
•Articulate identified risk during development to Business Owners and help mitigate - implementing suitable, cost-effective security measures throughout development phases (Agile/DevOps)
•Discuss and analyse requirements with business stakeholders, and design high quality seamless solutions, balancing Cyber Security versus /business value trade-offs.
•Work with multiple solution design options, and recommend the most appropriate solution considering business priorities, technical feasibility, return on investment and delivery timelines.
•Participate in work estimation, scope definition and delivery planning activities.
•Undertake security engineering in the Platform features and stories

•Primary internal stakeholders:
•Maersk Technology Organization including new platforms
•Product & Solution Engineering
•Infrastructure Engineering teams
•Security Operations
•Cyber Security Risk and Compliance Teams
•Enterprise Architecture
•Maersk business Product Managers.

•Primary external stakeholders:
•Maersk clients
•Regulatory bodies

We are looking for

•Bachelors degree in Computer Science, Computer Engineering or related field, or 5+ years relevant work experience
•Experience of working in an agile environment and application of Cyber Security within DEVSECOPS with a good understanding of customer centric design principles and software development.
•Experience of providing Technical consultancy within a Digital/Cloud setting.
•You should have experience of implementing vulnerability management and remediating security issues as they are found
•Experience with the application of threat modeling or other risk identification techniques and security best practices associated with containers, kubernetes and distributed systems.
•Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR. With working knowledge of secure development practices and standards such as OWASP and BSIMM especially on cloud providers
•Identifying the need for new, or changes to existing, security patterns for API (Authorisation and OAuth 2.0 for key data), EDI and Event Streaming
•Threat Modelling and Security testing Experience, to identify any security risks before live deployment (DAST and SAST)
•Assisting integration of new digital products with Security Operations for Detect/Respond/Recover to cyber incidents
•Development experience in .Net and/or Java. Experience with scripting (e.g. python, ruby, bash). Knowledge of XML and JSON. Hands on Azure security configuration and scripting skills
•Demonstrable experience and execution of security automation, and configuration of Azure cloud native tools to maximise their effectiveness
•Microsoft Azure certifications, e.g. Azure Security Engineer, Azure DevOps Engineer, Azure Solutions Architect
•Excellent written and verbal communication skills with Stakeholder management and interpersonal skills at both a technical and non-technical level
•Ability to manage conflicting priorities and multiple tasks
•Proven ability to work and effectively prioritize in a dynamic, collaborative and decentralized work environment
•High attention to detail