Opportunity

Location: Maidenhead – UK, Copenhagen - Denmark or Bangalore - India.

Our environment is a hybrid work set up. You'll be expected to come into our office 2-3 times a week, but if you prefer to come in more often, that's totally fine too! We want you to have the flexibility to work in a way that suits you best, while also making sure we have some face-to-face time each week to stay connected.

Maersk is the world's largest shipping and container logistics company, with $40 billion in assets and over 85,000 employees. We handle 20% of the world's container shipping and are transforming into an integrated shipping and logistics company. Join us in the Transport and Logistics IT department to rethink how we connect with our customers and partners using technology. As an Engineer in the Secure-by-Design Tooling team, you'll get a comprehensive understanding of Maersk's global operations and see how IT supports the transport and logistics business.

If you’re looking for an exciting opportunity to use your senior-level programming skills and passion for application security? and have experience in any of the following: JAVA, .NET, C#, Go, or Python, we want to hear from you!

We're looking for someone who can provide guidance and mentorship to our more junior developers. You'll be an important part of our team, helping to ensure that our development practices are secure and up-to-date with the latest industry standards.

If you're someone who's passionate about security and enjoys working with others to help them grow and develop, this could be the perfect opportunity for you.

The role…

We are not considering relocation at this time. Applicants are being considered in the country where they have applied. The role can be based in any one of the following locations: Maidenhead – UK, Copenhagen - Denmark or Bangalore - India.

As a Senior Security Engineer on the Application Security team, you'll get to collaborate with other teams like Business Platforms, DevOps, Tooling, and Cloud Engineering. Together, you'll be responsible for setting up and managing security tools that help prevent risks and fix vulnerabilities.

You'll be part of the Cyber Security Platform (CSP) that's all about Application Security. You’ll be analyzing vulnerabilities and coming up with solutions to make sure everything's secure.

Who you are…

As a Senior Security Engineer on the Application Security team, you'll be a technical leader and guide for our engineering teams. You'll help them navigate application security vulnerabilities and provide remediation assistance in a way that's clear and supportive.

We're looking for someone who can bring their knowledge of security and application development industry trends to the table, using it to drive organizational change and make sure we're properly managing and remedying vulnerabilities. And, of course, you'll need to be a pro when it comes to communicating with our engineering teams and designing appropriate mitigation strategies for any reported vulnerabilities.

In order to keep things organized and streamlined, you'll also establish clear processes related to application security tooling, policies, and procedures. You'll be leveraging security automation processes and developing playbooks and workflows based on operational use cases to make everything as efficient as possible.

Since security is always evolving, it'll be crucial for you to maintain a detailed knowledge of emerging threats, risks, technical innovations, and security capabilities. And, last but not least, you'll participate in sprint planning, backlog refinement, and task estimation to make sure everything runs smoothly.

Skills / experience you’ll need..

We're looking for a talented and experienced Security professional to join our team. Here are the qualifications what we're seeking:

• More than 10 years of hands-on experience in Security with a Development background, including knowledge of SAST, SCA, Container and Infrastructure-as-Code scanning, CI/CD pipeline, Agile Methodology, remediations, and awareness programs.
• Experience working with multiple programming languages, including Java, Net, C#, JavaScript, Python, Go, SQL, and strong source code skills.
• Familiarity with Polaris, Black Duck, Prisma Cloud, GHAS security tools.
• Strong experience working closely with developers.
• Strong understanding and experience with attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE, and more.
• Deep understanding of OWASP Top 10, SANS Top 25, WASC, NIST, or SANS Security Guidelines.
• Deep knowledge and understanding of the vulnerability management process.
• Good understanding of Manual, Automated Application Security Testing, Automation knowledge, and problem-solving skills.
• Experience with security development, attack and defense solutions for SDLC in a fast-paced environment.
• Understanding of security controls, coding best practices, security standards, code reviews, and design reviews.

Bonus points for:

• Experience working with scripting languages, threat modeling, and DevSecOps,
• Contribution to the security community and other open-source projects, public research, presentations, etc.

Overall, we're looking for someone who is passionate about security, has strong communication skills, and is excited to work in a dynamic and fast-paced environment.

We're excited to see how you'll use your expertise to help us build a stronger, more secure organization! Apply now!

Having substantial operations in over 130 countries, we work across continents, across cultures and with individuals from all walks of life. This drives our ambition, to create equitable and inclusive workplaces where every individual can have a sense of belonging. As an equal opportunity employer, we do not discriminate on the basis of age, ancestry, national or ethnic origin, race, sex, gender identity or expression, sexual orientation, marital status, parental or caring status, religion or belief, physical or mental disability, long term health condition, pregnancy or parental leave, protected veteran status, or any other classification protected by applicable law. We actively work to address systemic bias and support representation. We therefore encourage all to apply and let us know if you require any reasonable adjustments to be made for your recruitment process. Learn more at: https://www.maersk.com/careers/diversity-equity-and-inclusion