Location : Beirut
Mission Length : Permanent
Start Date : November 2019 Onwards
Job Role : Technical Officer Application Security
- Position Summary
The Technical Officer Application Security works with DevOps teams to include the "Security by Design" and promote the DevSecOps approach.
- About CMA CGM & Digital Centre
CMA CGM, headed by Rodolphe Saadé, is a leading worldwide shipping group. Its 509 vessels call more than 420 ports in the world on 5 continents. In 2017, they carried nearly 19 million TEUs (twenty-foot equivalent units). With a presence in 160 countries and through its 755 agencies network, the Group employs 34,000 people worldwide, including 2,400 in its headquarters in Marseilles.
CMA CGM Digital Centre is part of the Digital Department which includes Digital Office, Data and Digital Factory. Digital core team is based in Marseilles with Regional Project Managers located in North & South America, Asia and Africa.
CMA CGM Digital Centre mission statement is to create a unifying digital vision and to help rethink and design products and processes for the digital age. This mission is achieved by leveraging the latest technology trends; sourcing best practices from other industries; teaming up with CMA CGM key business departments: Lines, Commercial & Agency Network, Supply Chain & Logistics, Intermodal, Operations and ships; enabling Digital Factory & IT as key partners for execution and realization of projects.
- Position Responsibilities
- Participate in design and architecture discussions.
- Integrate security and compliance into CI/CD Pipeline.
- Implement Risk assessment, Threat modeling.
- Act as technical expert
- Perform security scans and provide recommendations
- Check information system performances are compliant with Service Level Agreements
- Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.
- Identify, evaluate and recommend solutions in order to address problems
- Analyse system's functional and technical data in order to maintain its performance
- Solve IT Technical problems (i.e. system or network & telecom) and implement change if needed
- Participate as security expert on investigations and troubleshooting of It problems
- Provide proposals and make technical recommendations to contribute to information system continuous improvement
- Contribute to applicative and/or evolutive maintenance projects
- Update knowledge bases
- Skills & Qualifications
- Deep understanding of Cloud security controls, containerization, linux system.
- Deep understanding of Containers orchestration.
- Knowlegde of API Security.
- Knowledge of DAST & SAST.
- Awareness and familiarity with data protection principles, encryption.
- Knowledge in Secret Management.
- Experience in OWASP methodologies.
- Experience with Agile methodology.
- Professional security management certification: ISO27001, CISSP, GIAC or CISA preferred.
- Bacchelor Degree in IT security (an asset)
- At least 5 years of relevant professional experience in information technology
- Knowledge of standards, regulations and law governing the security of information (NIST, ISO 27001, GDPR, NIS) an asset
- Knowledge of the shipping industry and the regulations related, an asset
- Analytical skills, pragmatic approach to IT security issues and issues
- Planning, organization and coordination skills
- Ability to properly manage time and priorities
- Leadership, team spirit, creativity, rigor and quality
- Ability to influence through expertise and negotiate with various stakeholders
- Customer-oriented approach
- Bilingual (French and English)