Security Officer - Security Development Lifecycle
Polestar
OBS! Ansökningsperioden för denna annonsen har passerat.
Arbetsbeskrivning
We are currently looking for a Security Officer to improve our Security Development Lifecycle (SDLC) for the Polestar IT landscape worldwide.
If you are reading this, you probably already know that Polestar is an electric performance car brand. We work hard to create a unique experience for the customer, owner, and driver. The thrill of driving the car, the digital experience of buying, owning, and controlling a Polestar require us to push the limits of technology and software development. Sustainability has been there from the beginning, and we have set a moonshot goal for climate-neutral cars in 2030. There is an ocean of opportunities in this for talented IT professionals who want to dive in and make a difference.
The Information Security Department
The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more markets will come at a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cybersecurity-related and to protect against that a solid foundation of security practices is needed.
The department is organized in several areas. This role will be in the Security Competence Support area that is supporting the Polestar organization with security processes and skills. The idea is to build a network of Security Champions in the development organization and work with and through them to secure the IT landscape by defining and perform the roll-out of an SDLC where you will play a central role.
The other areas in the InfoSec department will provide other specialized skills, like cryptography, Red Team/Pen testing, Security Architecture, and Privacy to name a few. People that are interested in security sometimes have a somewhat diverse background and skill base. So will your colleagues and we will all complement each other.
About the role
The role will have as a main mission to set up SDLC in many of the teams and work with the delivery units in Polestar and guide them on what to do in information and cyber security as part of their development. You will use Threat Modeling as the main tool to bring awareness of the need for SDLC practices and then help the teams scope and assess risks and mitigations. Then as a next step, rollout SDLC practices as Secure Coding, different analysis tools, etc.
In Polestar we are still a new company. You will need to be able to both work with SDLC and also chip in and bring your superpowers to use in other areas. You will report to the CISO of Polestar.
What you will do
Define and rollout an SDLC process that balances speed with risk. Polestar is a fast-moving company so the security practices you select for rollout will have to be efficient and concrete.
Assist in the training of users and InfoSec staff in SDLC in “on the job” fashion with workshops or short training sessions to give a group of developer’s new insights
Balance security with convenience. If practice becomes too cumbersome, users will find ways around it. We must focus on the efficiency of the employees as we are still a small organization and all the employee's time is crucial to protect.
Threat watch is essential. This is, of course, a collective thing but you need to take special care of the threats for the department you currently are helping, like Ransomware or even Internal Fraud risk in the finance area. We are about to launch Threat Modeling as a great way to put the finger on areas that are sensitive in a way that people can understand. There is an infinite number of good practices out there, but the real risks based on a real threat agent using a vulnerability are a different thing. So, you need to master the difference between risks and vulnerability.
Together with the CISO and other colleagues in the same role, you will be responsible for the SDLC with all the practices and guidelines targeting the developers and other stakeholders involved.
In many countries, legislation is driving investments into the security area. Data protection, privacy, and car-related legislation are on the rise and it is part of the job to ensure that we are compliant in full and SDLC is needed in order to comply. But we do not do it for compliance only, our main mission is to have state-of-the-art security and not a paper product.
Personal Qualities
At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution.
You want to create the best and most efficient protection for the company
Open-minded. While you shape and create, the reflection on how security is adapted to the
You can express what people must or need to do in a clear and convincing way
Manage workshops and working through others
Experience of SDLC rollouts and skills in any of the areas Cloud, Mobile, and Embedded/Car is a must
Good understanding of the current threat landscape and how to protect against them in an effective manner
Good scoping skills. Understanding legal requirements and incorporate that into your solution proposal is a plus.
Risk management and Threat Modeling is a big plus
Questions?
If you have questions, contact
John Karman Head of Information Security (CISO) +46 734340612 john.karman@polestar.com
Polestar - the guiding star
Polestar is an electric performance brand, determined to improve the society we live in by catalyzing the change to sustainable mobility. We are a global team of highly talented individuals who share a passion to change the world. We challenge conventions and we challenge ourselves for the purpose of innovation. We believe innovation is a team effort and that just like each component is critical to the performance of our cars each person working at Polestar is as important to the team and its performance. We work in close collaboration across empowered global teams that don’t settle for anything less than excellence.
At Polestar, the sky is the limit.
Is this you? If you are interested in joining the Polestar family, don't wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.
If you are reading this, you probably already know that Polestar is an electric performance car brand. We work hard to create a unique experience for the customer, owner, and driver. The thrill of driving the car, the digital experience of buying, owning, and controlling a Polestar require us to push the limits of technology and software development. Sustainability has been there from the beginning, and we have set a moonshot goal for climate-neutral cars in 2030. There is an ocean of opportunities in this for talented IT professionals who want to dive in and make a difference.
The Information Security Department
The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more markets will come at a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cybersecurity-related and to protect against that a solid foundation of security practices is needed.
The department is organized in several areas. This role will be in the Security Competence Support area that is supporting the Polestar organization with security processes and skills. The idea is to build a network of Security Champions in the development organization and work with and through them to secure the IT landscape by defining and perform the roll-out of an SDLC where you will play a central role.
The other areas in the InfoSec department will provide other specialized skills, like cryptography, Red Team/Pen testing, Security Architecture, and Privacy to name a few. People that are interested in security sometimes have a somewhat diverse background and skill base. So will your colleagues and we will all complement each other.
About the role
The role will have as a main mission to set up SDLC in many of the teams and work with the delivery units in Polestar and guide them on what to do in information and cyber security as part of their development. You will use Threat Modeling as the main tool to bring awareness of the need for SDLC practices and then help the teams scope and assess risks and mitigations. Then as a next step, rollout SDLC practices as Secure Coding, different analysis tools, etc.
In Polestar we are still a new company. You will need to be able to both work with SDLC and also chip in and bring your superpowers to use in other areas. You will report to the CISO of Polestar.
What you will do
Define and rollout an SDLC process that balances speed with risk. Polestar is a fast-moving company so the security practices you select for rollout will have to be efficient and concrete.
Assist in the training of users and InfoSec staff in SDLC in “on the job” fashion with workshops or short training sessions to give a group of developer’s new insights
Balance security with convenience. If practice becomes too cumbersome, users will find ways around it. We must focus on the efficiency of the employees as we are still a small organization and all the employee's time is crucial to protect.
Threat watch is essential. This is, of course, a collective thing but you need to take special care of the threats for the department you currently are helping, like Ransomware or even Internal Fraud risk in the finance area. We are about to launch Threat Modeling as a great way to put the finger on areas that are sensitive in a way that people can understand. There is an infinite number of good practices out there, but the real risks based on a real threat agent using a vulnerability are a different thing. So, you need to master the difference between risks and vulnerability.
Together with the CISO and other colleagues in the same role, you will be responsible for the SDLC with all the practices and guidelines targeting the developers and other stakeholders involved.
In many countries, legislation is driving investments into the security area. Data protection, privacy, and car-related legislation are on the rise and it is part of the job to ensure that we are compliant in full and SDLC is needed in order to comply. But we do not do it for compliance only, our main mission is to have state-of-the-art security and not a paper product.
Personal Qualities
At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution.
You want to create the best and most efficient protection for the company
Open-minded. While you shape and create, the reflection on how security is adapted to the
You can express what people must or need to do in a clear and convincing way
Manage workshops and working through others
Experience of SDLC rollouts and skills in any of the areas Cloud, Mobile, and Embedded/Car is a must
Good understanding of the current threat landscape and how to protect against them in an effective manner
Good scoping skills. Understanding legal requirements and incorporate that into your solution proposal is a plus.
Risk management and Threat Modeling is a big plus
Questions?
If you have questions, contact
John Karman Head of Information Security (CISO) +46 734340612 john.karman@polestar.com
Polestar - the guiding star
Polestar is an electric performance brand, determined to improve the society we live in by catalyzing the change to sustainable mobility. We are a global team of highly talented individuals who share a passion to change the world. We challenge conventions and we challenge ourselves for the purpose of innovation. We believe innovation is a team effort and that just like each component is critical to the performance of our cars each person working at Polestar is as important to the team and its performance. We work in close collaboration across empowered global teams that don’t settle for anything less than excellence.
At Polestar, the sky is the limit.
Is this you? If you are interested in joining the Polestar family, don't wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.
Sammanfattning
- Arbetsplats: Polestar
- 1 plats
- Tills vidare
- Heltid
- Fast månads- vecko- eller timlön
- Publicerat: 21 oktober 2021
- Ansök senast: 9 april 2022
Liknande jobb
18 mars 2024
13 februari 2024
Business Consultant IT
Quest Consulting Sverige AB
19 januari 2024
6 december 2023