Apply now »

Technology Specialist - Security

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

Your responsibilities would include:

 

  • designing, development and implementation of security measures for solutions deployed into various cloud, hybrid, and on-premise systems in HEINEKEN environment
  • ensuring security by design principles are upheld in the implemented products

  • ensuring embedding of joint security responsibility models definition related to federated governance systems
  • providing input and feedback on security architectures/setup/configuration
  • performing risk assessments on any new resource/application/functionality implemented in the cloud platforms
  • participating in the Security and Quality assurance chapter and help embed security by design mindset into the HEINEKEN organization
  • ensuring performance and automation of compliance and security controls
  • supporting product teams in security decisions related to the product platforms
  • supporting in automating continuous security testing for the product platforms
  • supporting in resolving any security related audit or compliancy issues.


You are a good candidate if you have:

 

  • 1-3 years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level
  • operational experience in securing one or more of the following solutions:

o low /no-code platforms
o robotics process automation (e.g. UiPath)
o integration and middleware platforms (Boomi, API Connect, SAP PO)
o SLDC Tools (E.g. AzureDevOps, Confluence, Zephyr, SonarQube)
o Microsoft Powerplatforms

  • a solid understanding and have experience with systems automation platforms and technologies
  • certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar are a plus
  • knowledge of industry standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT), the Cyber Kill Chain & MITRE ATT&CK framework
  • ability to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message
  • bachelor’s degree or equivalent experience
  • passion for security and enjoys solving problems
  • understanding the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do.
  • excellent knowledge of English, written and verbal
  • experience with outsourced managed services
  • experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions


Content/Technical experience:

 

  • knowledge of industry-standard security frameworks for information systems (CVSS, CIS Benchmarking, OWASP, NIST, ISO 27001/2, CSA, COBIT)
  • relevant technical knowledge on securing platforms/solutions such as robotics automation platforms, low/no-code platforms, integration and middleware (for a complete list see section above).

 

Basic knowledge of:

 

  • working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
  • identity and access management
  • securing other infrastructure. E.g.: Active Directory, Azure AD)
  • system security (operating systems, applications), networking, and web applications
  • enabling services (e.g. NTP, SMTP, patching, Antivirus)
  • server infrastructure (VMWare ESXi, storage, Azure, AWS)
  • basic cryptography knowledge (basic algorithm knowledge)
  • DB security knowledge
  • authentication protocol knowledge
  • key storage solutions, security monitoring solutions (e.g. Splunk), SSO, security solutions (SSL, Remote Access, IPSEC, Reverse Proxy, IDS/IPS, Firewall)


We Offer:


Job Segment: Middleware, Quality Assurance, Network, Information Systems, SAP, Technology

Apply now »