Senior Associate - Application Security

Company Description

Resources is the backbone of Publicis Groupe, the world’s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 4,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury and risk management to help Publicis Groupe agencies do what they do best: create and innovate for their clients.   

In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications and tools to enhance productivity, encourage collaboration and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients.

Job Description

The position requires hands-on experience in application security testing, vulnerability management, and governance. The team lead will support the Global Security Office's existing DevSecOps practice and embed security in SDLC phases. He will need to be familiar with common vulnerabilities and must be proficient in performing manual exploitation of vulnerabilities without the aid of automated tools.

The responsibilities associated with the position are as follows:

• Must be familiar with top industry Application Security testing tools. (HCL AppScan, Checkmarx, Veracode, Burp Suite and Synopsys Seeker)
• Proficient in mobile application penetration testing – android and iOS
• Proficient in Web application and infrastructure penetration testing
• Manual source code reviews of Client /Server-side programming languages and frameworks.
• Assist with implementing and designing automated security checks within the CI/CD.
• Participate in the implementation or deployment of new security tools and processes.
• Must have a strong command over HTTP request/response construction and the manipulation of these to achieve the desired results in exploiting various vulnerabilities. 
• Should be familiar with Metasploit and Python.
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques, protocols etc.
• Expert in DevSecOps with hands-on experience in implementing security aspects in continuous integration, continuous delivery and deployment automation
• Strong oral communications and writing skills are a must.
• Must have a strong command over web application penetration testing or network infrastructure testing.
• Must be a self starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties. 

Qualifications

• Bachelor’s degree within a science or related discipline.
• Good understanding of OWASP Top 10 vulnerabilities, SANS Top 25, OSSTMM, PTES, NIST standards.
• 2-3 years of direct experience in vulnerability and penetration testing.
• OSCP, OSWE, CEH and other technical certifications are a plus.
• A proficient in Jenkins, Docker, Java, Python, Ruby, Perl, Scripting YAML, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing)
• Minimum 2 years experience in Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.)
• 2 years experience of implementing and handling DevSecops Practice.
• Hands-on experience with  Jenkins, Docker, Kubernetes and microservice architecture.
• A ‘can do’ attitude team player who works well under pressure and with dispersed groups, worldwide.
• Mandatory language skills (oral, written and listening) : English

Additional Information

Publicis Groupe Commitment to Diversity & Equity Policy:

Publicis Groupe is deeply committed to diversity and inclusion in spirit and in action at every level of the organization. It reflects our core values and embodies our purpose of building a great company enabling human potential. We have a deep-rooted appreciation for how diversity of thought drives innovation, and we ground that value in a culture of collaboration and connected thinking.  

• Diversity & inclusion are business imperatives on which Publicis Groupe will not negotiate. While fostering a work environment that is inclusive of all talent is a collective responsibility, it is leadership’s job to nurture the career aspirations and goals of all our talent. Promoting gender equality starts at the top and the Groupe will not tolerate anyone speaking for our organization who does not value the importance of inclusion. Publicis Groupe works very hard to champion diversity and will continue to insist that each agency’s leadership be champions of both diversity and inclusion.
• Our Core values “ VIVA LA DIFFERENC’E is based on the very aspect of celebrating differences 
• Our strategy focuses on bringing together teams with diverse perspectives, disciplines, and experiences, because diversity of thought best serves our clients and their customers who they aspire to impact

Equal Employment Commitment:

1. We provide equal opportunities to all our employees and to all eligible applicants for employment in our company. We do not unfairly discriminate on any ground, including race, caste, religion, color, ancestry, marital status, gender, sexual orientation, age, nationality, ethnic origin, disability or any other category protected by applicable law.
2. When recruiting, developing and promoting our employees, our decisions will be based solely on performance, merit, competence and potential.
3. We shall have fair, transparent and clear employee policies which promote diversity and equality, in accordance with applicable law and other provisions of this Code. These policies shall provide for clear terms of employment, training, development and performance management.