PortXchange, a tech start-up powered by the Port of Rotterdam, focuses on providing data driven process optimization in shipping. This introduces unique challenges with respect to data sharing and data protection. We are currently scaling our solution to multiple ports and want to scale our security as well. As a Security Officer you will be responsible for the technical security aspect of software development as well as the compliance and education aspect for the whole company. Development teams within PortXchange fully embraced DevOps with an SRE and security mindset. To facilitate these teams as effectively as possible, they have the backing of specialists in the area’s of security, privacy, compliance, and legal. As the security specialist within PortXchange you are responsible for enabling, supporting, and challenging development teams to remain compliant with contracts and regulations, become resilient against threats, while minimizing the impact on innovation.
About the Role:
- Advise the management team on Security and Compliance
- Prepare and implement ISO 27001 at PortXchange
- Align the daily way of working with the high-level security and compliance standards
- Improve and implement the security and compliance processes
- Assist development teams with security challenges
- Train and discuss threat models created by development teams
- Help design and assist in implementing security controls in applications, infrastructure, and build pipelines
- Be involved in the prevention, response, and follow-up of incidents
- Coordinate resolving issues identified in pentests, bug bounties, and responsible disclosure programs
You are a critical thinker with a strong focus on details and efficiency. You are pragmatic and understand the need to minimize interruption for development deployments while maximizing quality, and you have a progress- over- process mindset. You are a self-starter who has been in charge of setting up strategies and running security programs. You are communicative, a good listener, and able to quickly identify problems and come up with solutions. You have a broad security background, and understand enough of compliance and regulations to determine the impact and determine the most efficient approach. It is a big plus if you can help teams on a technical level with security challenges in amazon services, Kubernetes, Terraform, Scala, Typescript. If you do not have this knowledge yet, we expect you to become knowledgeable as part of the job. Certificates like GPEN, GWAPT, OSCP, CISSP, CSSLP, CISM, CIPP/E, CIPT, or Amazon (security) certificates are appreciated,
but not mandatory. It would be nice if you are more than familiar with Site Reliability Engineering and have experience working in an agile environment.
- Contribute in making amazing software and connect ports worldwide
- Learn, work and have fun with bright minds
- Use the latest hardware
- Monthly R&D time
- Good balance between onsite and working from home
- A competitive salary, with good benefits
- Good secondary benefits
- (Personal development budget)
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
Want to apply?
Please send an email with your resume to recruitment @ port-xchange.com