Senior Consultant - SecDevOps
We are looking for senior consultants to assist customers in understanding the technical risks and vulnerabilities in their IT portfolios.
We are looking for experienced candidates who combine technical expertise and academic dedication with business understanding and communication skills. You have worked for a while with security or within related disciplines, and want to develop your professional profile further and become a trusted advisor within the security profession.
Maybe you have already worked with security for a number of years? You can also be a developer who is passionate about creating more secure solutions and building your own testing tools, a sysadmin with experience from complex IT environments, a technical architect who has worked with security in major development projects, or a security analyst that solves "Capture the Flag" competitions as a hobby. Anyways, you understand how technology works, you pick things apart and put them back together afterwards, and work hands-on to solve demanding problems in creative ways.
mnemonic responds to the region’s most serious cyberattacks. We work side by side with Europe’s most important organisations and critical infrastructure to protect them from the cyberattacks they see today, and what they can expect to see tomorrow.
At more than 400 employees, we are amongst the largest pure play security companies in Europe, and continue to grow rapidly in Norway and internationally. In addition, we are continually ranked by Great Place to Work as one of Norway’s and Europe’s top workplaces.
You will be working with
As a Security Consultant working with application security in mnemonic, you will get the opportunity to work with a wide range of tasks, for example:
- Perform vulnerability analyses and penetration tests of web applications, API and mobile apps.
- Perform code revision and analyse code for zero-days.
- Establish processes and create technical tools for secure development and DevSecOps.
- Establish processes and create technical tools for security testing and handling vulnerabilities.
- Be a part of the development team as a “Security Champion”.
- Give advice on security architecture and solution design.
- Assist in procurement processes and outsourcing.
- Assist with the establishment of cloud solutions and migration, and establish routines for secure operation.
- Establish and development internal test and automation tools.
What you will bring
We are looking for someone that:
- Has relevant certifications from infosec and pentesting.
- Enjoys working hands-on with technology, picking things apart to understand how they work.
- Has experience with security related work within agile development, DevOps/DevSecOps, Cloud, microservices, serverless computing, automation, and relevant technologies.
- Works structurally and independently, and takes responsibility for his or her own deliveries.
- Has experience implementing, assessing, operating, or developing in a DevOps environment.
- Has experience with modern DevOps tooling and technologies, including but not limited to:
- Kubernetes
- Gitlab, Azure devOps, AWS devOps ecosystem, etc.
- Public Cloud(AWS or Azure)
- Infrastructure as code (IaC)
- Developing in cloud environments
- Has knowledge or experience securing DevOps pipeline infrastructure.
- Has experience building a DevOps pipeline from the ground up.
- Has experience using or implementing common security tools in DevOps pipelines, including but not limited to:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Image scanning
- Dependency scanning
- Interactive application security testing (IAST)
- Wants to further develop their security skills and become an expert in his or her field.
- Has the ability to clearly communicate complex technical information, verbally and in writing.
- Has consultancy experience.
If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application.
Relevant certifications
- Offensive Security Certified Professional (OSCP)
- GIAC Web Application Penetration Tester (GWAPT)
- Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK)
- General project and method certifications (ITIL, ISTQB, PRINCE2, Scrum, etc.)
- CISSP, CISA
What we can offer
- An informal and pleasant working environment that provides opportunities for growth, influence and variations in tasks
- Competitive salary, share program and bonus scheme that promotes a long-term employment outlook, including attractive pension and insurance coverage
- Opportunities for relevant professional training (courses) and conferences
- We place a strong emphasis on workplace well-being and teambuilding through social activities, events and trips with colleagues. In addition, we have an inclusive environment that promotes work-life balance and accommodates to families.
- Our HQ is centrally located in Solli plass with work from home opportunities
- A workplace that is ranked as one of the best in Europe. In Norway we have been amongst the top 10 workplaces for 10 years in a row. This year, we won our category!
How do I apply?
Email us at [email protected] and write "TRS-SecDevOps" in the subject field. Add a text about why you are right for the job, and your CV.
If you have publications or projects you have worked on that you think represent your technical skills or ability to communicate, please attach or refer to these.
Background check
We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance.
Do you have questions about a career in mnemonic?
Learn more about what it's like to be a developer in mnemonic.