Security Engineer, Cyber Security & IT Risk
As a Security Engineer within the team Cyber Security & IT Risk, I divide my time between application security, secure development/DevSecOps processes and IT risk.
Why did you choose to take the job as a Security Engineer? What is best about your role as Security Engineer?
I started off as a consultant and loved everyone I was working with so much that I wanted to stay. I am constantly challenged and always allowed to contribute to whatever new challenge takes my interest. People are respectful and enthusiastic and appreciative of everyone's strengths. For me, though, the best part is the team I get to work with.
Can you describe how a normal work week looks in your role as Security Engineer?
Monday the team meets to discuss goings-on within the organisation and to prioritise. The rest of the week we have short stand-up meetings to air our blockers, get input and give our focus for the day. Most weeks, I spend a lot of time
- interfacing with developers and product owners about risks and vulnerabilities in their products and how to mitigate/avoid them,
- interfacing with our suppliers' security functions,
- updating the Information Security Communication site,
- thinking about ways to secure our processes and products more easily and efficiently, and
- reading and writing documentation and different types of models.
Less frequently, I analyse software and write business cases, create security automations or proofs of concept, interview potential team members, support procurements or participate in incident resolution. It's an extremely varied job!
What kind of person would fit and thrive in the role of Security Engineer with us at PostNord?
We need highly technical people who understand and can formulate security requirements for modern and hybrid IT environments, products and workflows. This is extremely challenging and requires cross-disciplinary cooperation with both IT and business professionals. Having the ability to make information security topics accessible to stakeholders in vastly different domains is a huge advantage, since the object is to help them understand their own security needs and become passionate enough about this new knowledge that they push these changes within their own organisations.
The ability to work on many things at once is very useful, since PostNord is a large organisation, but there is room for both people who are extremely detail-oriented and those who take a more holistic view. People who thrive in our team are humble, critical listeners, solution-oriented, good at taking criticism, proactive, curious and enjoy teamwork, teaching, and inspiring others.