Senior Software Cybersecurity Specialist [Technical Risk Assessment] @MMCTech

Company:

MMC Corporate

Description:

We are seeking a talented individual to join our Cyber Risk Management team at Marsh McLennan.
This role is based in Cluj-Napoca, Romania.

The Senior Specialist, Software Security Assessment will play a crucial role in providing in-depth cybersecurity analysis of commercial off-the-shelf software and cybersecurity practices, ensuring secure integration of software-based information systems as part of the MMC technology onboarding process.

We will count on you to:

• Provide an in-depth cybersecurity analysis of commercial of-the-shelf software and cybersecurity practices to integrate software-based information systems in the organization, as a component of MMC technology onboarding process;

• Provide in-depth security risk evaluation on information systems such as software applications, web browser extensions, opensource software, cloud service integration, and wide deployment of software tools.  These security risk-based evaluations will outline adherence to MMC information security policy, standards, and controls; and will include enumerations of risks and recommendations for actions or mitigations to reduce risk;

• Identify of security concerns and the assessment of technical risks in software applications, web browser extensions and plug-ins, opensource components, cloud service integration, and wide deployment of software tools. 

• Engage with the service requesting team to understand the purpose of the software component and its requirements for deployment;

• Review the context of the solution, software sourcing, analysis of vulnerabilities, deployment plans, to ensure alignment to Global Information Security requirements;

• Work with technology teams, technology product owners, desktop engineering, application owners, security leaders, and business teams (stakeholders) to identify the information systems’ security capabilities, security gaps, configuration requirements and technical security implementation recommendations;

• Perform a technical risk evaluation of the information systems, including in-depth technical security aspects, such as the current software vulnerabilities, severity of these vulnerabilities, malware detection, vendor’s security practices such as periodic software vulnerability testing and remediation, patching practices, the use of FIPS 140-2/3 for security requirements for cryptographic modules, and reverse engineering of object code and opensource code and SBOM;

• Produce risk reports and documentation to enable information system’s stakeholders to understand outcomes of analysis, including technical security implementation recommendations, references to appropriate policies and standards and gaps in the solution capability;

• Engage with service requesting teams to understand the purpose of the software-based information system under evaluation and its requirements for deployment;

• Review the software’s security capabilities, address potential security and deployment plans and against applicable security standards and controls to ensure alignment to Global Information Security requirements;

• Participate in larger technology reviews with multiple workstreams and project stakeholders, ensuring the timeliness and quality of the desktop software security review;

• Produce reports and documentation to enable security and technology team members to understand outcomes of security analysis, including references to appropriate policies and standards and gaps in the solution capability;

• Ensuring a timely completion of desktop software assessments. Assess various projects simultaneously by managing the expectation of multiple stakeholders with competing priorities;

• Collaborate with other Technical Risk Assessment team and technology implementation teams within MMC in the creation and improvement of security implementation guidelines and standards, ensuring alignment to policy;

• Advise the global security team on best practices and standards around application security and tools with main focus on comprehensive software security and risk reporting, and with the ultimate goal of enabling application teams to integrate desktop software securely;

• Through training, and collaboration with other technology teams, the Senior specialist, software security will acquire the knowledge, further expertise, and update information and practices to maintaining an excellent level of performance demanded by pervasive security threats and evolving security practices.

What is in it for you?

• An opportunity to work in a fast-growing, innovative company with lots of room for progression and career growth

• A fail-friendly environment that encourages learning and initiative;

• A yearly budget and the opportunity to build your flexible benefits package (up to 20% of your annual salary)

• 30+ days off (25 legal days off, 1 extra day off on your birthday, public holiday replacement days, extra buy/sell from your benefits budget)

• Performance Bonus scheme

• Matching charity contributions, charity days off, and the Pay it Forward charity challenge

• Core benefits - Pension, Life and Medical Insurance, Meal Vouchers, Travel Insurance

• We champion flexible working, and our mission is to help you find YOUR work-life balance, whether that's standard working, flex-time working, or working from home

What you need to have: 

• Bachelor’s degree in IT/Computer Science, or equivalent experience;

• 5+ years of working experience in IT security;

• 3+ years working on software vulnerability assessments;

• Strong knowledge of computer operation systems, software engineering, and software assessment practices;

• In-depth knowledge in software testing, SDLC, information security, technical risk evaluation;

• Experience in software/application analysis tools, such as fuzzers, static code analysis, opensource software composition analysis (SCA);

• Solid understanding of software vulnerability scoring, cryptography, and the FIPS 140-2/3 standards;

• Effective communication skills to all levels of the organization & external contacts;

• Excellent verbal and written communication skills in Romanian and English;

What makes you stand out?

• Experience coding/scripting with common languages such as Java Script, Python & Perl is preferred;

• Solid technical knowledge of information security concepts, such as authentication, access control, network security;

• Deep understanding of identity and access management (IAM) technologies and standards ─inclusive of cloud identity platforms & Microsoft AD─ encryption, networking, firewalls, web applications, on-premises, and cloud application hosting environments.

• Reverse software engineering experience;

• Must be a self-starter, work with limited supervision & be able to work well with others in a globally diverse IT environment;

• CISSP and/or CSSLP certification or other Information Security oriented certifications;

Marsh is the world’s leading insurance broker and risk adviser. With over 35,000 colleagues operating in more than 130 countries, Marsh serves commercial and individual clients with data driven risk solutions and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue approaching US $17 billion and 76,000 colleagues worldwide, MMC helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. Follow Marsh on Twitter @MarshGlobal; LinkedIn; Facebook; and YouTube, or subscribe to BRINK.

At Marsh McLennan, we understand the complexity, and the reality, of the modern career path. If your experience looks a little different from what we’ve identified and you think you would be a great fit for the role, we would love to hear from you.

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.