Utwórz profil, aby pracodawcy mogli Cię znaleźć, otrzymywać lepiej dopasowane oferty pracy i szybciej aplikować.
  • Wyszukiwanie ofert pracy
  • Zapisane
  • Stwórz CV
    Nowe
  • Wynagrodzenia
  • Subskrypcje

Head of Security at Toshiba

Xenoss

The  Head of  Security (Application & Cloud Security)is responsible for designing, implementing, and managing the security strategy for the TGCS’s applications, cloud environments, and DevSecOps processes. This role focuses on securing software development, cloud infrastructure, and ensuring compliance with industry security frameworks. The ideal candidate will lead security initiatives, partner with engineering teams including our Toshiba Security Governance in Japan, and establish robust security controls to safeguard applications, data, and cloud-based assets from threats. 

Key Responsibilities  

Security Strategy & Leadership  

  • Define and execute the  application and cloud security strategy , aligning with business and SaaS objectives. 
  • Lead the  Application Security (AppSec) and Cloud Security teams, ensuring best-in-class security practices. 
  • Drive a  security-first culture across development and infrastructure teams. 
  • Provide executive leadership with regular security updates, risk assessments, and mitigation plans. 
  • Evaluate and implement  modern security tools and technologies to enhance security posture. 

Application Security & DevSecOps  

  • Integrate  security into the software development lifecycle (SDLC) , enabling secure-by-design development. 
  • Implement and manage  SAST, DAST, and SCA tools for automated security testing. 
  • Define  secure coding standards and provide guidance to development teams. 
  • Work closely with  DevOps teams to implement  DevSecOps practices , automating security within CI/CD pipelines. 
  • Lead threat modeling exercises and penetration testing to identify vulnerabilities in applications. 

Cloud Security & Infrastructure Protection  

  • Design and enforce  security best practices for multi-cloud and hybrid cloud environments (AWS, Azure, GCP). 
  • Implement  cloud security posture management (CSPM) solutions to monitor and secure cloud configurations. 
  • Ensure  identity and access management (IAM) policies , encryption, and zero-trust principles are followed. 
  • Monitor and respond to  cloud security incidents , working closely with IT and SOC teams. 
  • Lead compliance efforts for  ISO 27001, SOC 2, NIST, GDPR, and other cloud security frameworks

Threat Detection, Incident Response & Risk Management  

  • Oversee  security monitoring, log analysis, and threat intelligence for cloud and application environments. 
  • Implement  SIEM, XDR, and SOAR solutions for real-time security event detection and response. 
  • Define  incident response playbooks for cloud and application security threats. 
  • Conduct  regular security audits, red teaming, and penetration testing to identify and mitigate risks. 

Compliance, Governance & Security Awareness  

  • Ensure compliance with industry security standards ( NIST, OWASP, CSA, ISO 27001, SOC 2, GDPR, CCPA ). 
  • Lead  cloud security risk assessments , ensuring vendors and third parties meet security requirements. 
  • Develop and enforce  security policies, training programs, and awareness campaigns
  • Partner with legal and compliance teams to ensure data protection and privacy regulations are met.

Qualifications & Experience  

  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field. 
  • 10+ years of experience in  application security, cloud security, or cybersecurity leadership roles. 
  • Expertise in securing Azure, GCP, AWS and Kubernetes environments
  • Strong background in  DevSecOps, CI/CD security, and software security principles
  • Hands-on experience with  SAST, DAST, SCA, CSPM, and SIEM tools
  • Deep knowledge of  cloud security frameworks (CIS Benchmarks, CSA, NIST, OWASP Cloud-Native Security)
  • Strong understanding of  identity and access management (IAM), zero trust, and container security

Preferred Certifications  

  • CISSP (Certified Information Systems Security Professional) 
  • CCSP (Certified Cloud Security Professional) 
  • OSCP (Offensive Security Certified Professional) 
  • CISM (Certified Information Security Manager) 
  • Azure Certified Security - Specialty, Google Cloud Security Engineer, or AWS Security Engineer
Oferta pracy dodana 1 dzień temu