Share this job
Apply now »







Title:  Application Security Manager

Job ID:  58837
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Madrid, MD, ES, 13799


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend. And why we’ve been awarded Global Top Employer status, six years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more: jti.com

What this position is about - Purpose:


The mission of the Technical Security Centre team is to provide security expertise and best practices to other IT functions by ensuring consistent and high-security standards are applied in the development and ongoing evolution of the JTI IT infrastructure and business applications. The scope includes, but is not limited to, corporate networks, workstations, servers, mobile devices, business applications, unified communications, the Internet, and related IT services.


What will you do - Responsibilities:


  • Ensures that technical security standards are predefined and implemented across all IT systems to secure the integrity of JTI's Application Security landscape from internal and external threats, makes proposals on the implementation of best security practice; 
  • Maintains and implements changes to application security, working to identify improvements to support JTI IT and business customers; 
  • Develops/maintains security tools to support accurate and efficient delivery of the security solutions will be required;
  • Secures the JTI Application landscape from internal and external threats, accesses control and protection, secures software development lifecycle; 
  • Works closely with the Information Security Architect(s), Network and System Security Managers, Continuous Assurance Manager, and Global IT teams to review and build new technical solutions in accordance with the security and business requirements; 
  • Stays abreast of evolving technology and keeps management aware of new trends, technology, and security industry best practices and how they could be incorporated as part of the global technical security strategy; 
  • Supports the Operations team in the effort of analyzing and assessing the criticality and risks when dealing with security incidents, ensuring follow up until final resolution using the proper escalation mechanism when relevant;
  • Provides security expertise to support the daily operations and effective performance of the business solution when required (application/support maintenance); 
  • Works within and strives to exceed all internal SLAs and IT KPIs when providing service to the business; 
  • Safeguards the entire DevOps environment (considering Azure DevOps, Gitlab, Github, or any other CI/CD environment) through strategies, policies, processes, and technology.


Who are we looking for - Requirements:   


  • University computer engineering degree and relevant experience in IT; CISSP, CEH are a plus;
  • 5+ years of Secure Application Development, Application Security management, Ethical Hacking;
  • Experience in the Application environment of an international corporation in a multicultural environment;
  • Specialist in security technologies. Web-based security technology and complex application security solution design & review is mandatory;
  • 2+ years of Project Management experience;
  • Excellent team player and communication skills;
  • Preferably manage their own blog, be active as security evangelist or in publishing discovered vulnerabilities;
  • Analytical, organized, and efficient;
  • Sets priorities to meet objectives;
  • Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance, PCI DSS;
  • Knowledge of DevSecOps lifecycle and security tasks or operations to be included as part of DevSecOps lifecycle; Hands-on experience with automated testing solutions integration (SAST, DAST, IAST, SCA) like Fortify, Veracode, Checkmarx, Synopsys, etc. 

Job Segment: Corporate Security, Engineer, Developer, Manager, Security, Engineering, Technology, Management

Apply now »