Cyber- Senior Cloud Engineer- Application Security

Job Description

Senior Cloud Engineer- Application Security

Joining Maersk will embark you on a transformational journey with great opportunities for career development within a global organization. Risk is at the heart of our approach to cyber security in Maersk.

A globally focused shipping and transportation organization continues to drive an ambitious and complex change and transformational programme to deliver a service of excellence for its customers and clients worldwide. The
Global CTIO has a mandate from the Maersk board to lead the Technology transformation of Maersk, enabling the
Maersk business strategy to become the global integrator of container logistics through digitizing the Maersk business processes and customer engagement.
The Technology Function is fundamental to enabling the company’s transformation. We are recruiting world-class talent to ensure that the technology services are modernized, enabling Maersk to become a logistics integrator leveraging a competitive advantage through technology.

Role purpose

We are hiring two Senior Application Security Tooling Engineers to uplift our AppSec engineering capability and own the availability, reliability, integration, and lifecycle of the SDLC security toolchain.

This is a platform engineering role, not a frontline service delivery role.

Our AppSec toolset currently centres on GitHub Security following the retirement of Black Duck, and we expect to onboard a broader end-to-end consolidated application security platform in Q4 following an RFI. You will help us run today’s tooling well, and industrialize what comes next.

Important scope note: Infrastructure-as-Code (IaC) scanning is out of scope for this role (already transitioned and owned elsewhere) but in will be advantages if the applicant has this experience.

Tooling scope

• SAST: code scanning pipelines, rule packs, baseline management, CI integration.

• DAST: scanner platform integration, target onboarding automation, safe scanning patterns.

• Secrets detection: repository scanning configuration, custom detectors/patterns, workflow integration.

• SCA and dependency security: configuration, policy enforcement, and reporting integrations.

• RASP / runtime controls (where used): deployment integration, configuration standards, and health monitoring.

• SDLC integrations: CI/CD, developer workflows, ticketing, reporting, identity and access control.

Key responsibilities

1. Tooling reliability and operational ownership

• Own day-to-day health of the AppSec tooling stack: availability, performance, resilience, upgrades, and lifecycle management.

• Define and maintain SLOs, monitoring, alerting, capacity planning, and incident playbooks/runbooks.

• Establish clear support and maintenance procedures aligned to a platform-team model (frontline ops teams consume the tools and deliver the services).

2. SDLC integration and developer enablement

• Build and maintain secure, reusable CI/CD integrations (templates, standard pipelines, reusable workflows).

• Deliver friction-reducing automation: self-service onboarding, safe defaults, guardrails, and consistent configuration across repositories.

• Integrate tooling outputs into operational workflows (ticketing, reporting, and triage queues owned by frontline ops).

3. Governance, access control, and enterprise fit

• Ensure tooling aligns to enterprise needs: SSO/SAML, RBAC, audit logging, data handling, and platform security requirements.

• Produce clear documentation and reference patterns: how to onboard, how to maintain, and what good looks like.

• Partner with platform/DevOps teams to make changes safely with minimal business impact.

4. Tool strategy and onboarding (Q4 consolidation)

• Support evaluation activities: hands-on trials, integration prototypes, scoring input, and fit-for-environment validation.

• Plan and execute onboarding/migration: architecture, rollout waves, communications, deprecation strategy, and measurable adoption.

• Ensure cost, performance, and data impacts are understood and controlled.

What you will not be doing

• You are not the primary triage team for findings (SAST/DAST/Secrets etc).

• You are not accountable for operational remediation delivery.

• You may improve signal quality through platform configuration and standardisation, but ownership of queues sits with frontline ops.

Skills and experience

Must have

• 8+ years of Strong background in platform engineering, DevSecOps, or security tooling engineering with a track record of running production-grade tooling.

• Proven experience integrating security tooling into CI/CD at scale (workflow templates, reusable automation, API integration).

• Proven experience onboarding security tooling from scratch, including requirements gathering, drafting RFI/RFP documents, vendor scoring, proof-of-concepts, evaluation, contract finalisation, structured adoption planning, and leading enterprise-scale rollout/migration.

• Solid scripting/coding ability (e.g., Python, Go, or similar) and comfort with infrastructure-as-code concepts.

• Good operational instincts: debugging, incident response, change management, and writing runbooks people actually use.

• Ability to work across teams and influence outcomes without owning everyone’s priorities.

• Ability to translate technical concepts into clear, pragmatic options for senior stakeholders, product owners, and engineering teams.

• Strong documentation habits: runbooks, onboarding guides, reference architectures, and decision records that stay current.

Nice to have

• Experience building or operating an end-to-end AST stack (SAST, DAST, Secrets, SCA, SBOM, runtime signals).

• Familiarity with GitHub security configuration at enterprise scale (policy standardization, repo onboarding automation, reporting).

• Experience with vendor onboarding/migrations (RFI/RFP support, pilots, phased rollout).

Relevant technologies

• Tooling: GitHub Advanced Security, Checkmarx, SonarQube, Veracode (and equivalent platforms).

• CI/CD: GitHub Actions, Azure DevOps, Jenkins.

• Cloud: AWS and Azure.

What success looks like (first 6–12 months)

• Tooling availability is stable and measurable (SLOs, dashboards, low unplanned downtime).

• Onboarding is repeatable and self-service, with consistent patterns across teams.

• Scan failures and integration issues reduce materially due to better standards and automation.

• Q4 tool onboarding is executed in controlled phases with minimal disruption and clear adoption outcomes.

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing accommodationrequests@maersk.com.