Cyber- Senior Cloud Engineer- Application Security

Senior Cloud Engineer- Application Security

Joining Maersk will embark you on a transformational journey with great opportunities for career development within a global organization. Risk is at the heart of our approach to cyber security in Maersk.

A globally focused shipping and transportation organization continues to drive an ambitious and complex change and transformational programme to deliver a service of excellence for its customers and clients worldwide. The
Global CTIO has a mandate from the Maersk board to lead the Technology transformation of Maersk enabling the
Maersk business strategy to become the global integrator of containerlogisticsthrough digitizing the Maersk business processes and customer engagement.
The Technology Function is fundamental to enabling the companys transformation. We are recruiting world-class talent to ensure that the technology services are modernized enabling Maersk to becomea logisticsintegratorleveraginga competitive advantage through technology.

Role purpose

We are hiring two Senior Application Security Tooling Engineers to uplift our AppSec engineering capability and own the availability reliability integration and lifecycle of the SDLC security toolchain.

This is a platform engineering role not a frontline service delivery role.

Our AppSec toolset currently centres on GitHub Security following the retirement of Black Duck and we expect to onboard a broader end-to-endconsolidatedapplication security platform in Q4 following an RFI. You will help us run todays tooling well and industrialize what comes next.

Important scope note: Infrastructure-as-Code (IaC) scanning is out of scope for this role (already transitioned and owned elsewhere) but in will be advantages if the applicant has this experience.

Tooling scope

• SAST: code scanning pipelines rule packs baseline management CI integration.

• DAST: scanner platform integration target onboarding automation safe scanning patterns.

• Secretsdetection: repository scanning configuration custom detectors/patterns workflow integration.

• SCA and dependency security: configuration policy enforcement and reporting integrations.

• RASP / runtime controls (where used): deployment integration configuration standards and health monitoring.

• SDLC integrations: CI/CD developer workflows ticketing reportingidentityand access control.

Key responsibilities

1. Tooling reliability and operational ownership

• Own day-to-day health of the AppSec tooling stack: availability performance resilience upgrades and lifecycle management.

• Define and maintain SLOs monitoring alerting capacity planning and incident playbooks/runbooks.

• Establish clear support and maintenance procedures aligned to a platform-team model (frontline ops teams consume the tools and deliver the services).

2. SDLC integration and developer enablement

• Build andmaintainsecure reusable CI/CD integrations (templates standard pipelines reusable workflows).

• Deliver friction-reducing automation: self-service onboarding safe defaults guardrails and consistent configuration across repositories.

• Integrate tooling outputs into operational workflows (ticketing reporting and triage queues owned by frontline ops).

3. Governance access control and enterprise fit

• Ensure tooling aligns to enterprise needs: SSO/SAML RBAC audit logging data handling and platform security requirements.

• Produce clear documentation and reference patterns: how to onboard how tomaintain and what good looks like.

• Partner with platform/DevOps teams to make changes safely with minimal business impact.

4. Tool strategy and onboarding (Q4 consolidation)

• Support evaluation activities: hands-on trials integration prototypes scoring input and fit-for-environment validation.

• Plan and execute onboarding/migration: architecture rollout waves communications deprecation strategy and measurable adoption.

• Ensure cost performance and data impacts are understood and controlled.

What you will not be doing

• You are not the primary triage team for findings (SAST/DAST/Secretsetc).

• You are not accountable for operational remediation delivery.

• You may improve signal quality through platform configuration andstandardisation but ownership of queues sits with frontline ops.

Skills and experience

Must have

• 8 years ofStrong background in platform engineeringDevSecOps or security tooling engineering witha track recordof running production-grade tooling.

• Proven experience integrating security tooling into CI/CD at scale (workflow templates reusable automation API integration).

• Proven experience onboarding security tooling from scratch including requirements gathering drafting RFI/RFP documents vendor scoring proof-of-concepts evaluation contractfinalisation structured adoption planning and leading enterprise-scale rollout/migration.

• Solid scripting/coding ability (e.g. Python Go or similar) and comfort with infrastructure-as-code concepts.

• Good operational instincts: debugging incident response change management and writing runbooks peopleactually use.

• Ability to work across teams and influence outcomes without owning everyones priorities.

• Ability to translate technical concepts into clear pragmatic options for senior stakeholders product owners and engineering teams.

• Strong documentation habits: runbooks onboarding guides reference architectures and decision records that stay current.

Nice to have

• Experience building oroperatingan end-to-end AST stack (SAST DAST Secrets SCA SBOM runtime signals).

• Familiarity with GitHub security configuration at enterprise scale (policystandardization repo onboarding automation reporting).

• Experience with vendor onboarding/migrations (RFI/RFP support pilots phased rollout).

Relevant technologies

• Tooling: GitHub Advanced SecurityCheckmarx SonarQube Veracode (and equivalent platforms).

• CI/CD: GitHub Actions Azure DevOps Jenkins.

• Cloud: AWS and Azure.

What success looks like (first 612 months)

• Tooling availability is stable and measurable (SLOs dashboards low unplanned downtime).

• Onboarding is repeatable and self-service with consistent patterns across teams.

• Scan failures and integration issues reduce materially due to better standards and automation.

• Q4 tool onboarding is executed in controlled phases with minimal disruption and clearadoptionoutcomes.