Xenoss

Project

Toshiba is the global market share leader in retail store technology. As retail’s first choice for integrated in-store solutions, Toshiba’s innovative technology enhances customer engagement, transforms in-store experience, and accelerates the digital transformation of the retail industry. Today, Toshiba is in a position wherein it defines dominating practices of retail automation and advances the future of retail.

The product is aimed at comprehensive retail chain automation and covers all work processes of large retail chain operators. The product covers retail store management, warehouse management, payment systems integration, logistics management, hardware/software store automation, etc.
The product is already adopted by the market, and the biggest US and global retail operators are among the clients.

Technology Stack

Azure Databricks, Apache Spark (PySpark) , Delta Lake , ADF , Synapse , Python ,SQL, Power BI, MongoDB/CosmosDB, PostgreSQL, Terraform, Jenkins

What you will do

We are looking for an experienced Azure Databricks Engineer to join our team and contribute to building and optimizing large-scale data solutions. You will be responsible for working with Azure Databricks and Power BI , writing efficient Python and SQL scripts, and optimizing data workflows to ensure performance and scalability, building meaningful reports.

Must-have skills

• Bachelor’s or Master’s degree in Data Science, Computer Science or related field.
• 3+ years of experience as a Data Engineer or in a similar role.
• Proven experience in data analysis, data warehousing, and data reporting.
• Proven experience in Azure Databricks ( python, pytorch), Azure infrastructure
• Experience with Business Intelligence tools like Power BI.
• Proficiency in querying languages like SQL.
• Strong problem-solving skills and attention to detail.
• Proven ability to translate business requirements into technical solutions.

Nice-to-have skills

• Knowledge and experience in e-commerce/retail

Summary

The Head of Security (Application & Cloud Security) is responsible for designing, implementing, and managing the security strategy for the TGCS’s applications, cloud environments, and DevSecOps processes. This role focuses on securing software development and cloud infrastructure and ensuring compliance with industry security frameworks. The ideal candidate will lead security initiatives, partner with engineering teams including our Toshiba Security Governance in Japan, and establish robust security controls to safeguard applications, data, and cloud-based assets from threats.

Key Responsibilities

Security Strategy & Leadership

• Define and execute the application and cloud security strategy, aligning with business and SaaS objectives.
• Lead the Application Security (AppSec) and Cloud Security teams, ensuring best-in-class security practices.
• Drive a security-first culture across development and infrastructure teams.
• Provide executive leadership with regular security updates, risk assessments, and mitigation plans.
• Evaluate and implement modern security tools and technologies to enhance security posture.

Application Security & DevSecOps

• Integrate security into the software development lifecycle (SDLC), enabling secure-by-design development.
• Implement and manage SAST, DAST, and SCA tools for automated security testing.
• Define secure coding standards and provide guidance to development teams.
• Work closely with DevOps teams to implement DevSecOps practices, automating security within CI/CD pipelines.
• Lead threat modeling exercises and penetration testing to identify vulnerabilities in applications.

Cloud Security & Infrastructure Protection

• Design and enforce security best practices for multi-cloud and hybrid cloud environments (AWS, Azure, GCP).
• Implement cloud security posture management (CSPM) solutions to monitor and secure cloud configurations.
• Ensure identity and access management (IAM) policies, encryption, and zero-trust principles are followed.
• Monitor and respond to cloud security incidents, working closely with IT and SOC teams.
• Lead compliance efforts for ISO 27001, SOC 2, NIST, GDPR, and other cloud security frameworks.

Threat Detection, Incident Response & Risk Management

• Oversee security monitoring, log analysis, and threat intelligence for cloud and application environments.
• Implement SIEM, XDR, and SOAR solutions for real-time security event detection and response.
• Define incident response playbooks for cloud and application security threats.
• Conduct regular security audits, red teaming, and penetration testing to identify and mitigate risks.

Compliance, Governance & Security Awareness

• Ensure compliance with industry security standards (NIST, OWASP, CSA, ISO 27001, SOC 2, GDPR, CCPA).
• Lead cloud security risk assessments, ensuring vendors and third parties meet security requirements.
• Develop and enforce security policies, training programs, and awareness campaigns.
• Partner with legal and compliance teams to ensure data protection and privacy regulations are met.

Qualifications & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• 10+ years of experience in application security, cloud security, or cybersecurity leadership roles.
• Expertise in securing Azure, GCP, AWS and Kubernetes environments.
• Strong background in DevSecOps, CI/CD security, and software security principles.
• Hands-on experience with SAST, DAST, SCA, CSPM, and SIEM tools.
• Deep knowledge of cloud security frameworks (CIS Benchmarks, CSA, NIST, OWASP Cloud-Native Security).
• Strong understanding of identity and access management (IAM), zero trust, and container security.

Preferred Certifications

• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• OSCP (Offensive Security Certified Professional)
• CISM (Certified Information Security Manager)

Azure Certified Security — Specialty, Google Cloud Security Engineer, or AWS Security Engineer