Sopra Steria
Network Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Sopra Steria
Sopra Steria Group SA is a prominent European technology company that specializes in consulting, digital services, and software development. Formed in 2014 from the merger of Sopra and Steria, the company employs over 51,000 people across nearly 30 countries and reported €5.8 billion in revenue in 2024. Sopra Steria focuses on helping large organizations drive digital transformation through comprehensive solutions that blend sector-specific expertise with innovative technologies. The company offers a range of services, including consulting, system integration, and software publishing, with a strong emphasis on digital transformation and tailored business strategies. Sopra Steria serves major public authorities, financial institutions, and industrial operators, providing customized digital solutions to enhance competitiveness. Its core values include respect for individuals, commitment to client success, and a focus on sustainability and social responsibility, positioning it among Europe's leading digital services providers.
Security at Sopra Steria
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Sopra Steria follows a 'Security by Design' philosophy, prioritizing the integration of safety across all business risks.
- Their approach is characterized by a rigorous testing cycle where they 'test, re-test, and then test again' rather than making assumptions.
- At the enterprise level, they advocate for corporate-level visibility and governance in software security, specifically through programs like their enterprise SBOM (Software Bill of Materials) initiative to ensure strategic resilience.
Security Team
The cybersecurity function at Sopra Steria is led by Rajesh Singh, who serves as the Chief Security Officer. The broader cybersecurity team consists of over 2,000 experts worldwide. At the project level, AppSec teams have been observed in sizes of approximately 6 members, including a team lead. Application Security Engineers are tasked with guiding application teams on adopting secure development practices and integrating security testing into CI/CD pipelines. A centralized enterprise-wide AppSec headcount is not publicly available.
Key Initiatives
Key AppSec initiatives include a robust Vulnerability Management and SBOM program using Eracent to monitor software assets in real-time. They have an active offensive security initiative through their partnership with Yogosha, allowing them to launch pentesting or bug bounty campaigns in under 48 hours. Operational workflows emphasize 'Shift Left' and DevSecOps principles, requiring security engineers to review CI/CD pipelines and integrate SAST/DAST tools directly into developer workflows. AI is also being integrated for triage and anomaly detection. Information regarding a formal Security Champions program or specific remediation SLAs is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.