Listing Description
Nature of the tasks
- Contribute to the design of the overall application security.
- Define security requirements and derive technical actions targeting the application components and the code base.
- Analyse SAST and DAST findings (initial triage with the team), performing code review of implemented corrections.
- Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.
- Take an active part in developing and improving the application security, and have it understood and implemented by the team.
- Analyse risks and security policy requirements and propose actions.
- Vulnerability testing definition of corrective actions.
- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.
- Advance security enhancements in DevSecOps processes.
- Provide security training and education.
- Draft security programmes, security plans and propose implementation actions.
- Animate the Security Champions community
Skills and knowledge
- Experience with ISO 27000 family of standards or equivalent security standards implementation.
- Knowledge of ITSRM2 is a plus.
- Excellent knowledge of application security.
- Experience in the security aspect of software development (i.e.: authentication with open id connect
- SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management).
- Experience with secure IT development patterns.
- Experience in the security domain
- Understanding of risk assessments
- Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
- Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
- Good understanding of the 3rd party dependency security (libraries, container and VM images).
- Knowledge of OWASP.
- Proven experience in Information Systems Development and Information Systems Security, preferably for Java EE technology (at minimum understanding the code and architectural blueprints, however hands-on programming experience is a plus
- Knowledge of Agile methodology
- Autonomous and rapid self-starting capability.
- Strong organisational and time-management skills.
- Strong team spirit.
- Ability to apply high quality standards.
- Capability of integration in an international/multi-cultural environment.
- Ability to participate in multi-lingual meetings.
- Ability to understand, speak and write English (B2 level)
- Proactive attitude, communicative (e.g., good listener) and customer-oriented.
Specific expertise and technologies
- at least 5 years of specific expertise in Owasp standard (min. competence level 4 to 5)
- at least 5 years of specific expertise in IT development patterns IT development patterns and architecture (min. competence level 4 to 5)
- at least 5 years of specific expertise in Experience with security test tools SAST , DAST (min. competence level 4 to 5)
CERTIFICATIONS:
At least one following certificates are required for the performance of tasks:
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- Certified Ethical Hacker (CEH), Offensive Security
- Certified Professional (OSCP)
- or equivalent - to be approved by the Commission
The following documents / procedures will be requested to successfully complete the hiring process :
- A copy of your university degree(s)
- A copy of your criminal record
- Security Clearance Procedure
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided