Listing Description
Tasks
- Support project teams in improving the security posture of systems they develop
• Analyse SAST and DAST findings (initial triage with the team), performing code review of implemented corrections.
• Promote secure development practices (e.g. OWASP TOP 10)
• Lead threat modelling exercises with project teams
• Improve management of secrets.
• Define security requirements
• Coordinate security of supply chain improvements
• Take part in risk assessments.
• Advance security enhancements in DevSecOps processes.
• Animate the Security Champions community
• Provision of security studies associated with information system projects
• Coordination of compliance assessments for both on-prem and cloud applications
• Support in definition and execution of the vulnerability management process
• Security gap analysis
• Evaluations of security products and tools for information systems
• Assistance in the implementation of IS security policies
• Security specifications for information systems
• Management of security tests
Key Requirements:
Proven experience in Information Systems Development and Information Systems Security, preferably for Java EE technology (at minimum understanding the code and architectural blueprints, however hands-on programming experience is a plus)
• Good presentation skills (ability to chair large meetings)
• Good knowledge of English (spoken, written)
• IT Security certification (CISSP, CEH, GIAC or similar) is a plus
At least 1 certification among
• GCED (GIAC Certified Entreprise Defender)
• GPPA (GIAC Certified Perimeter Protection
Analyst)
• GCWN (GIAC Certified Windows Security
Administrator)
• GCUX (GIAC Certified UNIX Security
Administrator)
• GCCC (GIAC Certified Critical Controls)
• SSCP ((ISC)2 Certified Systems Security
Practitioner)
• CAP ((ISC)2 Certified Authorization Professional)
• CISSP (Certified Information Systems Security
Professional)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• GSEC (GIAC Certified Security Essentials)
• ECSA (EC-Council Certified Security Analyst)
• SCPO (SABSA Certified Security Operations &
Service Management Practitioner)
• ECSA (EC-Council Certified Security Analyst)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• or an equivalent certification recognized
internationally (subject to acceptance)
Additional Requirements:
At least 1 certification in the field of incident handling:
• GCIH (GIAC Certified Incident Handler)
• GCIA (GIAC Certified Intrusion Analyst)
• ECIH (EC-Council Certified Incident Handler)
• CSIH (SEI Certified Computer Security Incident
Handler)
• SCMO (SABSA Certified Security Operations &
Service Management Specialist)
• or an equivalent certification recognized
internationally (subject to acceptance as a valid
credential by the Contracting EU-I)
The following documents / procedures will be requested to successfully complete the hiring process :
- A copy of your university degree(s)
- A copy of your criminal record
- Security Clearance Procedure
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided