Information System Security Analyst - CRI Group Brussels, Brussels-Capital, Belgium Bookmark Share Print 170 0 0

Listing Description

Tasks



  • Support project teams in improving the security posture of systems they develop
    • Analyse SAST and DAST findings (initial triage with the team), performing code review of implemented corrections.
    • Promote secure development practices (e.g. OWASP TOP 10)
    • Lead threat modelling exercises with project teams
    • Improve management of secrets.
    • Define security requirements
    • Coordinate security of supply chain improvements
    • Take part in risk assessments.
    • Advance security enhancements in DevSecOps processes.
    • Animate the Security Champions community
    • Provision of security studies associated with information system projects
    • Coordination of compliance assessments for both on-prem and cloud applications
    • Support in definition and execution of the vulnerability management process
    • Security gap analysis
    • Evaluations of security products and tools for information systems
    • Assistance in the implementation of IS security policies
    • Security specifications for information systems
    • Management of security tests


Key Requirements:


Proven experience in Information Systems Development and Information Systems Security, preferably for Java EE technology (at minimum understanding the code and architectural blueprints, however hands-on programming experience is a plus)


• Good presentation skills (ability to chair large meetings)
• Good knowledge of English (spoken, written)
• IT Security certification (CISSP, CEH, GIAC or similar) is a plus


At least 1 certification among


• GCED (GIAC Certified Entreprise Defender)
• GPPA (GIAC Certified Perimeter Protection
Analyst)
• GCWN (GIAC Certified Windows Security
Administrator)
• GCUX (GIAC Certified UNIX Security
Administrator)
• GCCC (GIAC Certified Critical Controls)
• SSCP ((ISC)2 Certified Systems Security
Practitioner)
• CAP ((ISC)2 Certified Authorization Professional)
• CISSP (Certified Information Systems Security
Professional)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• GSEC (GIAC Certified Security Essentials)
• ECSA (EC-Council Certified Security Analyst)
• SCPO (SABSA Certified Security Operations &
Service Management Practitioner)
• ECSA (EC-Council Certified Security Analyst)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• or an equivalent certification recognized
internationally (subject to acceptance)


Additional Requirements:


At least 1 certification in the field of incident handling:


• GCIH (GIAC Certified Incident Handler)
• GCIA (GIAC Certified Intrusion Analyst)
• ECIH (EC-Council Certified Incident Handler)
• CSIH (SEI Certified Computer Security Incident
Handler)
• SCMO (SABSA Certified Security Operations &
Service Management Specialist)
• or an equivalent certification recognized
internationally (subject to acceptance as a valid
credential by the Contracting EU-I)


The following documents / procedures will be requested to successfully complete the hiring process :



  • A copy of your university degree(s)

  • A copy of your criminal record

  • Security Clearance Procedure


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765