Major Tasks

• Manage requests, through Jira tickets, from squads for setting-up toolings related to the application security tools managed by our team

• Do code review on applications developed within IT using the security toolings (SAST)

• Pro-actively support and assist all IT development squads in their secure development/SecDevOps adoption.

• Prepare training sessions on security related topics like common coding mistakes

• Coach squads on how to use the different security tools

• Manage the technical infrastructure supporting automatic code reviews and open source library evaluations.

• Maintain the applied policies (security, compliance…)

• Follow-up and report on the execution of the evaluations

• Keep the development guidelines up-to-date

• Review defects and vulnerabilities

Minor Tasks

• Managing security issues. If you detect a problem, it is your duty to inform the person responsible for the application  and  closely follow-up the case. You will also be in charge of reporting on these security issues.

• Supporting IT developers in their search for solutions to security risks and incidents.

• Providing input for new security measures (such as detection mechanisms).

• You won't do much coding work, except sometimes writing some scripts used in our own tooling, but with your coding background you will support the organisation in making the code developed in IT more secure.

• Your ambition is to grow in your expertise as application security expert to become a seasoned application security expert.

Ideal Profile

• Language: Desirable to have knowledge of Dutch or French (not a must); Very good knowledge of English (absolute must)

Required experience / knowledge  

• You have experience in the development of applications  and are up to date with the current evolutions in the domain of application development

• You have strong interest in application security and your ambition is to be become an expert in this domain in the next 3-5 years.

• You have a very good understanding of Software development lifecycle in an Agile environment and you understand DevOps

• You have a good understanding of  software development lifecycle and the security checks to be applied at different stages

Technical experience                

Mandatory      

• You are up-to-date on the recent developments in the area of software development: from programming languages and technologies to the standard tools and platforms. (Jenkins, Gitlab, Maven, Docker…)

• You see application security as your domain of expertise

• You have an interest in penetration testing and first experience in it

• You are already knowledgeable with respect to network security.

• You understand the difficulties related to mobile application development & testing.

• You have at least 2 years working experience in the domain of application security

Business experience                 

Preferable   

• No experience required, but it is a plus if there is experience in environments where information security is very important (banking, pharma, aviation, nuclear, military, ….)

Soft skills    

• Team player who shares information with colleagues to ensure a fluent circulation of information

• Self-starter

• Able to interact with multitude of profiles each time using the vocabulary associated (developers, architects, testers, business, management)

• Willingness to stay up-to-date with latest trends

• Quick self-starter, pro-active attitude

• Quick learner

• Good Communication and Influencing skills

• Good analytical and synthesis skills

• Autonomy, commitment and perseverance

• Ability to work in a dynamic and multi-cultural environment

• Flexible, accurate & control minded.

• Be able to work in a team, and with different groups in the organization, provide information and part of the solution, communication skills

• Assertive and result-oriented