Application security expert

Mission context

In the context of the fast evolution of distributed (java/mobile) development technologies and tools, our client is looking for an Experienced Application Security Expert The experienced Application Security Expert will be part of the Application Security & Vulnerability Management team.

Function description

You will join the Application Security & Vulnerability Management team that is responsible for the following tasks:

Major tasks:

• Manage the technical infrastructure supporting automatic code reviews and open source library evaluations. o Maintain the applied policies (security, compliance…) o Follow-up and report on the execution of the evaluations o Keep the development guidelines up-to-date o Review defects and vulnerabilities

• Pro-actively support and assist all IT development squads in their secure development/SecDevOps adoption. o Prepare training sessions on security related topics like common coding mistakes o Coach squads on how to use the different tools

Minor tasks:

• Managing security issues. If you detect a problem, it is your duty to inform the person responsible for the application and closely follow-up the case. You will also be in charge of reporting on these security issues.
• Supporting IT developers in their search for solutions to security risks and incidents.
• Providing input for new security measures (such as detection mechanisms).

Language requirement

Desirable to have knowledge of Dutch or French Very good knowledge of English

Education

Master or equivalent by experience

Certification

Desirable to have Application Security certifications

Required experience / knowledge

• You have experience in the development of applications and knowledge of technologies used in an Agile environment.
• You have at least 2-3 years’ experience in Software Application Security Testing

Technical experience (mandatory)

• You are up-to-date on the recent developments in internet banking: from programming languages and technologies to the standard tools and platforms. (Jenkins, Gitlab, Maven, Docker…)
• You've got a working knowledge of the main programming languages used in internet banking: Java, JavaScript, .Net, C, JSP, HTML, XML, NodeJS…
• In depth knowledge and hands-on experience with SAST using Fortify and NexusIQ for Open Source Library evaluation.
• You see application security as your field of expertise including secure development best practices.
• You are knowledgeable regarding penetration testing
• You are already knowledgeable with respect to network security.
• Mobile application development & testing.

Business experience (preferable)

• Banking knowledge or experience in highly secure environment is a plus.