Security specialist – Luxembourg

Introduction

We are currently looking for a Security specialist for our client based in Luxembourg.

Organization

Belgium – International Organisations

Function

In the Role of the Developer Web technologies, you will:

1) Security penetration and internal vulnerability assessment

The Consultant is expected to perform comprehensive technical security assessment, mimicking the role of a cyber criminal aiming to obtain unauthorized access through the internet toClientConnect.

In a second step, the Consultant shall assume the role of a standard EIB user without anyprior access to ClientConnect attempting to gain unauthorized access to portal from within theEIB network with standard EIB equipment.

As a third step, the Consultant shall assume the role of a standard EIB customer with accessto ClientConnect, trying to gain unauthorized access to confidential information of other clients, and administration functions.

This should be complemented with a vulnerability assessment concerning the ClientConnectapplication and its underlying and supporting components. This vulnerability assessmentshould also take into account the possibility to intercept and or manipulate data exchangeswith up to three connecting IT applications.

2) Security design and solution architecture review

The Consultant is requested to analyze the solution architecture of ClientConnect and assessits security suitability to meet functional requirements expected for a web application for banking clients. The Consultant is expected to propose a security reference model and assess thecurrent setup against this reference model.

3) Technical control and access management review

Based on the outcome of work packages (1) and (2), the Consultant shall determine the adeuquacy of implemented technical controls currently in place in the ClientConnect application.
Existing gaps should be highlighted, and mitigating action (group by short and long term action) be proposed.

Furthermore, user access management processes (onboarding, maintenance, deactivation)of EIB and EIB client users of the ClientConnect portal should be assessed, control weaknesses identified, and areas for improvements highlighted. These should also be reflected inthe gap assessment report to be produced, together with an action plan as indicated above

Requirements

The staff member(s) must demonstrate knowledge in:

  • Threat intelligence, including producing threat intelligence in the financial services industry;
  • Business knowledge (especially in the area of online banking), red team testing, penetrationtesting, reconnaissance, ICT risk management, exploit development, physical penetration,social engineering, vulnerability analysis and combinations thereof;
  • Certified in penetration testing, such as EC-Council Certified Ethical Hacker (CEH), CertifiedRed Team Operations Professional (CRTOP), or Global Information Assurance Certification(GIAC) Penetration Tester (GPEN)
  • IT audit experience
  • Access rights management reviews

The staff member(s) must demonstrate competence in:

  • Security operations
  • Security tool engineering
  • Security assessment
  • Familiarity with red teaming security tools including their application
  • Familiarity with threat intelligence technology including their application
  • Fluency in English, including report writing in English

Application

Aleksandar Vasev
+353 1 254 9727
[email protected]

Our values

We do not only have a set of value that guide our daily choices, but they are really embedded in our DNA. We call it WESTPOLE MENTALITY. Our culture respects individuality and growth for each employee, and if you join our family you will be in contact every day with our values, which represent the way we face our daily challenges.