westpole_logo

Software Development Security Expert – Brussels

Introduction

We’re looking for an Software Development Security Expert, who will join our team in Brussels on the Long-term, Near-site mission.

Near-site work: living up to 2hr driving from Brussels.

Organization

Belgium – International Organisations

Function

  • Ability to coordinate and support large & complex projects, including product upgrades and deployment of new capabilities and enhancements to existing systems.
  • Excellent written and verbal communication skills in English, interpersonal and collaborative skills, the ability to communicate strategic information security topics, policies and standards – as well as risk-related concepts – to technical and nontechnical audiences, at various hierarchical levels.
  • Strong analytical skills to identify problems, perform research and derive/propose solutions.
  • Must have a mindset of continuous service improvement, in all its components of people, processes and technology.
  • Self-motivated, high degree of initiative, ability to work well with limited supervision. Experience in SDLC and Agile development methodologies.


Requirements

Certification requirements

  • CCSSLP Certified Secure Software Lifecycle Professional, or
  • EC- Council CASE Certified Application Security Engineer Java, or
  • GIAC Certified Web Application Defender.

Alternative certifications: At least one of the following:

  • Certified Information Systems Security Professional,
  • COMP TIA Security+,
  • EC Council certifications CSCU,
  • CND,
  • CEH,
  • CEH-Master (Practical),
  • ECSA,
  • ECSA-Master (Practical),
  • LPT-Master (Practical),
  • EISM,
  • CCISO,
  • ECIH,
  • CHFI,
  • ECES,
  • CASE .Net,
  • CSA,
  • ECSS,
  • CCSE,
  • GSEC GIAC Security Essentials,
  • GWAPT GIAC
  • Web Application Penetration Tester,
  • OSWA Offensive Security Web Assessor.

General IT experience

  • 7+ years of experience in Information Technology, 5+ years of experience in building and integrating large Java, J2EE applications.
  • 5+ years of experience with the following technologies: Java EE, SOAP/RESTful API and Micro Services, JMS, Java EE Application servers e.g. WebLogic, HTTPS, Angular, databases, XML, JavaScript, HTML, GIT, JIRA, Maven, Jenkins, Ansible, SOAPUI, Postman, etc.

Software development security specific experience

  • 3+ years of experience in Identity & Access Management (IAM) technologies, including OAuth2/OIDC, MFA, FIDO, Single Sign-On, federation, Digital Certificates, and LDAP and IAM platforms Ping Federate, Ping Access, Okta, ForgeRock.
  • 3+ years of experience with application security, threat, and vulnerability management, OWASP Secure Coding Practices, DSOMM, ASVS v4, CVSS and CVE, application source code analysis to assess the vulnerabilities impact and to provide specific recommendations to application teams.
  • 3+ years of experience with cryptography and HSM.
  • 3+ years of experience with the security aspects of the DevSecOps paradigm and CI/CD deployment automation.
  • Experience with supply chain security, Software Composition Analysis, and container security.
  • 3+ years of experience with Dynamic Analysis Security Testing (DAST) and Static Analysis Security Testing (SAST) with any of the following tools: Checkmarx, Synk, Fortify, Semgrep, AppScan, Burp Suite; Software Assurance Maturity Model (SAMM), misconfigurations, with any of the following tools SonarQube, Veracode, IBM AppScan, and OWASP Zap.
  • 3+ years of experience with application Security Testing tools and techniques, including penetration testing, vulnerability scans, analysing vulnerabilities, analysing the impact, assigning appropriate risk level, identifying relevant threats, threat modelling, corrective actions recommendations, summarizing and reporting results, OWASP WSTG 4.2.
  • 3+ years of experience with the researching, writing, and editing of documentation and technical requirements, including software security designs, evaluation plans, test results, technical manuals and formal recommendations and reports.
  • 3+ years of experience with industry best practices and standards, like PCI-DSS, NIST, ISO, PTES, OWASP SAMM.
  • The candidate should be ready to answer detailed questions, including hands-on exercises.

Offer

  • You can work as an Employee or as a Freelancer consultant. It’s 100% up to you!
  • Real career possibilities in a fascinating IT sector, a constantly growing dynamic company and a well-established international track record.
  • A strong learning and development program.
  • A challenging environment, where collaborative working, and continuous self-improvement is the key to success.
  • A good work-life balance.
  • A competitive salary package (including meal vouchers, hospital insurance, etc.) and an open-ended contract.

Information

Aleks
[email protected]

Our values

We do not only have a set of value that guide our daily choices, but they are really embedded in our DNA. We call it WESTPOLE MENTALITY. Our culture respects individuality and growth for each employee, and if you join our family you will be in contact every day with our values, which represent the way we face our daily challenges.

LEARN MORE
© 2022 WESTPOLE All rights reserved
WESTPOLE refers to a European cluster of companies, each of which is a legally separate and independent entity. WESTPOLE S.p.A., is an Italian private company, with a network of member firms. To learn more, see the complete list of WESTPOLE Group Companies at the following link.
GDPR Compliance Privacy & Website UsageCredits: VitamineD
GDPR Compliance
Privacy & Website Usage
Credits: VitamineD