Description
IT Development Security Expert - French Speaking
My client, a large international consultancy, are looking for an experienced IT Development Security Expert to join the team for an initial contract until the end of the year, this is likely to be running signifcantly longer. This will be working in a French Speaking environment, and all profiles will need to be submitted with a CV in French.
KEY Responsibilities:
He/she provides coaching and support to the development teams in order to design secure applications from the design stage and by default. He/she encourages a culture of development that takes more account of security related dimensions. He/she tests the level of security of applications before going into production. He/she produces reports and advises management on application security.
The candidate's activities consist in particular of:
* Documenting the standards in terms of application security and verifying their compliance by the development teams;
* Provide support and coaching to architects and developers for the application security and data security aspects;
* Integrate security aspects into agile (Scrum) and DevOps-oriented developments;
* Bringing its expertise in the security aspect of application logs;
* Carry out threat models, vulnerability assessments and risk analyses;
* Contributes to reduce the attack surface of applications and APIs;
* Carry out intrusion tests;
* Collaborate and coordinate with the team in charge of infrastructure security and identity and access management;
* Lead training and information sessions on application security;
* Write reports for management;
Required Technical Experience:
OWASP Top 10
OWASP API Security Top 10
OWASP Testing Guide
Security Development Lifecycle (SDL)
Data-flow diagrams
Threat modelling (STRIDE, PASTA, etc.)
Microsoft Threat Modeling Tool
Vulnerability Scanning Tools/penetration testing (BURP Suite, OWASP ZAP, etc.)
.NET
Java
Python
Javascript
TSQL, PL/SQL
Network concepts
HTTP, TLS
Navigateurs Web Chrome, Edge Chromium, Firefox
Cookies et tokens JWT
Cryptography (encryption algorithms, hash functions, etc.)
Certificats X.509
Security in Single-Page Applications
Security in the Microsoft Azure Cloud
Security in containers (Docker, Kubernetes, etc.)
Risk Analysis
RGPD
Microsoft Office Suite (Word, Excel, PowerPoint)
Empiric is one of the fastest-growing technology and transformation recruitment agency's specialising in data, digital, cloud and security. We supply technology and change recruitment services to businesses looking for both contract and permanent professionals. We are committed to delivering more female candidates and those from minority backgrounds and be instrumental in changing the gender and diversity imbalance within the tech sector.