Description
Senior Application Security Architect - French or Dutch - Security infrastructure
Description
The Security Baseline Program that is being executed within our ICT department will use advanced secure development techniques and technology, and ensures its adoption for critical applications. Within this program, you will work on advancing the security posture of our applications by enabling a number of supporting security technologies and components.
You are part of a small team of application security specialists and will function in direct communication with our architecture and development teams, as well as with infrastructure and operations teams. You understand their context, modus operandi and typical challenges and sensitivities. You understand and are able to resolve specific security issues, but are also challenged by fundamental and methodological solutions to common security problems.
Tasks and responsibilities
You will be responsible for:
- Further advance the standards for secure software architectures
- Study, design and help the implementation and roll-out of security technology such as identity management, access management, privileged identity management and public-key infrastructure from a software perspective
- Do the selection, design, and roll-out of an XML Firewall
- Further improve the implementation and adoption of the web application Firewall
- Formulating practical solutions for security-related questions from the different development teams within our ICT department
- Setting up a knowledge base for secure software architecture
Education
You obtained a university degree in engineering or computer science and have a proven track record in secure software architecture.
Relevant security certifications (CISSP, CSSLP, GSSP, ECSP ) are a plus.
Experience and technical skills
- You have extensive knowledge about security in software architectures, know how to analyse this and how to improve specific deficiencies
- You are capable of working in project mode and have strong communication skills
- You can express yourself in and understand Dutch and French. You feel comfortable in speaking and writing English as well.
Technical knowledge
- You are familiar with applications developed in Java (J2EE, Spring, Struts, Hibernate) and ASP.NET(C#, .NET MVC, WCF); knowledge of common packages such as Siebel is a plus.
- You understand typical security weaknesses at the software architectural level.
- You understand common (and less common) software security vulnerabilities (cfr. OWASP Top 10) and understand how these must be addressed in software
- You are familiar with typical security technologies such as identity management, access management, privileged identity management, etc.
- You understand the protective capabilities and implications of a Web Application Firewall (WAF) and an XML Firewall.
Technical context
Our ICT department features a large development environment that is responsible for developing and maintaining approx. 250 applications, including financial applications, specific product-oriented applications, e-HR, and so forth. Application development is mainly based on Java and .Net, but specific packages such as Siebel are being employed as well. Specific development frameworks (for Java based on Spring & Struts, for .NET based on ASP.NET MVC) have been built to drive and support Java and .NET development. From a methodological perspective, a global end-2-end (E2E) process has been developed to streamline the various development efforts within the different teams.
The candidate will have to respond to the below specific skills besides his/her CV.
Following specific TECHNICAL skills are required:
(The candidate will have to respond to the below specific skills besides his/her CV)
Technical Skill 1: Analysis and mitigation of security vulnerabilities in system infrastructure and software architectures
Importance: Crucial
Years of experience: 5-10 years
Technical Skill 2: Analysis, design, implementation and roll-out of security infrastructure and technology, with a focus on the application side
Importance: Crucial
Years of experience: 5-10 years
Technical Skill 3: Technical Writing
Importance: Nice to have
Years of experience: 5-10 years
Technical Skill 4: XML Firewall
Importance: Nice to have
Years of experience: 1-3 years
Following specific DOMAIN skills are required:
(The candidate will have to respond to the below specific skills besides his/her CV)
Domain Skill 1: OWASP Top 10
Importance: Crucial
Years of experience: 5-10 years
Domain Skill 2: Risk management
Importance: Nice to have
Years of experience: 1-3 years
Domain Skill 3: Security foundations and best practices
Importance: Crucial
Years of experience: 5-10 years
Business context
The Security Baseline program aims to create building blocks for use within ICT, in order to implement a baseline for a secure environment, and which can be used for other secure implementations.
6 years of XML, Firewalls, Java, J2EE, ASP and 4 of engineering.
8 years of facilitating, developing learning and analytical skills, independent working and team-work.
10 years of ICT and 5 years of operations.