Description
The contract is with a consultancy to be on an assignment at a large European site in central Brussels as follows:
The objective of the senior security developer contract is notably to assist DG CLIMA in implementing S-SDLC with a view to incorporate Security in all steps of the Software Development Life Cycle and ensure effective scrutiny of DG CLIMA's software developers and their adherence to these security principles.
Taking the OWASP recommendation as guideline:
Review and when appropriate draft the technical documentation (eg requirements, architecture, design, data model)
Make recommendations on implementing a secure software development life cycle
Check the level of compliance with the web secure programming standards (eg Oracle secure development guidelines, OWASP Secure Coding Practices)
Perform investigations into the potentially unsafe areas of the Union Registry and the EUTL, as well as targeted security testing.
Implement solutions compensating and mitigating any security shortcoming of the Union Registry in the area of software development ranging from secure definition of the class architecture to the session handling and interactions with the load balancer.
The contractor is required to have an in-depth knowledge and professional experience in the following areas of the software development:
Java EE software development including architecture, design, Datamodelling, build and test, deployments and configuration;
Building robust and fault tolerant interfaces (eg Front End to Back End calls, web-services interfaces, JMS, Store and forward message queuing);
WebLogic configuration and performance improvements in a clustered environment;
Oracle DBMS SQL, DDL, indexing and performance improvements
The following experience with secure web-based software development is also of crucial importance:
Java EE platform (including Java Server Faces, Enterprise Java Beans including, and SOAP based web services technologies eg WS-Security) software development and security of Java EE web application; Weblogic Application Server security configuration and operation including WL Security Framework; Oracle DBMSs security configuration and operation;
Knowledge of OWASP methodology and guidelines including OWASP Top Ten and ways to mitigate the top ten security flaws;
Secure Development Life Cycle (SDLC);
Public-key infrastructure (PKI) - X509 digital certificates;
Server Socket Layer SSL/TLS communication layer implementation on large and high-availability infrastructure;
Unix family Operating Systems (Solaris and X-86 Linux) security principles; C
ommon Weakness Enumaeration;
Oracle - Secure Coding Guidelines for the Java Programming Language,