Expert Secure Development
COSMOTE GLOBAL SOLUTIONS NV
- Brussel
- Vast
- Voltijds
- Contribute to the design of the overall application security.
- Define security requirements and derive technical actions targeting the application components and the code base.
- Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.
- Take an active part in developing and improving the application security, and have it understood and implemented by the team.
- Analyse risks and security policy requirements and propose actions.
- Vulnerability testing definition of corrective actions.
- Provide security training and education.
- Draft security programmes, security plans and propose implementation actions.
- Design and setup of a secure development lifecycle.
- Application penetration testing.
- Participation in meetings with the project teams.
- Advice on design and development of secure web and multi- tier applications.
- Give advice on application security matters.
- Contribute to the IT security risk management process.
- Coach/ train the colleagues in the software factories on Secure development matters.
- Excellent knowledge of application security.
- Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management)
- Experience with secure IT development patterns.
- Understanding of risk assessments
- Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
- Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
- Good understanding of the 3rd party dependency security (libraries, container and VM images)
- Good knowledge of secure development lifecycle
- Good knowledge of OWASP models, frameworks and guides
- Good Knowledge of Agile methodology
- Excellent interpersonal and communication skills.
- Good redaction skills, experience in preparation of written reports.
- Ability to animate a community of practice.
- Capability of integration in an international/multi-cultural environment
- Security certifications (e.g. CISSP, CISM, OCSP, CSSLP, GWAPT, GWEB) are an asset