Expert in Secure Development with application security Expertise

Nature of the tasks- Contribute to the design of the overall application security.- Define security requirements and derive technical actions targeting the application components and the code base.- Analyse SAST and DAST findings (initial triage with the team), performing code review of implemented corrections.- Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.- Take an active part in developing and improving the application security, and have it understood and implemented by the team.- Analyse risks and security policy requirements and propose actions.- Vulnerability testing definition of corrective actions.- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.- Advance security enhancements in DevSecOps processes.- Provide security training and education.- Draft security programmes, security plans and propose implementation actions.- Animate the Security Champions communitySkills and knowledge- Experience with ISO 27000 family of standards or equivalent security standards implementation. - Knowledge of ITSRM2 is a plus.- Excellent knowledge of application security.- Experience in the security aspect of software development (i.e.: authentication with open id connect - SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management).- Experience with secure IT development patterns.- Experience in the security domain- Understanding of risk assessments- Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).- Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.- Good understanding of the 3rd party dependency security (libraries, container and VM images).- Knowledge of OWASP.- Proven experience in Information Systems Development and Information Systems Security, preferably for Java EE technology (at minimum understanding the code and architectural blueprints, however hands-on programming experience is a plus- Knowledge of Agile methodology- Autonomous and rapid self-starting capability.- Strong organisational and time-management skills. - Strong team spirit.- Ability to apply high quality standards.- Capability of integration in an international/multi-cultural environment.- Ability to participate in multi-lingual meetings.- Ability to understand, speak and write English (B2 level)- Proactive attitude, communicative (e.g., good listener) and customer-oriented.Specific expertise and technologies- at least 5 years of specific expertise in Owasp standard (min. competence level 4 to 5)- at least 5 years of specific expertise in IT development patterns IT development patterns and architecture (min. competence level 4 to 5)- at least 5 years of specific expertise in Experience with security test tools SAST , DAST (min. competence level 4 to 5)CERTIFICATIONS:At least one following certificates are required for the performance of tasks:- Certified Information Systems Security Professional (CISSP), - Certified Information Security Manager (CISM), - Certified Ethical Hacker (CEH), Offensive Security - Certified Professional (OSCP) - or equivalent - to be approved by the Commission

The following documents / procedures will be requested to successfully complete the hiring process :

• A copy of your university degree(s)
• A copy of your criminal record
• Security Clearance Procedure

WHO WE ARE?

CRI company part of VASS Group, leads the digital transformation and cyber security in the European Union.

CRI operates serving the European Union Institutions, telecom operators, financial institutions and governmental bodies through a comprehensive offering of services and technologies.

Please visit our website and let's get in touch: www.cri-group.eu