Information System Security Analyst

Tasks

• Support project teams in improving the security posture of systems they develop• Analyse SAST and DAST findings (initial triage with the team), performing code review of implemented corrections.• Promote secure development practices (e.g. OWASP TOP 10)• Lead threat modelling exercises with project teams• Improve management of secrets.• Define security requirements• Coordinate security of supply chain improvements• Take part in risk assessments.• Advance security enhancements in DevSecOps processes.• Animate the Security Champions community• Provision of security studies associated with information system projects• Coordination of compliance assessments for both on-prem and cloud applications• Support in definition and execution of the vulnerability management process• Security gap analysis• Evaluations of security products and tools for information systems• Assistance in the implementation of IS security policies• Security specifications for information systems• Management of security tests

Key Requirements:

Proven experience in Information Systems Development and Information Systems Security, preferably for Java EE technology (at minimum understanding the code and architectural blueprints, however hands-on programming experience is a plus)

• Good presentation skills (ability to chair large meetings)• Good knowledge of English (spoken, written)• IT Security certification (CISSP, CEH, GIAC or similar) is a plus

At least 1 certification among

• GCED (GIAC Certified Entreprise Defender)• GPPA (GIAC Certified Perimeter ProtectionAnalyst)• GCWN (GIAC Certified Windows SecurityAdministrator)• GCUX (GIAC Certified UNIX SecurityAdministrator)• GCCC (GIAC Certified Critical Controls)• SSCP ((ISC)2 Certified Systems SecurityPractitioner)• CAP ((ISC)2 Certified Authorization Professional)• CISSP (Certified Information Systems SecurityProfessional)• CISA (Certified Information Systems Auditor)• CISM (Certified Information Security Manager)• GSEC (GIAC Certified Security Essentials)• ECSA (EC-Council Certified Security Analyst)• SCPO (SABSA Certified Security Operations &Service Management Practitioner)• ECSA (EC-Council Certified Security Analyst)• ISO 27001 Lead implementer• ISO 27001 Lead Auditor• ISO 27005 Risk Manager• or an equivalent certification recognizedinternationally (subject to acceptance)

Additional Requirements:

At least 1 certification in the field of incident handling:

• GCIH (GIAC Certified Incident Handler)• GCIA (GIAC Certified Intrusion Analyst)• ECIH (EC-Council Certified Incident Handler)• CSIH (SEI Certified Computer Security IncidentHandler)• SCMO (SABSA Certified Security Operations &Service Management Specialist)• or an equivalent certification recognizedinternationally (subject to acceptance as a validcredential by the Contracting EU-I)

The following documents / procedures will be requested to successfully complete the hiring process :

• A copy of your university degree(s)
• A copy of your criminal record
• Security Clearance Procedure

WHO WE ARE?

CRI company part of VASS Group, leads the digital transformation and cyber security in the European Union.

CRI operates serving the European Union Institutions, telecom operators, financial institutions and governmental bodies through a comprehensive offering of services and technologies.

Please visit our website and let's get in touch: www.cri-group.eu