Information Security Analyst
Information Security Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
As an Application Security Engineer working in a dynamic international context your role extends to collaborating with developers product owners engineering and IT staff across various countries including European countries the USA and India. You will carry out and manage security controls withing the secure software development lifecycle of application ensuring security practices are implemented globally and providing transparent insights into measurable outcomes. This role is also pivotal in supporting diverse teams through the vulnerability management process aligning security goals with international regulatory standards and fostering a culture of security awareness across borders.
ROLES & RESPONSIBILITIES
Support the evolution and implementation of the security policies standards and guidelines and provide further documented clarifications the corresponding rules according to the applicable standards industry good practices or reference documents (OWASP and NIST guidelines SANS ISO CERT ENISA ANSSI BSI).
Improve the SSDLC practices across Wolters Kluwers software especially to prevent the introduction of vulnerabilities or weaknesses
Roll out reproductible analysis plans or automated tests
Carry out regular operational security checks and reviews
Perform the initial triage and review of application security audits and reports
Support and monitor the secure deployment and hardening of applications and associated systems
Monitor the vulnerabilities in products systems and networks
Define repeatable means to detect security vulnerabilities document mitigations and assist the definition and implementation of appropriate solutions with required stakeholders
Support the security training and awareness actions
Drive the Threat Modeling practices in cooperation with application teams.
Knowledge/ Skills/ Abilities / Education
Master of Engineering/Computer science or cyber securit
Functional skills
Application Security standards and industry good practices (OWASP Top10 ASVS
ISO and NIST security standards
Industry good practices evaluation protocols (MITRE CIS Benchmarks CSA Frameworks etc.
Software development lifecycles and DevSecOps processes
Threat models associated reference systems and methodologies
International regulations relating to PII processing and data handling (GDPR HIPAA etc.
Vulnerability analysis and triage.
Technical knowledge:
Azure or AWS cloud services
Operating systems: Windows Server Linux or BSD
Containers Docker/ Kubernetes
Network protocols Network Firewalls and Web Application Firewalls
.NET framework HTML JavaScript React and/or NodeJS
Database modeling SQL TSQL PL/SQL
Cryptography key management and cryptographic protocols for both data in transit and at rest
Authentication mechanisms and protocols
Application Security Testing tools such as:
Dynamic Analysis: ZED BURP AppScan WebInspect ...
Static analysis: Veracode Coverity SonarQube Checkmarx Mend Blackduck
Threat modeling tools
Version control systems code and artifact repositories
Standard MS Office skills required in general with advanced Excel or PowerBI skills recommended
Languages
Fluent English required to collaborate in our international work context.
Soft skills
Motivated by teamwork and collaboration and able to adjust to different levels of the organization
Rigorous and accountable outcomeoriented and mindful of added value
Strong analytical mind and an ability to summarize efficiently
Good redacting and verbal communication skills.
Comfortable in a global and evolving work environment.
Required Experience:
IC
Employment Type
Full-Time
