Security Testing Specialist [TSEC]
Security Testing Specialist [TSEC]
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
General description
Security testing specialists prepare and execute analysis of the applications from a security point of view typically including an analysis of the available documentation source code of the architecture and penetration testing.
They operate under the direct supervision of the team leader specifically assigned and of the statutory staff directly responsible. Depending on the processes and procedures of the Contracting Authority especially during the penetration testing they may be provided with general directions but they also have discretion on the definition of the details of the execution and in exploring possibilities that may become visible during other phases and during the penetration testing itself. Due to the nature of the information treated except for some administrative elements in absence of the specifically assigned Team Leader they report directly to the statutory staff responsible.
Nature of the tasks (nonexhaustive list)
- Analysis of documentation (both from the project and generated internally) and code and other information also but not only with tools preparation and execution of penetration testing and analysis and assessment of the results;
- Participate in meetings as required at the start of end of and eventually during the security testing process;
- Depending on the processes and procedures of the Contracting Authority coordinate inside the team and with project and application teams organising technical meetings to elicit information escalating to the responsible team leader and/or the statutory staff responsible if necessary;
- Assess the findings also during the process alerting immediately the responsible team leader and/or the statutory staff directly responsible when that may be necessary following the processes and procedures of the Contracting Authority;
- Prepare reports on the results of the technical security analysis and assessment and communicate them to statutory staff responsible according to the processes and procedures foreseen by the Contracting Authority;
- Should the processes and procedures of the Contracting Authority foresee the possibility of other type of exercises with more reduce scope and/or as followup do them and provide the necessary reporting;
- Report to the specifically assigned Team Leader and the statutory staff responsible on possible technical challenges actual and future for the work of the team and contribute as and if needed to their analysis and to proposals to address them;
- Provide as needed required and possible following its processes and procedures relevant technical security input also based on specific experience in the environment of the Contracting Authority to activities like e.g. technical evolution and maintenance in operations of platform used for the security checks DevSecOps.
Technical expertise (At least 3 years)
- Good knowledge of security and vulnerability management practices preferably including relevant framework best practices and standards (e.g. NIST SP800 ISO 27001 OWASP hardening guidelines);
- Good general ICT knowledge e.g. networking operating system firewalls web applications servers programming and code quality tools virtualisation runtimes (it is not required to have practical experience of all of these elements);
- Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus Burp KaliLinux);
- Good knowledge of development practices and knowledge of secure coding;
- Understanding and at least basic knowledge of cloud services and of the different types and configuration of cloud services and applications potentially involving or not cloud;
- Preferably understanding of good design principles for distributed architecture using services;
- Certification according to CEH or equivalent
Professional experience
- Experience in implementation of security measures and/or security auditing;
- Experience as developer and/or in roles with technical security responsibilities;
- Experience in activities and environments requiring to work with sensitive information with different information labels and handling rules;
- Experience in analysis and in redaction of documents for and contacts with technical and nontechnical people (advantageous if in a context of security);
- Preferably experience in multicultural and multinational environments and organisations with distributed responsibility and complex structures eventually even EU institutions and bodies.
Language skills
Very good knowledge of English (Level C1) or very good knowledge of French (Level C1). Knowledge of both languages one at C1 level and the other at B2 level in any configuration is required.
Other specific expertise
- Capability of exercising discretion and withstand pressure redirecting where necessary avoiding an adversarial approach;
- Capability to work in a structured and precise manner but also to adapt and be flexible in the implementation of procedures and in process execution and to understand dependencies and absence thereof including technical and nontechnical constraints;
- Capability to work as part of a team collaborating and coordinating with others but also in autonomy;
- Willingness to learn and relearn continuously;
- Capability to reuse knowledge experience and technical steps and combine them in a different way for different scenarios.
Qualifications :
Educational qualifications
Bachelor degree
Remote Work :
No
Employment Type
Full Time
