Junior Application Security Consultant

Who are we

It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks! This means we offer cyber security services to private and governmental organizations to help them better prepare for prevent detect and respond to cyber security incidents.

All of this is built on four fundamental values that define who we are: We are Proud We Break Barriers We Care and No BS.

Tasks

As a Junior Application Security Consultant you will join a team focused on helping clients build and maintain secure applications by integrating security into their development lifecycle. You will work closely with experienced consultants and progressively take ownership of tasks as your skills grow.

Your role is strongly oriented towards the defensive side of application security with a particular focus on threat modeling secure design and security maturity improvements.

Projects you will contribute to include:

• Supporting threat modeling activities by helping analyze architectures data flows assets trust boundaries and security assumptions together with senior consultants.
• Participating and also lead workshops with developers product owners and architects to identify and understand how an attacker would carry out malicious actions on one or more systems of any kind (IoT OT IT etc.).
• Contributing to application and software architecture security reviews.
• Supporting maturity assessments (e.g. OWASP SAMM DSOMM CyFun) and helping clients understand their current maturity and improvement priorities.
• Assisting in the preparation of technical security tests and penetration tests based on the identified threats including helping define test scopes relevant attack paths and security assumptions to be validated.
• Supporting senior consultants during technical testing activities by mapping test results back to identified threats and risk scenarios.
• Helping prepare and deliver security awareness or secure coding sessions with other experts.

You will always be supported by senior team members and progressively gain autonomy as your understanding of application security threat modeling and consulting grows.

Requirements

You have a strong interest in the field of IT security and believe the following to be applicable to you:

• You are eligible for NATO clearance (see HERE for more information).
• You have a genuine interest in IT security and secure software development.
• Basic understanding of application architectures development frameworks and authentication mechanisms (e.g. OAuth OpenID Connect).
• Some familiarity with development practices and programming concepts; hands-on coding experience is a plus but not mandatory.
• Initial exposure to build and CI/CD tools (e.g. Jenkins Azure DevOps/TFS Maven or similar).
• Foundational knowledge of the Secure Development Lifecycle (SDLC) and an interest in how security requirements design and testing fit into it.
• Awareness of common application security risks and vulnerabilities (e.g. OWASP Top 10).
• Interest in application threat modeling secure architecture and identifying design or business logic flaws under guidance.
• Ability to communicate clearly with technical stakeholders and willingness to develop confidence when interacting with clients.
• Positive team- and mission-oriented attitude.
• Strong interpersonal and verbal/written communication skills enabling effective collaboration in a consulting environment.
• Excellent English communication skills both verbal and written; Dutch and/or French is a plus.
• You are ambitious curious and motivated to help clients improve their security posture.
• You are willing to learn and become a better version of yourself everyday;
• Candidates must recognize and deal appropriately with confidential and sensitive information

Benefits

At NVISO we care. We are committed to offering you a highly competitive remuneration package including financial and non-financial components:

• A training budget of 10.000 and 10 days every 2 years
• Company car and Belgian fuel card
• Working and learning from the best people in the European cyber security industry. We have multiple SANS Instructors working at NVISO our staff has presented at popular hacking conferences (BlackHat BruCON OWASP etc) and all of our technical staff can acquire deep technical security certifications (GSE GXPN GREM GCFA OSCP etc)
• An entrepreneurial and agile working environment where you will be challenged stimulated and supported in driving new initiatives (either through internal innovation or by improving our service offering) without losing sight of having fun!
• Regular team-building and fun events with legendary off-site events once a year. The location of the next team building is one of the most closely guarded secrets at NVISO We can however disclose that weve visited Lisbon Dubai Malta and Lapland over the past few years;
• Our commitment to coach and counsel you and help you grow; each employee receives a personal coach within the team whose role is to ensure your well-being and helps you grow in your career!
• Flexible working hours working from home and even the possibility to work from abroad;
• Flex Income Plan
• 32 paid leave days

IF YOURE INTERESTED PLEASE SEND US YOUR APPLICATION!

WERE LOOKING FORWARD TO MEETING YOU!

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV cover letter case studies etc.) using AI-powered tools is only permitted to a limited extent.

Our expectations:

• Application documents must authentically reflect your own qualifications personality and motivation.
• The use of AI for supportive purposes (e.g. spell-checking improving wording) is acceptable.
• Fully generated application documents created by AI without personal adaptation or review are not permitted.
• Under no circumstances may NVISO information data or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.