Application/Security Engineer
Functie
The Application Security Engineer/Architect is responsible to ensure that the software developed and deployed within the company is secure, in order to prevent security breaches through the application landscape of the client. This responsibility includes the security of the entire software development life cycle (SDLC)
Security of application code (including libraries) Security of the cloud infrastructure to run the applications on all environments Incident response to application (infrastructure) related security incidents
This may involve identifying and addressing vulnerabilities in the code, implementing security policies, controls and best practices, security training, testing the security of applications, etc.
RESULT AREA AND KEY ACTIVITIES
) Security awareness & knowledge make sure the software engineers and other professionals related to software development are aware of the security risks and have the knowledge to create secure software.
Activities
Organise security training sessions for the product delivery organisation Be a security advocate for the company through in-house trainings, brown bag sessions, ... Help developers following the secure coding guidelines through hands-on guidance
) Make sure security policies and controls are in place to prevent unsecure software from being developed or deployed to our environments.
Activities
Implement automatic security controls at build time such as Static & Dynamic security testing SBOM (Software Bill of Materials) vulnerability scanning & management Container image hardening Quality gates in the CI pipeline Implement automatic security controls at runtime such as Making sure artifacts are deployed using the principle of least privilege Cloud native best practices are followed Kubernetes best practices are in place ...
) Security testing Testing the security of applications through activities such as penetration testing, vulnerability scanning, and code review.
Activities
Conducting penetration tests to identify and report on vulnerabilities on IT Conducting code reviews to identify and fix insecure coding practices that could lead to vulnerabilities. Analyse application related security findings from an internal or external Penetration Tests or a Bug Bounty Program accept/reject the change, decide on next actions
) Make sure detected security findings are solved with the correct priority.
Conduct triage of reported security vulnerabilities Talk to the teams involved in the security finding and make sure they understand what the impact is of the detected vulnerability, and what needs to be done to solve the problem Guide the teams in fixing the vulnerability and if needed be able to give hands-on support.
) Application security incident response be available as expert within the application security domain, to assist when security incidents occur.
Activities
Be able to create post-mortems based on the incident and define action points to improve security and resilience Conduct forensic exercises by analysing the logs of the clients' applications & infrastructure to determine the impact of a security breach
Cyber Security Knowledge
Stay well-informed about the evolutions and developments related to software... Jouw profiel - Maatregelen nemen voor informatiebeveiliging, risicodetectie (malware, cyberaanvallen, ...) en reactie op incidenten Aanbod -
The Application Security Engineer/Architect is responsible to ensure that the software developed and deployed within the company is secure, in order to prevent security breaches through the application landscape of the client. This responsibility includes the security of the entire software development life cycle (SDLC)
Security of application code (including libraries) Security of the cloud infrastructure to run the applications on all environments Incident response to application (infrastructure) related security incidents
This may involve identifying and addressing vulnerabilities in the code, implementing security policies, controls and best practices, security training, testing the security of applications, etc.
RESULT AREA AND KEY ACTIVITIES
) Security awareness & knowledge make sure the software engineers and other professionals related to software development are aware of the security risks and have the knowledge to create secure software.
Activities
Organise security training sessions for the product delivery organisation Be a security advocate for the company through in-house trainings, brown bag sessions, ... Help developers following the secure coding guidelines through hands-on guidance
) Make sure security policies and controls are in place to prevent unsecure software from being developed or deployed to our environments.
Activities
Implement automatic security controls at build time such as Static & Dynamic security testing SBOM (Software Bill of Materials) vulnerability scanning & management Container image hardening Quality gates in the CI pipeline Implement automatic security controls at runtime such as Making sure artifacts are deployed using the principle of least privilege Cloud native best practices are followed Kubernetes best practices are in place ...
) Security testing Testing the security of applications through activities such as penetration testing, vulnerability scanning, and code review.
Activities
Conducting penetration tests to identify and report on vulnerabilities on IT Conducting code reviews to identify and fix insecure coding practices that could lead to vulnerabilities. Analyse application related security findings from an internal or external Penetration Tests or a Bug Bounty Program accept/reject the change, decide on next actions
) Make sure detected security findings are solved with the correct priority.
Conduct triage of reported security vulnerabilities Talk to the teams involved in the security finding and make sure they understand what the impact is of the detected vulnerability, and what needs to be done to solve the problem Guide the teams in fixing the vulnerability and if needed be able to give hands-on support.
) Application security incident response be available as expert within the application security domain, to assist when security incidents occur.
Activities
Be able to create post-mortems based on the incident and define action points to improve security and resilience Conduct forensic exercises by analysing the logs of the clients' applications & infrastructure to determine the impact of a security breach
Cyber Security Knowledge
Stay well-informed about the evolutions and developments related to software... Jouw profiel - Maatregelen nemen voor informatiebeveiliging, risicodetectie (malware, cyberaanvallen, ...) en reactie op incidenten Aanbod -
Application/Security Engineer
2024-05-07 - 2024-07-03
Aanwerving Organisatie: via Global Recruitment
Contract: Permanent
Industrie:
2024-05-07 - 2024-07-03
Aanwerving Organisatie: via Global Recruitment
Contract: Permanent
Industrie:
Gemiddeld loon: 2000
Valuta: EUR
Address place: KORTRIJK
Valuta: EUR
Address place: KORTRIJK
Land: Belgiƫ
Postal Code: 8500
Web: www.globalrecruitment.info
Telefoon: +32 493 78 60 54
Postal Code: 8500
Web: www.globalrecruitment.info
Telefoon: +32 493 78 60 54