DigiTribe - Application / Security Engineer

Functie

The Application Security Engineer/Architect is responsible to ensure that the software developed and deployed within the company is secure, in order to prevent security breaches through the application landscape of the client. This responsibility includes the security of the entire software development life cycle (SDLC)

• Security of application code (including libraries)
• Security of the cloud infrastructure to run the applications on all environments
• Incident response to application (infrastructure) related security incidents

This may involve identifying and addressing vulnerabilities in the code, implementing security policies, controls and best practices, security training, testing the security of applications, etc.

RESULT AREA AND KEY ACTIVITIES

1) Security awareness & knowledge: make sure the software engineers and other professionals related to software development are aware of the security risks and have the knowledge to create secure software.

Activities:

• Organise security training sessions for the product delivery organisation
• Be a security advocate for the company through in-house trainings, brown bag sessions, ...
• Help developers following the secure coding guidelines through hands-on guidance

2) Make sure security policies and controls are in place to prevent unsecure software from being developed or deployed to our environments.

Activities:

• Implement automatic security controls at build time such as
• Static & Dynamic security testing
• SBOM (Software Bill of Materials) vulnerability scanning & management
• Container image hardening
• Quality gates in the CI pipeline
• Implement automatic security controls at runtime such as
• Making sure artifacts are deployed using the principle of least privilege
• Cloud native best practices are followed
• Kubernetes best practices are in place
• ...

3) Security testing: Testing the security of applications through activities such as penetration testing, vulnerability scanning, and code review.

Activities:

• Conducting penetration tests to identify and report on vulnerabilities on IT
• Conducting code reviews to identify and fix insecure coding practices that could lead to vulnerabilities.
• Analyse application related security findings from an internal or external Penetration Tests or a Bug Bounty Program: accept/reject the change, decide on next actions

4) Make sure detected security findings are solved with the correct priority.

• Conduct triage of reported security vulnerabilities
• Talk to the teams involved in the security finding and make sure they understand what the impact is of the detected vulnerability, and what needs to be done to solve the problem
• Guide the teams in fixing the vulnerability and if needed be able to give hands-on support.

5) Application security incident response: be available as expert within the application security domain, to assist when security incidents occur.

Activities:

• Be able to create post-mortems based on the incident and define action points to improve security and resilience
• Conduct forensic exercises by analysing the logs of the clients' applications & infrastructure to determine the impact of a security breach

Cyber Security Knowledge

Stay well-informed about the evolutions and developments related to software and (cloud) infrastructure security, keep his/her knowledge up-to-date within the context of the evolutions in order to...

Jouw profiel

-

• Maatregelen nemen voor informatiebeveiliging, risicodetectie (malware, cyberaanvallen, ...) en reactie op incidenten

Aanbod

-