The Application Security Consultant reviewing and assessing IT Solutions created in house based on the Application security Policy. He/she creates secure coding guidelines and security testing guidelines and manages external security testing projects.
The main responsibilities of an Application Security Specialist
Conduct security architecture assessments and Security Code scans of in house developed applications;
Derive best practice documents, guidelines, cheat sheets and other material for the developer teams based on the Application Security Policy, Information Classification Policy and Access Control Policy;
Define test cases for the CAST Application Intelligence Platform;
Contribute to and extend the application portfolio and asses the security status of the individual applications;
Support a structured code review of in house applications;
Manage/Contribute to external / internal penetration tests against in house applications.
ADDITIONAL DETAILS ON ROLES & OBJECTIVES:
Accurately document the application security status
Prepare clearly documented decision memos;
Asses and compare risks associated to decisions.
Eurofins is still building up the Information Security and Business Continuity organization. With documented success of the information security organization, local as well as international opportunities for further development of the candidate will materialize. If role is successful, the Application Security Team will be expanded, creating an opportunity for leadership.
QUALIFICATIONS AND EXPERIENCE REQUIRED:
Minimum of 3-5 years of professional consulting or enterprise experience as
an Application Security Specialist / (IT) Security Engineer (e.g. strong security focus despite lack of knowledge specifically about .NET)
an experienced .NET / ASP.NET Application Developer eager to enter the security field
Ideally a .NET Security Expert
Experience in creating application security concepts;
Experience in application security and/or secure development in the following fields:
Experience in code testing and code review technologies;
Experience in CAST Application Intelligence Platform;
Experience in penetration testing tools;
Relevant Information Security Certifications such as CSSLP or CEH
Very good English communication skills (concise writing and orally convincing).
Very good interpersonal relation skills.
Ability to work in a complex international environment.
Eager to learn and continuously develop personal and technical capabilities.
B.Sc. or M.Sc. in Information Technology or Information Security;
Languages: fluent English, French or German is beneficiary;