Application Security Compliance Engineer

The Application Security Compliance Engineer will play a key role in safeguarding the organization's applications and systems by ensuring adherence to global and industry security standards. This role involves reviewing security documentation for new and existing applications, assessing their compliance posture, and providing expert guidance on remediation and secure development practices. The ideal candidate will have deep knowledge of application security, penetration testing methodologies, and secure software development lifecycle (SSDLC) frameworks., * Review and assess security documentation (e.g., security design reviews, risk assessments, and threat models) for new and existing applications.

• Ensure that applications comply with internal Global Security Standards and external industry frameworks (e.g., ISO 27001, NIST, OWASP).
• Collaborate with application development teams to integrate security into all stages of the SSDLC.
• Analyze and validate results from DAST, SAST, and Open Source Software (OSS) scanning tools, ensuring findings are accurate and risk-prioritized.
• Review and validate penetration testing findings, providing guidance on remediation steps and challenging results when discrepancies arise.
• Partner with pen test teams, developers, and project managers to track and close security findings within defined timelines.
• Provide expert advice on secure coding practices and assist in the evaluation of security controls in new applications or technologies.
• Stay current with emerging threats, vulnerabilities, and application security trends.
• Contribute to continuous improvement of the organization's security review and testing processes., * Flexible work arrangements for all and initiatives supported by Parents@Deloitte
• Wellbeing tips and activities powered by Energise@Deloitte
• Topped off with other health benefits and insurance opportunities

Empowering our employees with flexible work arrangements remains essential in today's reality:

• Hybrid workplace: combination of home office and on-site (+10 offices in Belgium or client's premises).
• Part-time employment: all our jobs are open to full-time or part-time work under a 90% or 80% regime.

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• 4+ years of experience in Application Security, Penetration Testing, or Security Assessment roles.
• Strong understanding of application security principles, OWASP Top 10, and common attack vectors.
• Hands-on experience with DAST, SAST, and OSS vulnerability scanning tools (e.g., Burp Suite, Snyk, Checkmarx, Fortify, SonarQube, etc.).
• Familiarity with secure coding standards and the Secure Software Development Lifecycle (SSDLC).
• Ability to interpret and evaluate penetration testing results, identifying false positives and prioritizing true risks.
• Excellent communication skills with the ability to articulate security risks to technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities with attention to detail.
• Professional certifications such as OSCP, CEH, CISSP, CSSLP, GWAPT are plus
• Understanding of cloud security principles (AWS, Azure).

Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.