Application Security Analyst

Together with our 20 experts, we develop, maintain, support and host Specialized Software. Our expertise is two-fold:

• Proposing our expertise to clients' development teams in securing their Software Development Life Cycle (SSDLC or Secured-SDLC).
• Developing highly secured softwares (Security by design) based on customer's requirments (e.g. itsme - authentication app), As an Application Security Analyst your role is to carry out security assessments on applications used by our customers. Based on the results of the assessment, you will propose security recommendations. These are short-, medium- and long-term solutions that will serve as the basis for building an application security roadmap for the company.

Depending on your qualifications, you may be required to implement these recommendations in terms of processes, tools and developer trainings (security champions, awareness). Your main contacts at the customer will be the CISOs and their security teams.

Your tasks will consist of:

• Assess an existing SDLC (i.e., SAMM Assessment but we stay open to other methodologies we'll define together),
• Give guidance on establishing a secure software development lifecycle (Secure-SDLC / DevSecOps),
• Help development teams to integrate application security best practices (e.g. OWASP ASVS), and security tooling/processes in their development pipeline (SAST, DAST, SCA, CVE follow-up, ...),
• Give training and coaching sessions to new security champions at client.
• Participate in presales meetings around application security.

The role will evolve to include the following tasks and responsibilities in the short term, depending on your experience and evolution pace.

You will then bring your energy on Solution Owner responsibilities like:

1. Mentorship and support: Providing guidance and mentorship to team members, especially those in junior positions, will be crucial. Your support will help them navigate complex missions, leading their professional growth and ensuring successful project outcomes.
2. Technology watch: You will follow new tools, technical evolutions and industry trends, and share your knowledge with the team. This proactive approach will ensure that our offerings remain cutting-edge, relevant, and aligned with our clients' ever-evolving needs.
3. Relationships strengthening with our trusted business partners/suppliers: You will be our key representative in application security associations, or during application security events/conferences/meetings.
4. Asset creation: Developing new assets and methodologies to complement and enhance our solutions will be part of your responsibility. These assets and methodologies will not only increase the efficiency of our solutions but also support and empower your colleagues in delivering high-quality results.

Academische bachelor

Master

Professionele bachelor, * You hold a Bachelor or Master degree.

• You work for minimum 2 years in applying security to development:

• You have an experience in analyzing SDLC environments in terms of security (OWASP SAMM assessment type, Threat modeling, …)
• You have already worked with/implemented some of the following tools: Sonarqube, CheckMarx, Fortify, webinspect, ZAP, Dependency-Check, Snyk, Veracode, jfrog Xray, Azure devops, Gitlab, ...

• You are analytical minded.
• You have a natural team spirit, together with project management and presentation skills.
• You have good working knowledge of both written and spoken English, and French or Dutch.

Considered as a plus:

• Hands on experience in development (Java and/or C#)
• Kubernetes and containers (Docker)
• REST APIs
• Experience with security principles and intrusion tools

Mindset:

• Strong self-motivator and entrepreneurial pro-active attitude
• Strong analytical and problem-solving skills
• Team player. Excellent communication skills
• Ambassador for the professional values that are at the heart of our philosophy

+ TOP-NOTCH : We strive for best-of-the-best while staying up to date with the latest technology. + HUMAN-CENTRIC : We care about people in the digital world, listening before interacting respectfully in a responsible environment. + NO-NONSENSE : We go for it, we work together, we are committed to deliver, to exceed expectations. Technische beheerprocedures, gebruiks- en veiligheidsprocedures van de informatica infrastructuur opstellen, Our offer * Join a dynamic and fast-growing company in a booming sector * Participate in the development of the company as a co-creator of innovative solutions * Drive ambitious projects from the business needs up to the projects results, leading concrete initiatives while maintaining a holistic view of the project and direct contact with the C-level client sponsor * Develop your career path and add top-level trainings and certifications to your CV * Benefit from an attractive salary package, including a full range of benefits : + Company car and fuel card + Competitive group insurance including pension fund, death, and disability coverage, + Attractive complementary insurances for non-work-related accident and loss of salary in case of sickness, company fully supported contribution + 32 days holiday/year (on a fulltime equivalent basis) + Flexible home working policy + Other fringe benefits (meal vouchers, eco vouchers, …) * Fun company events, exclusive team experiences * Contribute to a safer, fairer world for data subjects and citizens, ensure the serenity of great businesses and essential public institutions * Live your values daily in a dynamic, fun and multicultural working environment