An application security specialist with the overview of a generalist, and therefore an effective consultant & engineer.
You are well acquainted with application security, API security, Container security, as well as both technical and organizational areas. You continuously search for fresh ideas and gain more professional knowledge in order to enlarge your technical capabilities, as well as improving your soft skills. Furthermore, you have a sharp analytical eye and do not easily get stressed. In fact, you perform well under pressure.
You are bold, do not simply take things at face value, and dare to ask questions. You are able to entice managers, colleagues and customers with your ideas. This means you can easily convince people and transpose technical jargons into understandable language effortlessly. Sometimes you will only be given five minutes to substantiate your advice and solution. This should be enough to make your statement.
Please check your profile if you believe to be a good fit in the team:
• A degree in Information Security, Information Science, or relevant studies
• Information security (IS) professional qualifications such as CISSP, CEH, CISA, CISM and CCSK
• Proven knowledge of security processes, technologies and architectures such as Security configurations, patch management, access control, cryptography, communication protocol, Windows and Linux hardening
• Development life-cycle and platform security knowledge, e.g. secure SDLC, Development pipeline security, Threat modelling, Container security and security code review
• Security assessment and requirements management in a DevOps way of working is a plus
• Cloud security with a special focus on Azure
• Working experience of seven years in IT, with at least five years in Information security
• Experience with IS documentation, report writing, reviewing and consulting
• Knowledge of IS risk management (frameworks) such as NIST, CIS, ISO27K, SANS, CCM
• Stakeholder management skills, especially in a multi-cultural and international environment
• Strong communication skills both verbally and in writing in English, speaking Dutch is a plus but not a necessity
• Application security & security coding (OWASP)
• Risk assessments, general knowledge about penetration testing
• Agile way of working & DevOps