EU - Expert in DevSecOps in Brussels +8 years exp.
We are looking for several Experts in DevSecOps to participate in an exciting project for the European Commission located in Brussels. Join us!
1. DESCRIPTION OF THE TASKS AND THE SCOPE OF COMPETITION
The following tasks will be performed:
• Definition of the Continuous Assurance Service within the DevSecOps pipelines:
- Collaborate with cross-functional teams to define and architect secure software development and delivery pipelines
- Assess the specific security requirements and risks associated with the
- Commission’s IT projects and infrastructure
- Identify and recommend appropriate security measures, controls, and tools to be integrated into the pipelines
- Contribute to the definition and evolution of security standards and guideline and deployment processes
• Preparation of the Continuous Security Assurance Services within the DevSecOps
pipelines:
- Configure and integrate automation tools for vulnerability assessment purposes, and enable them as seamless part in the continuous integration and continuous deployment (CI/CD) processes
- Integrate where possible the Continuous Security Assurance service tools with the Security solutions and automate the processes
• Management and evolution of the Continuous Security Assurance Service and operations:
- Monitor and evaluate the effectiveness of the CSA services and operations within the DevSecOps pipelines
- Implement enhancements, automation and upgrades to optimize security and efficiency
- Ensure compliance with the best industry and Commission standards and regulations throughout the process and service
• Development and maintenance of the Continuous Security Assurance Service within the DevSecOps pipelines and the Security Assurance Sector
• Coordination and review of the Continuous Security Assurance service and automation:
- Close collaboration and coordination within the DevSecOps community of business analysts, customers, users, program and project leaders, and developers to understand needs, requirements, and issues and propose solutions to align the service offering
- Collaborate with stakeholders to identify, assess, and propose improvements
- Collaborate with stakeholders to establish and improve the vulnerability reporting
• Reporting of results from the Continuous Security Assurance integration in DevSecOps
pipelines:
- Develop and define efficient and accurate results through the service
- Close collaboration with the IT security processes of Vulnerability Management and Security Incidence response teams
- Develop security-related metrics and findings for the management and improvement of the Continuous Security Assurance services and communicate via project and service management reports and presentations
• Assistance with Continuous Security Assurance service offering
- Provide onboarding guidance and lead a team of security experts to onboard users and provide advice
- Foster a culture of Security Assurance concepts within the DevSecOps community in close collaboration with the Security representatives of Commission departments
- Support in the promotion of the usage of Continuous Security Assurance
- Services within the organization
• Interaction with the business analysts, customers, users, project leaders, and the
developers
- Collaboration with various and a multitude of stakeholders within the
- DevSecOps community to gather security requirements
- Engage in discussions and meetings for enhancing and evolving existing and new solutions
- Work closely with the DevSecOps community and community of practice to keep current with evolutions and community needs
- Provide guidance to stakeholders, project leaders, and developer community
2. JOB REQUIREMENTS:
KNOWLEDGE AND SKILLS
The following skills and knowledge are required for the performance of the above-listed tasks:
• Very good knowledge of IT Security Principles, best practices and industry standards
• Ability to understand and handle complex concepts and technologies efficiently and fast
• Ability to give business and technical presentations to large audiences and conveying
information concisely
• Ability to apply high quality standards
• Ability to cope with fast changing technologies applied for Infrastructure Security
Testing, Vulnerability Assessment and Management, and other related areas, and staying
up to date with lates industry trends
• Excellent communication skills with the ability to effectively communicat complex
technical concepts to both technical and non-technical audiences
• Analysis and problem-solving skills including ability to identify and address security risks
and vulnerabilities
• Capability to write clear and structured technical documents and presentation content
• Ability to participate in technical meetings with excellent communication skills
Due to the particular nature of a large international organization such as the European
Commission, candidates should also have the following non-technical skills:
• The capability of integration in an international/multicultural environment, rapid self-starting capability, and experience in working in a team
• Ability to participate in multilingual meetings
• Ability to work in a multicultural environment, on multiple large projects
• Excellent Team Player
• Ability to understand, speak and write in English (C1/C2),
• French (B2/C1) is an advantage
• A high degree of discretion and integrity is required as the applications managed and
maintained contain personal and confidential data
SPECIFIC EXPERTISE
The following specific expertise is mandatory for the performance of tasks:
• At least 5 years of expertise as an IT Security Expert contributing to DevSecOps
- Demonstrated expertise in the field of IT Security with a focus on DevSecOps practices
- In-depth knowledge of security principles, best practices and industry standardsrelated to security within DevSecOps pipelines
- Proven track record of successfully implementing and integrating securitysolutions within the software development lifecycle
• Infrastructure Security
- Strong understanding of infrastructure security principles, architecture, and network layers
• Vulnerability Management
- Proficiency and proven experience in vulnerability management processes, prioritisation, and remediation
- Experience in the evaluation and implementation of vulnerability managementtools
- Understanding and experience with frameworks and procedures such as OSTMM
• Vulnerability Scanning expertise using vulnerability scanning tools such as Nessus,
OpenVAS
• Web Application Security experience in penetration testing
- Expert knowledge in Fortify Static Code Analyzer & Software Security Center
- Proficient in utilizing security tools and techniques such as static code analysis(CA), dynamic application security testing (DAST), and software compositionanalysis
• Strong understanding of infrastructure security, including network security protocols
• Excellent problem-solving and analytical skills, with the ability to identify, analyze and
address security vulnerabilities and threads effectively within DevSecOps workflows
• Expertise in conducting security assessments, vulnerability scanning, and penetration
testing
Following advanced expertise in using the following software solutions and tools is
required:
• Fortify WebInspect
• Fortify Static Code Analyser
• Fortify Software Security Center
• Portswigger Burp Suite Professional
• Cobalt Strike
• OWASP Dependency Check and OWASP Dependency Track
• Sonatype Nexus Lifecycle
• Tenable Nessus, Tenable.io, Tenable.sc
• Continuous Integration and deployment pipelines utilizing solutions of Atlassian and
GitLab
3. CERTIFICATIONS & STANDARDS
The following certificates & standards are required for the performance of tasks:
• Certification in Penetration Testing
• GIAC Security Expert (GSE)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• GIAC Web Application Penetration Tester (GWAPT)
• ISO 27001 Lead Auditor or Certified Information Systems Auditor (CISA)
- Departamento
- IT
- Ubicaciones
- Bruselas
¿Qué ofrecemos?
-
Horarios
TheWhiteam ofrece horarios flexibles. Esto se debe a que buscamos cumplir objetivos, no llegar a una cantidad de horas.
-
Tecnologias
Las tecnologías más punteras, para estar actualizados a los cambios del momento.
-
Modalidad de Trabajo
Dada la situación TheWhiteam da la posibilidad de una modalidad de trabajo presencial, teletrabajo o mixta.
-
Ubicaciones
TheWhiteam da la posibilidad de trabajar en ubicaciones situadas por todo el mundo.
Lugar de trabajo
Formar parte de THEWHITEAM es colaborar con una empresa formada por profesionales con una dilatada experiencia en consultoría tecnológica.
Creemos firmemente que las empresas y clientes marcan el camino a seguir en el sector, pero éste lo construyen las personas. Consideramos de vital importancia que nuestra organización se fundamente en nuestro mejor activo y marca de valor añadido que es nuestro equipo humano.
Acerca de The White Team
Fundada en 2012 por consultores experimentados The Whiteam nace como consultora tecnológica de calidad con una misión clara; ayudar a las compañías de todo el mundo a optimizar su rentabilidad empresarial a través de un uso eficiente de las tecnologías de la información.
EU - Expert in DevSecOps in Brussels +8 years exp.
We are looking for several Experts in DevSecOps to participate in an exciting project for the European Commission located in Brussels. Join us!
Cargando formulario de solicitud
¿Ya trabajas en The White Team?
Ayúdanos a encontrar a tu próximo compañero.