# 14. Secure data and document exchange expert *Nature of the tasks* * Architecture, design and implementation of the integration layer between backend systems and secure messaging software * Provide expert advice on confidentiality, integrity, authorisation, authentication, non-repudiation, availability * Assist the team to test and conduct periodic vulnerability and security risk assessments of the messaging and data transfer system * Provide comprehensive guidance and consulting for the optimisation of the integration layer * Participate to the maintenance of technical specifications related to transport and messaging protocols and their implementation in software *Education* : EQF 7 *Specific expertise and technologies* * **Document protection** * Good knowledge of digital signature and encryption with X509 certificates, Public Key Infrastructure (PKI) * Good knowledge of data containers: Associated Signature Containers (ASiC), gzip * Good knowledge of the legal framework for the use of trust services: the Electronic Identification and Trust Services Regulation (eIDAS Regulation 910/2014/EC) * **Messaging** * Good knowledge of open standards for data and document exchange: ebMS3, AS4, SBDH, XHE * Good knowledge of open standards for service discovery: Business Document Metadata Service Location (BDXL), Service Metadata Publishing (SMP) * Good knowledge of open standards for party identification: ebCore Party Id Type * Good knowledge of message format standards: XML, XSD, XPATH, WSDL, JSON, JSON schema * Good knowledge of discovery and service location technologies: DNS (NAPTR, CNAME), DNSSEC * Good knowledge of Business-to-Business (B2B) and Electronic Data Interchange (EDI) and common data and document exchange patterns **Web Security** * Good knowledge of techniques used to secure Web applications: HTTP, TLS, WS-Security, Content Security Policy, Web Services (SOAP and REST), OAuth2, OpenID, OWASP * At least one of the following areas: * **Backend development** * Good knowledge of backend development techniques: inheritance, polymorphism, SOLID principles, data types, concurrency, design patterns, unit testing * Good knowledge of the Java platform: garbage collection strategies, memory spaces, class loaders, serialization, multi-threading, syntax and semantics of the Java language, APIs of the Java Development Kit * Good knowledge of databases, directories and transactions: SQL, LDAP, ACID, XA * **Mobile development** * Good knowledge of mobile development techniques: Android/Java & Kotlin, iOS/Swift, Key Attestation * **Integration & Monitoring** * Good knowledge of continuous integration techniques and tools: Jenkins, TeamCity, Bamboo, GIT, SVN * Good knowledge of testing tools: SonarQube, Selenium WebDriver, Serenity, TestLink, JMeter * Good knowledge of databases, directories and transactions: SQL, LDAP, ACID, XA * Good knowledge of monitoring tools: Dynatrace, Splunk **Containerisation** * Good knowledge of containerisation tools: Docker, Kubernetes * **Infrastructure** * Good knowledge of operations including networking, hardware and operating systems: TCP/IP, Linux, databases, directories, shell scripts, virtualisation, load balancers, reverse proxies, web application firewalls, HSM, TPM * **Management** * Knowledge of project management and software development methodologies: OpenPM2, SCRUM, Extreme Programming **Methodology and Tools** * Experience in the use of Atlassian collaborative tools (like Confluence and Jira) is required * Experience with Agile development methodologies is a plus * Experience in working with the EU institutions is a plus *Certification and/or Standards* * Not applicable *Skills* * Ability to work autonomously, managing his/her own workload independently, providing status updates, liaising with others and escalating issues as appropriate * Ability to write clear and structured documents * Ability to give technical presentations * Ability to apply high quality standards * Ability to cope with fast-changing technologies used in application architecture and design * Ability to participate in multi-lingual (French and/or English) meetings * Good communication skills * Ability to integrate in an international/multi-cultural environment *On-call services foreseen for this profile :* Yes