14. Secure data and document exchange expert

Nature of the tasks

• Architecture, design and implementation of the integration layer between backend systems and secure messaging software

• Provide expert advice on confidentiality, integrity, authorisation, authentication, non-repudiation, availability

• Assist the team to test and conduct periodic vulnerability and security risk assessments of the messaging and data transfer system

• Provide comprehensive guidance and consulting for the optimisation of the integration layer

• Participate to the maintenance of technical specifications related to transport and messaging protocols and their implementation in software

Education : EQF 7

Specific expertise and technologies

• Document protection

  • Good knowledge of digital signature and encryption with X509 certificates, Public Key Infrastructure (PKI)

  • Good knowledge of data containers: Associated Signature Containers (ASiC), gzip

  • Good knowledge of the legal framework for the use of trust services: the Electronic Identification and Trust Services Regulation (eIDAS Regulation 910/2014/EC)

• Messaging

  • Good knowledge of open standards for data and document exchange: ebMS3, AS4, SBDH, XHE

  • Good knowledge of open standards for service discovery: Business Document Metadata Service Location (BDXL), Service Metadata Publishing (SMP)

  • Good knowledge of open standards for party identification: ebCore Party Id Type

  • Good knowledge of message format standards: XML, XSD, XPATH, WSDL, JSON, JSON schema

  • Good knowledge of discovery and service location technologies: DNS (NAPTR, CNAME), DNSSEC

  • Good knowledge of Business-to-Business (B2B) and Electronic Data Interchange (EDI) and common data and document exchange patterns Web Security

  • Good knowledge of techniques used to secure Web applications: HTTP, TLS, WS-Security, Content Security Policy, Web Services (SOAP and REST), OAuth2, OpenID, OWASP

• At least one of the following areas:

  • Backend development

    • Good knowledge of backend development techniques: inheritance, polymorphism, SOLID principles, data types, concurrency, design patterns, unit testing

      • Good knowledge of the Java platform: garbage collection strategies, memory spaces, class loaders, serialization, multi-threading, syntax and semantics of the Java language, APIs of the Java Development Kit

      • Good knowledge of databases, directories and transactions: SQL, LDAP, ACID, XA

    • Mobile development

      • Good knowledge of mobile development techniques: Android/Java & Kotlin, iOS/Swift, Key Attestation

    • Integration & Monitoring

      • Good knowledge of continuous integration techniques and tools: Jenkins, TeamCity, Bamboo, GIT, SVN

      • Good knowledge of testing tools: SonarQube, Selenium WebDriver, Serenity, TestLink, JMeter

      • Good knowledge of databases, directories and transactions: SQL, LDAP, ACID, XA

      • Good knowledge of monitoring tools: Dynatrace, Splunk Containerisation

      • Good knowledge of containerisation tools: Docker, Kubernetes

    • Infrastructure

      • Good knowledge of operations including networking, hardware and operating systems: TCP/IP, Linux, databases, directories, shell scripts, virtualisation, load balancers, reverse proxies, web application firewalls, HSM, TPM

    • Management

      • Knowledge of project management and software development methodologies: OpenPM2, SCRUM, Extreme Programming

Methodology and Tools

• Experience in the use of Atlassian collaborative tools (like Confluence and Jira) is required

• Experience with Agile development methodologies is a plus

• Experience in working with the EU institutions is a plus

Certification and/or Standards

• Not applicable

Skills

• Ability to work autonomously, managing his/her own workload independently, providing status updates, liaising with others and escalating issues as appropriate

• Ability to write clear and structured documents

• Ability to give technical presentations

• Ability to apply high quality standards

• Ability to cope with fast-changing technologies used in application architecture and design

• Ability to participate in multi-lingual (French and/or English) meetings

• Good communication skills

• Ability to integrate in an international/multi-cultural environment

On-call services foreseen for this profile : Yes