2. Expert in Secure Development

Lot 3: Expert external consultancy services in the field of information systems

Nature of the tasks

Contribute to the design of the overall application security.
Define security requirements and derive technical actions targeting the application components and the code base.
Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.
Take an active part in developing and improving the application security, and have it understood and implemented by the team.
Analyse risks and security policy requirements and propose actions.
Vulnerability testing definition of corrective actions.
Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.
Provide security training and education.
Draft security programmes, security plans and propose implementation actions.

Education : EQF 7 Specific expertise and technologies

Experience with ISO 27000 family of standards or equivalent security standards implementation. Knowledge of ITSRM2 is a plus.
Excellent knowledge of application security.
Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management).
Experience with secure IT development patterns.
Experience in the security domain
Understanding of risk assessments
Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
Good understanding of the 3rd party dependency security (libraries, container and VM images).
Knowledge of OWASP.
Knowledge of Agile methodology.

Certification and/or Standards

Mandatory certification (one of):

Skills

On-call services foreseen for this profile : No

Last updated 1 year ago