# 2. Expert in Secure Development *Nature of the tasks* * Contribute to the design of the overall application security. * Define security requirements and derive technical actions targeting the application components and the code base. * Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions. * Take an active part in developing and improving the application security, and have it understood and implemented by the team. * Analyse risks and security policy requirements and propose actions. * Vulnerability testing definition of corrective actions. * Categorize events, incidents and vulnerabilities based on relevance, exposure and impact. * Provide security training and education. * Draft security programmes, security plans and propose implementation actions. *Education* : EQF 7 *Specific expertise and technologies* * Experience with ISO 27000 family of standards or equivalent security standards implementation. Knowledge of ITSRM2 is a plus. * Excellent knowledge of application security. * Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management). * Experience with secure IT development patterns. * Experience in the security domain * Understanding of risk assessments * Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent). * Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans. * Good understanding of the 3rd party dependency security (libraries, container and VM images). * Knowledge of OWASP. * Knowledge of Agile methodology. *Certification and/or Standards* **Mandatory certification (one of):** * Certified Information Systems Security Professional (CISSP), * Certified Information Security Manager (CISM), * Certified Ethical Hacker (CEH), Offensive Security * Certified Professional (OSCP) * or equivalent to be approved by the Commission. *Skills* * Experience in coaching and training. * Excellent interpersonal and communication skills. * Good redaction skills, experience in preparation of written reports. * Ability to animate a community of practice. * Capability of integration in an international/multi- cultural environment. *On-call services foreseen for this profile :* No --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.montoyer.com/framework-contracts/digit-tm-ii/digit-tm-ii-profiles-description/2.-expert-in-secure-development.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.