Montoyer.com
  • 👋Welcome!
  • About us
    • 🚀Vision, Mission & Focus
      • Vision
      • Mission
      • Focus
    • 💖Values
  • General info
    • 🇪🇺Contract types @ EU
      • 📄Civil servant contract types
      • 🤓Contract types as external consultant
      • ❓How much do EU officials earn?
      • 🪜EQF levels
    • 🙋FAQ
  • 📄Framework contracts
    • DIGIT TM II
      • General Presentation
      • DIGIT TM II delivery modes
      • DIGIT TM II Lots
      • DIGIT TM II Profiles per lots
      • DIGIT TM II Scorecards
      • DIGIT TM II Cascade mechanism
      • DIGIT TM II selection process
      • DIGIT TM II working times
      • DIGIT TM II Profiles description
        • 1. Database Developer
        • 2. Front-end Developer
        • 3. Back-end Developer
        • 4. Full-stack Developer
        • 5. Service desk agent
        • 6. User Documentation and Training person
        • 7. IS tester
        • 8. Configuration / Deployment Manager
        • 9. Infrastructure System Engineer
        • 10. Web Operations Manager
        • 11. Linux consultant
        • 12. MacOS consultant
        • 1. Database architect
        • 2. Mobile Developer
        • 3. System integration and workflow specialist
        • 4. Application/Cloud Architect
        • 5. Project Manager
        • 6. Interface Designer
        • 7. Business Analyst
        • 8. Support manager
        • 9. Customer Relationship Management specialist
        • 10. Test automation specialist
        • 11. Quality assurance manager
        • 12. Database / Application administrator
        • 13. System Administrator
        • 14. Software packaging engineer
        • 15. SOA Operations specialist
        • 16. CLOUD Operations specialist
        • 17. Data Warehouse and Reporting Developer
        • 18. Data Scientist
        • 19. Blockchain specialist
        • 20. Workplace security Specialist
        • 21. IT Specialist Profile
        • 1. Expert in DevSecOps
        • 2. Expert in Secure Development
        • 3. Expert Product Owner
        • 4. Enterprise Architect
        • 5. User eXperience consultant
        • 6. Security Infrastructure Architect
        • 7. DWP System engineer
        • 8. GIS Expert
        • 9. Expert in Information and Document Management
        • 10. On-boarding Manager
        • 11. Operating System Deployment and update specialist
        • 12. Expert in Business Intelligence
        • 13. Expert in AI /NLP/ ML
        • 14. Secure data and document exchange expert
        • 15. Augmented / Virtual Reality Expert
        • 16. IT Expert Profile
    • DIGIT SM
  • How To
    • How To work as a IT Consultant in Belgium?
    • How to apply as an IT consultant for the EU?
  • Collaborating
    • 🤝How we Work Together
  • Competitions
    • COM/AD5/2023
    • EU KNOWLEDGE TEST
      • EU Institutions
      • Ordinary legislative procedure
      • Special Legislative Procedure
      • Legal Acts
      • EU’s budgetary procedure
      • Internal decision-making procedure
      • Von der Leyen Commission
      • EU Knowledge Test Preparation Notes
    • EU WRITTEN TEST
Powered by GitBook
On this page

Was this helpful?

  1. Framework contracts
  2. DIGIT TM II
  3. DIGIT TM II Profiles description

2. Expert in Secure Development

Lot 3: Expert external consultancy services in the field of information systems

Nature of the tasks

  • Contribute to the design of the overall application security.

  • Define security requirements and derive technical actions targeting the application components and the code base.

  • Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.

  • Take an active part in developing and improving the application security, and have it understood and implemented by the team.

  • Analyse risks and security policy requirements and propose actions.

  • Vulnerability testing definition of corrective actions.

  • Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.

  • Provide security training and education.

  • Draft security programmes, security plans and propose implementation actions.

Education : EQF 7 Specific expertise and technologies

  • Experience with ISO 27000 family of standards or equivalent security standards implementation. Knowledge of ITSRM2 is a plus.

  • Excellent knowledge of application security.

  • Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management).

  • Experience with secure IT development patterns.

  • Experience in the security domain

  • Understanding of risk assessments

  • Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).

  • Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.

  • Good understanding of the 3rd party dependency security (libraries, container and VM images).

  • Knowledge of OWASP.

  • Knowledge of Agile methodology.

Certification and/or Standards

Mandatory certification (one of):

  • Certified Information Systems Security Professional (CISSP),

  • Certified Information Security Manager (CISM),

  • Certified Ethical Hacker (CEH), Offensive Security

  • Certified Professional (OSCP)

  • or equivalent to be approved by the Commission.

Skills

  • Experience in coaching and training.

  • Excellent interpersonal and communication skills.

  • Good redaction skills, experience in preparation of written reports.

  • Ability to animate a community of practice.

  • Capability of integration in an international/multi- cultural environment.

On-call services foreseen for this profile : No

Previous1. Expert in DevSecOpsNext3. Expert Product Owner

Last updated 1 year ago

Was this helpful?

📄