# 2. Expert in Secure Development

*Nature of the tasks*

* Contribute to the design of the overall application security.
* Define security requirements and derive technical actions targeting the application components and the code base.
* Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.
* Take an active part in developing and improving the application security, and have it understood and implemented by the team.
* Analyse risks and security policy requirements and propose actions.
* Vulnerability testing definition of corrective actions.
* Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.
* Provide security training and education.
* Draft security programmes, security plans and propose implementation actions.

*Education* : EQF 7 *Specific expertise and technologies*

* Experience with ISO 27000 family of standards or equivalent security standards implementation. Knowledge of ITSRM2 is a plus.
* Excellent knowledge of application security.
* Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management).
* Experience with secure IT development patterns.
* Experience in the security domain
* Understanding of risk assessments
* Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
* Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
* Good understanding of the 3rd party dependency security (libraries, container and VM images).
* Knowledge of OWASP.
* Knowledge of Agile methodology.

*Certification and/or Standards*

**Mandatory certification (one of):**

* Certified Information Systems Security Professional (CISSP),
* Certified Information Security Manager (CISM),
* Certified Ethical Hacker (CEH), Offensive Security
* Certified Professional (OSCP)
* or equivalent to be approved by the Commission.

*Skills*

* Experience in coaching and training.
* Excellent interpersonal and communication skills.
* Good redaction skills, experience in preparation of written reports.
* Ability to animate a community of practice.
* Capability of integration in an international/multi- cultural environment.

*On-call services foreseen for this profile :* No