Application Security Specialist - Remote within EU

Brains Consulting is recruiting:

Application Security Specialist - Remote within EU
Remote Job

Full time

Salary:

300-470 Euro Gross/ Day - All Inclusive

Work Experience:
Senior - minimum 6 years of experience

Job Description

This is an REMOTE position.

We are looking for a Senior Application Security Specialist to work with an EU institution remotely.

DESCRIPTION OF THE TASKS:

• Contribute to the design of the overall application security.
• Define security requirements and derive technical actions targeting the application components and the code base.
• Draft documentation such as architecture design descriptions, assessment reports and
• Configuration descriptions.
• Take an active part in developing and improving the application security, and have it
• understood and implemented by the team.
• Analyse risks and security policy requirements and propose actions.
• Vulnerability testing definition of corrective actions.
• Provide security training and education.
• Draft security programmes, security plans and propose implementation actions.
• Design and setup of a secure development lifecycle
• Application penetration testing
• Participation in meetings with the project teams.
• Advice on design and development of secure web and multi- tier applications.
• Give advice on application security matters
• Contribute to the IT security risk management process
• Coach/ train the colleagues in the software factories on Secure development matters

Requirements

Must Have:

Bachelor’s and Master’s degree
3+ years of experience in ISO27000 (min. competence level 2)
3+ years of experience in Application Security (min. competence level 2)
3+ years of experience in security testing (min. competence level 2)
Excellent knowledge of application security.
Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorization, secrets management)
Experience with secure IT development patterns.
Understanding of risk assessments
Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
Good understanding of the 3rd party dependency security (libraries, container and VM images)
Good knowledge of secure development lifecycle
Good knowledge of OWASP models, frameworks and guides
Good Knowledge of Agile methodology
Excellent interpersonal and communication skills.
Good redaction skills, experience in preparation of written reports.
Ability to animate a community of practice.
Capability of integration in an international/multi-cultural environment

One of the following Certificates:
Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM),
Certified Ethical Hacker (CEH),
Offensive Security Certified Professional (OSCP)
Certified Secure Software Lifecycle Professional (CSSLP)
GIAC Certified Web Application Penetration Tester (GWAPT)
GIAC Certified Web Application Defender (GWEB)
English C1+

Self Assessment Questions:

• Do you have a Bachelor’s and Master’s degree
• Do you have 3+ years of experience in ISO27000 (min. competence level 2)
• Do you have 3+ years of experience in Application Security (min. competence level 2)
• Do you have 3+ years of experience in security testing (min. competence level 2)
• Do you have excellent knowledge of application security.
• Do you have experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorization, secrets management)
• Do you have experience with secure IT development patterns.
• Do you have a good Understanding of risk assessments
• Do you have experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
• Do you have experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
• Do you have good understanding of the 3rd party dependency security (libraries, container and VM images)
• Do you have good knowledge of secure development lifecycle
• Do you have good knowledge of OWASP models, frameworks and guides
• Do you have good Knowledge of Agile methodology
• Do you have the capability of integration in an international/multi-cultural environment
• Do you have one of the following Certificates:
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- Certified Ethical Hacker (CEH),
- Offensive Security Certified Professional (OSCP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- GIAC Certified Web Application Penetration Tester (GWAPT)
- GIAC Certified Web Application Defender (GWEB)
• Is your English level C1+
• Are you an EU National
• Are you ok with NET30 payment on this contract

Benefits

Location: Remote - EU
Daily rate: €300 - 470 Gross/ Day (depending on experience) - all inclusive with NET30 payment
Contract Duration: 2 years with Extensions up to 3 years
Type of Engagement: Freelancer or willing to start a freelance activity / B2B on a contract directly with us.
CV type: Standard

Interested?

Please send your resume to IT@brainsconsulting.ro

More info – please contact Adelina Tirziu – IT Recruitment Manager: 0040733733411