In the context of the fast evolution of distributed (java/mobile) development technologies and tools, BNP Paribas Fortis is looking for an application security engineer
The application security engineer will be part of the Application Security & Vulnerability Management team.Function description
You will join the Application Security & Vulnerability Management team. You will be responsible for the following tasks:
Major tasks:
* Manage requests, through Jira tickets, from squads for setting-up toolings related to the application security tools managed by our team
* Do code review on applications developed within IT using the security toolings (SAST)
* Pro-actively support and assist all IT development squads in their secure development/SecDevOps adoption.
o Prepare training sessions on security related topics like common coding mistakes
o Coach squads on how to use the different security tools
*
* Manage the technical infrastructure supporting automatic code reviews and open source library evaluations.
o Maintain the applied policies (security, compliance…)
o Follow-up and report on the execution of the evaluations
o Keep the development guidelines up-to-date
o Review defects and vulnerabilities
*
* Take leadership role, as an application security expert, in the implementation of projects/ changes in the scope of the team
Minor tasks:
* Managing security issues. If you detect a problem, it is your duty to inform the person responsible for the application and closely follow-up the case. You will also be in charge of reporting on these security issues.
* Supporting IT developers in their search for solutions to security risks and incidents.
* Providing input for new security measures (such as detection mechanisms).
You won't do much coding work, except sometimes writing some scripts used in our own tooling, but with your coding background you will support the organisation in making the code developed in IT more secure.
Your ambition is to grow in your expertise as application security expert to become a seasoned application security expert.
Requirements
Language requirements
Dutch Desirable to have knowledge of Dutch or French (not a must)
FrenchDesirable to have knowledge of Dutch or French (not a must)
EnglishVery good knowledge of English (absolute must)
Education
Master in IT or Engineering (for a Junior) or equivalent by experience for more experience profiles
Telework
Expectation: 50% on site & 50% homeworking
* You have experience in the development of applications and are up to date with the current evolutions in the domain of application development
* You have strong interest in application security and your ambition is to be become an expert in this domain in the next 3-5 years.
* You have a very good understanding of Software development lifecycle in an Agile environment and you understand DevOps
* You have a good understanding of software development lifecycle and the security checks to be applied at different stages
* You are up-to-date on the recent developments in the area of software development: from programming languages and technologies to the standard tools and platforms. (Jenkins, Gitlab, Maven, Docker…)
* You see application security as your domain of expertise
* You have an interest in penetration testing and first experience in it
* You are already knowledgeable with respect to network security.
* You understand the difficulties related to mobile application development & testing.
* No experience required, but it is a plus if there is experience in environments where information security is very important (banking, pharma, aviation, nuclear, military, ….)
Soft Skills
* Team player who shares information with colleagues to ensure a fluent circulation of information
* Self-starter
* Able to interact with multitude of profiles each time using the vocabulary associated (developers, architects, testers, business, management)
* Willingness to stay up-to-date with latest trends
* Quick self-starter, pro-active attitude
* Quick learner
* Good Communication and Influencing skills
* Good analytical and synthesis skills
* Autonomy, commitment and perseverance
* Ability to work in a dynamic and multi-cultural environment
* Flexible, accurate & control minded.
* Be able to work in a team, and with different groups in the organization, provide information and part of the solution, communication skills