Software Developer Security
Uni Systems, Belgium

• Create and maintain technical documentation related to software security.
• Responsible for continuous improvement of information security policy framework and for performing risks assessment, risks evaluation, and maintaining the relevant risk register.
• Design solutions to enable issue tracking, metrics, and reporting to support planning, compliance, and remediation activities. Keep oneself and the team up to date with the security trends, including threat intelligence, security services, tools, latest breaches, patch updates, etc.
• Collaborate with project stakeholders to identify security requirements.
• Conduct analysis to determine integration needs.
• Key benefiters will be application owners and system owners, to help them build secure applications.
• Design, implement and perform security testing to improve the security posture.
• Participate in building Vulnerability Management program and Penetration Testing program by identifying necessary process, procedures, techniques, tactics, and tools.
• Contribute to the security knowledge base and document development activities.
• Apply security in the following areas: design of new software and web applications, of support applications under development and customize current applications.
• Assist with the software update process for existing applications and roll-out of software releases.
• Provide technical leadership throughout the design process and guidance with regards to practices, procedures and techniques on security in software development matters.
• Work with Quality Assurance team to determine if applications are fit as compared to the specifications and technical requirements.
• Generate metrics for the relevant activities and prepare reports on the vulnerabilities for management and/or auditors, as needed.

Requirements

• Bachelor's degree in computer science engineering with 13 years of professional experience in Information Technology.
• Certification requirements: CCSSLP Certified Secure Software Lifecycle Professional, or ECCouncil CASE Certified Application Security Engineer Java, or GIAC Certified Web Application Defender.
• At least one of the following Certified Information Systems Security Professional, COMP TIA Security+, EC Council certifications CSCU, CND, CEH, CEH-Master (Practical), ECSA, ECSA-Master (Practical), LPT-Master (Practical), E|ISM, CCISO, ECIH, CHFI, ECES, CASE .Net, CSA, ECSS, CCSE, GSEC GIAC Security Essentials, GWAPT GIAC Web Application Penetration Tester, OSWA Offensive Security Web Assessor.
• Minimum 5 years of experience in building and integrating large Java, J2EE applications and with the following technologies: Java EE, SOAP/RESTful API and Micro Services, JMS, Java EE Application servers e.g. WebLogic, HTTPS, Angular, databases, XML, JavaScript, HTML, GIT, JIRA, Maven, Jenkins, Ansible, SOAPUI, Postman, etc.
• Minimum 3 years of experience in Identity amp; Access Management (IAM) technologies, including OAuth2/OIDC, MFA, FIDO, Single Sign-On, federation, Digital Certificates, and LDAP and IAM platforms Ping Federate, Ping Access, Okta, ForgeRock.
• Minimum 3 years of experience with application security, threat, and vulnerability management, OWASP Secure Coding Practices, DSOMM, ASVS v4, CVSS and CVE, application source code analysis to assess the vulnerabilities impact and to provide specific recommendations to application teams.
• Minimum 3 years of experience with cryptography and HSM.
• Minimum 3 years of experience with the security aspects of the DevSecOps paradigm and CI/CD deployment automation.
• Minimum 3 years of experience with Dynamic Analysis Security Testing (DAST) and Static Analysis Security Testing (SAST) with any of the following tools: Checkmarx, Synk, Fortify, Semgrep, AppScan, Burp Suite; Software Assurance Maturity Model (SAMM), misconfigurations, with any of the following tools SonarQube, Veracode, IBM AppScan, and OWASP Zap.
• Minimum 3 years of experience with application Security Testing tools and techniques, including penetration testing, vulnerability scans, analysing vulnerabilities, analysing the impact, assigning appropriate risk level, identifying relevant threats, threat modelling, corrective actions recommendations, summarizing and reporting results, OWASP WSTG 4.2.
• Minimum 3 years of experience with the researching, writing, and editing of documentation and technical requirements, including software security designs, evaluation plans, test results, technical manuals and formal recommendations and reports. Minimum 3 years of experience with industry best practices and standards, like PCI-DSS, NIST, ISO, PTES, OWASP SAMM.
• Fluent in English at a level B2 or higher.

Job Rewards and Benefits