The Contraste Europe Group builds strong relations with its clients. It offers a range of IT services such as: Advisory, Solutions, Applications and Infrastructure. The Group’s sector focus is with finance, utilities, public institutions and non-commercial organisations. We are operating on three countries located in Belgium, Luxemburg and France.
For one of our major clients in the financial sector, we are looking for a Security Analyst.
- A challenging position in a fast growing company with an international presence.
- A stimulating working environment with a really good team spirit maintained by lots of internal events (teambuilding, ...).
- A dynamic culture focused on personal development.
- A wide range of training and career development opportunities.
The main focus of the work will be in conducting operational activity, analysing source code findings and providing subject matter expertise to developers, using IBM Appscan Source.
Specific qualifications for the Security Analyst position include:
- At least 5 years of experience in IT industry
- Web application development background in .NET or Java
- Strong code review experience
- Must be able to read source codes and detect bad coding practices
- Must be able to guide developers on how to resolve/fix security issues
- Strong security knowledge using IBM Appscan Source. or similar tools (Fortify, Veracode, etc)
- Familiar with OWASP, SANS, CWE initiatives
- Knowledgeable about how security vulnerabilities can be exploited in application code by attackers and what are the coding best practices to prevent these attacks
- Experience with end-to-end application software security processes including management and remediation of findings
The Security Assurance and Test Team are part of the GSBR (Group Security and Business Resilience) division in charge of the security assurance.
The mission of the SAST team within GSBR is to implement and operate a set of applications security controls through an automated process integrated through the Software Development Life Cycle/s (SDLC). We ensure that corporate policies and OWASP guidelines are uniformly applied by development teams across all business unit.
- Analyse source code using automated static analysis scanning to establish a baseline
- Correlate findings against the existing databases of known software vulnerabilities, to help identify security flaws during the development phase
- Increase the software development teams knowledge of secure coding procedures, so the organization can build security with every release
- Provide developers with guidance to understand, prioritize and remediate vulnerabilities
- Enforce production scans with a Go-Live criteria: No OWASP Top 10 vulnerabilities
- Report on key metrics on all scanned applications
We are seeking a highly motivated individual with strong code review experience. You must be self-motivated and have the experience, personality, and passion to support developers and designers.
Team members are expected to achieve the mission and deliver exceptional performance for our customers and the business, with energy, focus, flexibility, and personal character. The Employee Success Factors define the behaviours that contribute to achieving those expectations. He or She will be expected to:
- Ensure compliance with established standards, policies, and performance guidelines.
- Focus on customers.
- Strive to exceed customer expectations and metrics
- Build strong relationships with customers
- Deliver Quality Results
- Stay focused, overcoming distractions and obstacles to achieve goals
- Carries out assignments with thoroughness, accuracy and attention to detail
- Act Ethically
- Act in accordance with the Group's values
- Act as a Team Player
- Develops and maintains productive working relationships with team members
- Actively shares information and expertise
- Support Change and Innovation
- Maintains a positive attitude in response to change and uncertainty
- Effectively handles shifting demands and multiple priorities
- Continually looks for ways to streamline processes, reduce costs and accomplish goals
- Experience with Software Development Life Cycle (SDLC)
- Experience using Microsoft Office suite including Word, Excel, Access, Etc.
- Experience using a Service Desk
- Skills in one of the following languages and technologies: J2EE, .NET
- Agile knowledge
- Experience of leading or managing an application software security team would be an advantage.