Security Testing Specialist

Your responsabilities

• Analysis of documentation (both from the project and generated internally) and code and other
• information, also but not only with tools, preparation and execution of penetration testing, and
• analysis and assessment of the results.
• Participate in meetings as required, at the start of, end of, and eventually during the security testing
• process.
• Depending on the processes and procedures of the Contracting Authority, coordinate inside the
• team and with project and application teams, organising technical meetings to elicit information,
• escalating to the responsible team leader and/or the statutory staff responsible if necessary.
• Assess the findings, also during the process, alerting immediately the responsible team leader
• and/or the statutory staff directly responsible, when that may be necessary following the processes
• and procedures of the Contracting Authority.
• Prepare reports on the results of the technical security analysis and assessment, and communicate
• them to statutory staff responsible according to the processes and procedures foreseen by the
• Contracting Authority.
• Should the processes and procedures of the Contracting Authority foresee the possibility of other
• type of exercises with more reduce scope and/or as follow-up, do them and provide the necessary
• reporting.
• Report to the specifically assigned Team Leader and the statutory staff responsible on possible
• technical challenges, actual and future, for the work of the team, and contribute as and if needed
• to their analysis, and to proposals to address them.
• Provide as needed, required and possible, following its processes and procedures, relevant
• technical security input, also based on specific experience in the environment of the Contracting
• Authority, to activities like e.g. technical evolution and maintenance in operations of platform
• used for the security checks, DevSecOps.

Your profile

Education & certifications:

• Bachelor's degree in Computer Science and minimum 3 years of experience.
• Certification according to CEH, or equivalent certification.
• Very good knowledge of English (Level C1) or very good knowledge of French (Level C1).
• Knowledge
• of both languages, one at C1 level and the other at B2 level in any configuration, is required.

Technical expertise:

• Good knowledge of security and vulnerability management practices, preferably including
• relevant framework, best practices and standards (e.g. NIST SP800, ISO 27001, OWASP,
• hardening guidelines).
• Good general ICT knowledge, e.g. networking, operating system, Firewalls, web applications
• servers, programming and code quality tools, Virtualisation, runtimes (it is not required to have
• practical experience of all of these elements).
• Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus, Burp,
• Kali-Linux).
• Good knowledge of development practices and knowledge of secure coding.
• Understanding and at least basic knowledge of cloud services, and of the different types and
• configuration of “cloud” services and applications potentially involving or not “cloud”.
• Preferably understanding of good design principles for distributed architecture using services.

Professional experience:

• Experience in implementation of security measures and/or security auditing.
• Experience as developer and/or in roles with technical security responsibilities.
• Experience in activities and environments requiring to work with sensitive information, with
• different information labels and handling rules.
• Experience in analysis and in redaction of documents for, and contacts with, technical and
• non-technical people (advantageous if in a context of security).
• Preferably, experience in multicultural and multinational environments and organisations with
• distributed responsibility and complex structures, eventually even EU institutions and bodies.

Soft skills:

• Capability to work in a structured and precise manner, but also to adapt and be flexible in the
• implementation of procedures and in process execution, and to understand dependencies and
• absence thereof, including technical and non-technical constraints.
• Capability to work as part of a team, collaborating and coordinating with others, but also in
• autonomy.
• Willingness to learn and re-learn continuously.
• Capability to reuse knowledge, experience and technical steps, and combine them in a different
• way for different scenarios.

Our offer

• An attractive salary package with or without a company car
• 5 additional vacation days each year
• A dedicated training program with personal development plans
• Extra-legal advantages (IT material, banks, ...)
• Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...

If you like multicultural teams and want to join a company with open communication, then apply right now !

Please note that a criminal record will be asked for this position.