Application Security Engineer

Zaventem, Belgique
Dès que possible
6 à 12 mois
Régie
Temps plein
Référence:
03-APPSECUENGI-QO
Projet :

Telework/onsite policy : Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.

Descriptif de la mission :

Responsibilities :
You will work closely with IT Development and Applications Team and also with the Infrastructure Team to integrate security into CI/CD pipelines, perform application security reviews, and remediate vulnerabilities directly at code or configuration level. You will receive priority list to work on from the Cybersecurity Team.  

This is a technical, practitioner role: you will analyze vulnerabilities, fix issues in applications, and help development teams build secure software by design.

If you enjoy working at the intersection of security, engineering, and DevOps, this role is for you.

You will be in charge of  taking action after triage to remediate application vulnerabilities (SAST/DAST/SCA findings - coming either from already existing tools or processes for the most part, or  you will be in charge of implementing some of the tools to detect vulnerabilities).

You will also perform secure code reviews and architecture security assessments.

In order you will: 

  • Resolve vulnerability issues and conflicts related to application code, libraries and dependencies

  • Help reduce technical debt and improve overall application security maturity through contributions to decision making process on vulnerability remediation and clarify options

  • reduce technical debt and improve overall application security maturity

  • Integrate security tooling into CI/CD pipelines (DevSecOps)

  • Support development teams with secure coding practices

  • Participate in threat modeling and security design reviews

You will focus on application security - however you will need to closely cooperate with your counterpart security engineers in charge of patch and vulnerability treatment at OS level. 

Expected skills and experience :

  • Modern CI/CD pipelines (GitLab,  DevOps Kubernetes/Docker)

  • SAST / DAST / SCA tools (e.g. Qualys, Pentest reports,  etc.)

  • Enterprise application stacks (Java, JavaScript/Node.js, TypeScript,  Angular or similar et possible .NET, Python)

  • Local DC environment

  • OWASP Top 10 and secure coding frameworks

Languages :

  • English - Fluent

  • French - Professional

Rémunération:
En fonction du profil