CTG IT Solutions is currently looking for a Security Testing Specialist within the European Institutions in Luxembourg.
Your responsabilities
-
Analysis of documentation (both from the project and generated internally) and code and other
information, also but not only with tools, preparation and execution of penetration testing, and
analysis and assessment of the results.
-
Participate in meetings as required, at the start of, end of, and eventually during the security testing
process.
-
Depending on the processes and procedures of the Contracting Authority, coordinate inside the
team and with project and application teams, organising technical meetings to elicit information,
escalating to the responsible team leader and/or the statutory staff responsible if necessary.
-
Assess the findings, also during the process, alerting immediately the responsible team leader
and/or the statutory staff directly responsible, when that may be necessary following the processes
and procedures of the Contracting Authority.
-
Prepare reports on the results of the technical security analysis and assessment, and communicate
them to statutory staff responsible according to the processes and procedures foreseen by the
Contracting Authority.
-
Should the processes and procedures of the Contracting Authority foresee the possibility of other
type of exercises with more reduce scope and/or as follow-up, do them and provide the necessary
reporting.
-
Report to the specifically assigned Team Leader and the statutory staff responsible on possible
technical challenges, actual and future, for the work of the team, and contribute as and if needed
to their analysis, and to proposals to address them.
-
Provide as needed, required and possible, following its processes and procedures, relevant
technical security input, also based on specific experience in the environment of the Contracting
Authority, to activities like e.g. technical evolution and maintenance in operations of platform
used for the security checks, DevSecOps.
Your profile
Education & certifications:
- Bachelor's degree in Computer Science and minimum 3 years of experience.
- Certification according to CEH, or equivalent certification.
-
Very good knowledge of English (Level C1) or very good knowledge of French (Level C1).
-
Knowledge
of both languages, one at C1 level and the other at B2 level in any configuration, is required.
Technical expertise:
-
Good knowledge of security and vulnerability management practices, preferably including
relevant framework, best practices and standards (e.g. NIST SP800, ISO 27001, OWASP,
hardening guidelines).
-
Good general ICT knowledge, e.g. networking, operating system, Firewalls, web applications
servers, programming and code quality tools, Virtualisation, runtimes (it is not required to have
practical experience of all of these elements).
-
Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus, Burp,
Kali-Linux).
- Good knowledge of development practices and knowledge of secure coding.
-
Understanding and at least basic knowledge of cloud services, and of the different types and
configuration of “cloud” services and applications potentially involving or not “cloud”.
- Preferably understanding of good design principles for distributed architecture using services.
Professional experience:
- Experience in implementation of security measures and/or security auditing.
- Experience as developer and/or in roles with technical security responsibilities.
-
Experience in activities and environments requiring to work with sensitive information, with
different information labels and handling rules.
-
Experience in analysis and in redaction of documents for, and contacts with, technical and
non-technical people (advantageous if in a context of security).
-
Preferably, experience in multicultural and multinational environments and organisations with
distributed responsibility and complex structures, eventually even EU institutions and bodies.
Soft skills:
-
Capability to work in a structured and precise manner, but also to adapt and be flexible in the
implementation of procedures and in process execution, and to understand dependencies and
absence thereof, including technical and non-technical constraints.
-
Capability to work as part of a team, collaborating and coordinating with others, but also in
autonomy.
- Willingness to learn and re-learn continuously.
-
Capability to reuse knowledge, experience and technical steps, and combine them in a different
way for different scenarios.
Our offer
- An attractive salary package with or without a company car
- 5 additional vacation days each year
- A dedicated training program with personal development plans
- Extra-legal advantages (IT material, banks, ...)
- Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...
If you like multicultural teams and want to join a company with open communication, then apply right now !
Please note that a criminal record will be asked for this position.
