Application Security Architect
Companies that want to remain relevant and want to move forward are confronted with security and data threats within the digital world. Toreon makes digital progress possible by mapping and eliminating security risks. In this way we ensure that companies can continue their business with confidence in a secure digital environment.
We identify the digital risks within the organization and guide the customer to eliminate these risks. Because we are independent, the companies can count on our integrity and expertise to provide the best customized solution. We have only one goal in mind: making working together in the digital world a lot safer.
As a partner in digital security, we listen and ask the right questions to clearly formulate the precise needs. Our people are driven by knowledge and focused on collaboration. Through internal coaching and training we increase safety and expertise within Toreon and our customers. In this way we take steps together towards a digital progress.
HOW WILL YOU MAKE A DIFFERENCE?
As an Application Security Consultant, you improve the security of our clients’ businesses. Using your knowledge of secure development, you provide original solutions to problems they have (and don’t even know they have)
WHAT WILL YOU DO?
You will participate in the Toreon Application Security team to:
- Define and maintain the Toreon application security testing methodology to perform static and dynamic security testing of web applications. Support and advice customers solving detected vulnerabilities.
- Scope, execute and QA software security reviews such as:
- Threat modelling
- Security code reviews
- Application security testing
- Evaluate customer applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
- Perform training to Toreon customers on web & mobile application security coding methodologies, best practices, tooling and embedding security in the application development lifecycle
- Guide our customers to “build-in” application security controls into their software development lifecycle, so that its security maturity level is aligned with the customer software and the business risk profile
WHO ARE YOU?
- You are already an accomplished application security specialist and are looking for a team approach.
- You are ever willing to learn and become a better consultant, technically and personally.
- You are ambitious, have a passion for security, want to learn more, more, more.
- You are flexible, hard working and loyal.
- You are analytical, structured and responsible.
- You consider pizza to be brainfood.
YOUR TECHNICAL BACKGROUND
- Knowledge of development frameworks, application architectures, authentication systems (e.g. MVC, OAuth, OpenID, AUTH, design patterns, serverless)
- A deep understanding of, and hands-on coding experience in Java/J2EE or C#/.NET. Experience with both is a plus.
- Experience using build tools (e.g. ant, make, maven, msbuild, nant, Jenkins, TFS etc.).
- Strong knowledge of standard engineering principles, theories, concepts and techniques in regards to software engineering.
- The ability to talk with credibility about large enterprise software architectures and software project processes.
- Strong understanding and hands-on experience of application security concepts, such as a Secure Software Development Lifecycle and practical implementation, requirements gathering and test planning, software architecture, secure coding, and QC testing.
- Relevant tool knowledge should include code security scanners, web application vulnerability scanners, assessment support tools (e.g. Burp Suite), Web Application Firewalls, etc…
- Experience providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
- Is able to talk credibly about security across application security principles, threats, attacks, vulnerabilities, and countermeasures.
- Knowledgeable about security architecture, methodologies, policies and practices.
- Training and presentation skills in English and Dutch or French.
- Proven track record in cross enterprise communication with a highly developed awareness for organisational sensitivity.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgement and maturity.
- Knowledge of IoT related technologies such as SoC, Zigbee, LoraWan, BLE, RFID, VOIP etc is a plus.
EDUCATIONAL AND PROFESSIONAL REQUIREMENTS
- Relevant master degree or similar qualifications by experience in software development, IT security, and/or security testing.
- At least 5 years of experience in software engineering, development and security assessments.
- At least 3 years of experience evaluating the security of applications using both manual and automated techniques.
- Fluent communication skills (oral and written) in English and Dutch or French
WHAT DO WE OFFER YOU?
At Toreon, we are all about people (and their brains). We help our team members to develop themselves to be better experts, better professionals and better team players.
We are dedicated to sharing and expanding knowledge. Although we maintain a fun filled culture at the office, we are very serious about our clients’ needs.
- A good salary based on experience.
- A Flexible Income Plan to optimize your needs (extra vacation days, bike leasing,..).
- A big training budget.
- Budget for a car, PC/MAC, phone, meal vouchers, insurance.
- You get a dynamic team in a stimulating learning environment.
- You are invited to a lot of knowledge sharing events and stimulated to organise your own.
You are always part of a Toreon-team working at our clients. You work with senior and junior people with different backgrounds. This will help you to learn from the best and become a better-rounded consultant. We take our people’s needs and amibitions into consideration when assigning projects.
Show us your sense of quality, integrity and responsibility and we will allow for a very flexible job that fits your personal and family’s needs.