Application Security Consultant

 

About us
We believe that security is vital for people to live and work confidently and with trust in our digital society. That’s why we dedicate ourselves to provide Information Security Consulting Services. Toreon is a young and dynamic company. Because we are committed to our goal, and because there is a growing need for securer IT systems, we are looking for an application security consultant.

How will you make a difference?
As an Application Security Consultant, you improve the security of our clients’ businesses. Using your knowledge of secure development, you provide original solutions to problems they have (and don’t even know they have).

What will you do?
You will participate in the Toreon Application Security team to:

  • Define and maintain the Toreon application security testing methodology to perform static and dynamic security testing of web applications. Support and advice customers solving detected vulnerabilities.
  • Scope, execute and QA software security reviews such as:
    • Threat modeling
    • Security code reviews
    • Application security testing
  • Evaluate customer applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
  • Perform training to Toreon customers on web & mobile application security coding methodologies, best practices, tooling and embedding security in the application development lifecycle
  • Guide our customers to “build-in” application security controls into their software development lifecycle, so that its security maturity level is aligned with the customer software and the business risk profile.

Who are you?
Technical skills:

  • Knowledge of programming language (JAVA or .net) (mandatory)
  • 2 years of programming experience in a professional environment (mandatory)
  • Knowledge of development frameworks, application architectures, authentication systems (e.g. MVC, OAuth, OpenID, AUTH, design patterns, serverless) (plus)
  • Knowledge of development and deployment toolchain and procedures (Jenkins, unit testing, Docker, Kubernetes, TFS, JIRA, Git, Agile, DevSecOps, Spotify model) (plus)
  • Knowledge of security tools and practices in development (Static code analysis, code review, automated security testing, dependency checking) (plus)
  • Knowledge of threat modeling (plus)

Other skills:

  • Communicative (mandatory)
  • Business Writing (plus)
  • Ambitious (mandatory)
  • Want to learn /self-study (mandatory)
  • Risk management (plus)

What do we offer you?
At Toreon, we are all about people (and their brains). We help our team members to develop themselves to be better experts, better professionals and better team players. We are dedicated to sharing and expanding knowledge. We work hard and play hard. Although we maintain a fun filled culture at the office, we are very serious about our clients’ needs.

  • You get a big training budget.
  • You get all the usual: car, PC/MAC, phone, meal vouchers, …
  • You get a dynamic team in an environment that values humor on a daily basis

Our way of working is a team approach. You are always part of a Toreon team working at our clients. You work with senior and junior people with different backgrounds. This will help you to learn from the best and become a better-rounded consultant.
Show us your sense of responsibility and we will allow for a very flexible job that fits your personal and family’s needs.

How to apply:

Send us a motivated message and your CV.