IT Security Consultant – Senior Application Security Specialist


How will you make a difference?
As an Application Security Consultant, it is your mission to fight software insecurity and help our customers to build and maintain secure applications that their business and their users can trust.
Our customers will come to you with their concerns about the security of their applications. By offering your expertise, you will help them get peace of mind.

Who are we looking for?

• You are already an accomplished application security specialist and are looking for a team approach. • You are ever willing to learn and become a better consultant, technically and personally.
• You are ambitious, have a passion for security, want to learn more, more more.
• You are flexible, hard working and loyal. You are analytical, structured and responsible.
• You consider pizza to be brainfood.

What do we offer?

At Toreon, we are all about people (and their brains). We help our team members to develop themselves to be better experts, better professionals and better team players.
We are dedicated to sharing and expanding knowledge. We work hard and play hard. Although we maintain a fun filled culture at the office, we are very serious about our clients’ needs.
• You get a big training budget.
• You get all the usual: car, PC/MAC, phone.
Our way of working is a team approach. You are always part of a Toreon team working at our clients. You work with senior and junior people with different backgrounds. This will help you to learn from the best and become a better rounded consultant.
As an organisation, we are always trying to organise ourselves better. But we are a young company. You are expected to do your part in making us all better.
Show us your sense of responsibility and we will allow for a very flexible job that fits your personal and family’s needs.

What do we expect of you?

We are not a 9 to 5 company. You are expected to be flexible in your work and your time management. You provide consulting to our clients and will have to work around their schedules. In return, we will be flexible towards your needs.

You will participate in the Toreon Application Security team to:
• Guide our customers to build application security controls into their software development lifecycle, so its security maturity level is aligned with the customer’s software and business risk profile.
• Define and maintain the Toreon application security testing methodology used to perform static and dynamic security testing of web applications.
• Support and advise customers solving detected vulnerabilities.
• Scope, execute and QA software security reviews such as:
– Threat modelling
– Security code reviews
– Application security testing.
• Evaluate customer applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
• Provide training to Toreon customers on web & mobile application security coding methodologies, best practices, tooling and embedding security in the application development lifecycle.
At the office, you will make coffee, get sandwiches, fill the dishwasher and take the garbage out (but so do we). We are a startup, get used to it!

Expected knowledge and experience

Must haves:
• A deep understanding of, and hands-on coding experience in Java/J2EE or C#/.NET. Experience with both is a plus.
• Working knowledge of application technologies including web application architectures, databases, mobile development platforms, and a variety of programming and markup languages (such as C#, Java, Objective C, PHP, HTML, CSS, JavaScript, Perl, etc.).
• Experience using build tools (e.g. ant, make, maven, msbuild, nant, etc.).
• Strong knowledge of standard engineering principles, theories, concepts and techniques in regards to software engineering.
• The ability to talk with credibility about large enterprise software architectures and software project processes.
• Strong understanding and hands-on experience of application security concepts, such as a Secure Software Development Lifecycle and practical implementation, requirements gathering and test planning, software architecture, secure coding, and QC testing.
• Relevant tool knowledge should include code security scanners, web application vulnerability scanners, assessment support tools (e.g. Burp Suite), Web Application Firewalls, etc…
• Experience providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
• Is able to talk credibly about security across application security principles, threats, attacks, vulnerabilities, and countermeasures.
• Knowledgeable about security architecture, methodologies, policies and practices.
• Training and presentation skills in English and Dutch or French.
• Proven track record in cross enterprise communication with a highly developed awareness for organisational sensitivity.
• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgement and maturity.

Educational and professional requirements:

• Relevant master degree or similar qualifications by experience in software development, IT security, and/or security testing.
• At least 5 years of experience in software engineering, development and security assessments.
• At least 3 years of experience evaluating the security of applications using both manual and automated techniques.
• Fluent communication skills (oral and written) in English and Dutch or French.

How to apply:

Send us a motivated message and your CV.