We are looking for a "Web Application Security Consultant" in Brussels, someone with 4 years experience in penetration testing (C|EH), security (gap) analysis and documentation.
Description of tasks:
•Assist the client in monitoring the security aspects of the implementation activities performed by the developer for web applications notably with a view to ensure that the development follows a Secure Development Life Cycle, taking the OWASP recommendations as guideline:
-Review and when appropriate draft documentation relating to security of the web application development;
-Contribute to the requirements and specifications;
-Review of the architecture and design options proposed by the developer;
-Lead/perform the threat modeling activity if necessary;
-Follow-up and report on the correct implementation of the security measures as defined by the contractor and agreed at the previous step
-Perform security tests and coordinate with (and possibly review test plan content of) the other stakeholders involved in security tests (black and white box testing, penetration testing,..) to check the specifications related to security are met;
•The contractor will review, provide recommendation and, where agreed, to follow up the implementation of any modification of the interfaces with external systems to which the applications are connected to (Oracle Databases, ITL, ECAS, External Trading Platforms,)
•The contractor will cooperate with the hosting environment provider to ensure the security of the environment of execution of the web application (Java EE platform run on WebLogic server) including the security of the deployment of new software version and patches.
•The contractor will assist the Team in the bug/incident analysis and, if security relevant, to provide advice on the definition of mitigation measures and correction.
•The contractor will provide support in the field of the security of Web Application on other subsystems using the same technology.
The consultant is required to have an in-depth knowledge and professional experience (minimum 3 years) in the following specific technologies that constitutes the technical environment in which the contractor will be required to provide its service:
•Java EE platform (including Java Server Faces, Enterprise Java Beans, and SOAP based web services technologies e.g. WS Security) software development and security of Java EE web application;
•Weblogic and Tomcat application servers security configuration and operation including WL Security Framework;
•Oracle and Postgresql DBMSs security configuration and operation;
•OWASP methodology, guidelines and adapted mitigation/remediation measures implementation;
•Secure Development Life Cycle (SDLC) applied to Java applications and programming;
•Public-key infrastructure (PKI) – X509 digital certificates;
•Server Socket Layer SSL / TLS communication layer implementation on large and high-availability infrastructure;
•Unix family Operating Systems (Solaris and X-86 Linux) security principles;
You can contact us directly on 0032 238 17 21 or send us your CV to the following mail: firstname.lastname@example.org !
Looking forward speaking with you !