Human Profiler is a Human Resources Consultant with a decade of experience in the market. Specialized in Outsourcing in IT and in Recruitment and Selection Processes of qualified profiles, acting with total flexibility and adaptation to the needs of our customers and partners. We are looking for a Expert Secure Development (m/f) to join our team.
Following tasks will be performed by external service provider:
• Contribute to the design of the overall application security.
• Define security requirements and derive technical actions targeting the application
components and the
• Draft documentation such as architecture design descriptions, assessment reports and
• Take an active part in developing and improving the application security, and have it
understood and implemented by the team.
• Analyse risks and security policy requirements and propose actions.
• Vulnerability testing definition of corrective actions.
Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.
• Provide security training and education.
• Draft security programmes, security plans and propose implementation actions.
• Design and setup of a secure development lifecycle
• Application penetration testing
• Participation in meetings with the project teams.
• Advice on design and development of secure web and multi- tier applications.
• Give advice on application security matters
• Contribute to the IT security risk management process
• Coach/ train the colleagues in the software factories on Secure development matter
. LEVEL OF EDUCATION
Bachelor’s and Master’s degree on relevant field of interest
. KNOWLEDGE AND SKILLS
Following skills and knowledge are required for the performance of the above listed tasks:
• Excellent knowledge of application security.
• Experience in the security aspect of software development (i.e.: authentication with open
id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation,
• Experience with secure IT development patterns.
• Understanding of risk assessments
• Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit,
Burpsuite or equivalent).
• Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability
• Good understanding of the 3rd party dependency security (libraries, container and VM
• Good knowledge of secure development lifecycle
• Good knowledge of OWASP models, frameworks and guides
• Good Knowledge of Agile methodology
• Excellent interpersonal and communication skills.
• Good redaction skills, experience in preparation of written reports.
• Ability to animate a community of practice.
• Capability of integration in an international/multi-cultural environment
• Security certifications (e.g. CISSP, CISM, OCSP, CSSLP, GWAPT, GWEB) are an asset
. SPECIFIC EXPERTISE
Following specific expertise is mandatory for the performance of tasks:
• at least 3 years of experience in ISO27000 (min. competence level 2)
• at least 3 years of experience in Application Security (min. competence level 2)
• at least 3 years of experience in security testing (min. competence level 2)
. CERTIFICATIONS & STANDARDS
At least one of the following certifications is required for the performance of tasks:
• Certified Information Systems Security Professional (CISSP),
• Certified Information Security Manager (CISM),
• Certified Ethical Hacker (CEH),
• Offensive Security Certified Professional (OSCP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Certified Web Application Penetration Tester (GWAPT)
• GIAC Certified Web Application Defender (GWEB)
Belonging to this team allows:
- Continuous Training;
- Monitoring by the whole team;
- Health Insurance;
- Several Partners (such as: health, wellness, travel, gastronomy, culture, leisure, among others ...)
- Presential and/or Online Events (Team Building, Summer Party, Birthday Party and Christmas).
Send your application with updated resume with the reference ExpSecureDev_MM, to our address: firstname.lastname@example.org