Expert in Secure Development - 5141
Serco is a partner of choice to the European Institutions and other International Organisations. For the past 30 years, we have been providing European and International Organisations a wide range of services including ICT services in support, infrastructure, operations and development as well as managing different contact centres for the key European Institutions, agencies and organisations, in Brussels and across Europe.
What connects the ever-growing Serco workforce is a passion for delivering great service –
To keep ahead, we have to evolve continually and enhance the way we deliver our services. Everyone in Serco has a role to play, here.
Serco provides the right environment to encourage ideas and a comprehensive Best Practice support network that enables them to put their ideas into action.
We are hiring an Expert in Secure Development for our prestigious partner DIGIT TM (DG Informatics) in Brussels. DIGIT-TM is a contract from the European Commission for IT services across Europe.
If you like to work in a multi-cultural and dynamic environment, this opportunity can answer to your expectation.
We look forward to meeting you! Discover the offer below and click on ‘Apply’ if you know that your skillset and talents are a suitable match for this opportunity.
At Serco, we do not only offer a career but also the opportunity to join a community where everyone’s wellbeing matters, by living out the Serco values in all we do!
Are you looking to secure a career in a public sector environment? We would love to hear from you!
As Expert in Secure Development you will be responsible for:
- Contribute to the design of the overall application security.
- Define security requirements and derive technical actions targeting the application components and the code base.
- Draft documentation such as architecture design descriptions, assessment reports and configuration descriptions.
- Take an active part in developing and improving the application security, and have it understood and implemented by the team.
- Analyse risks and security policy requirements and propose actions.
- Vulnerability testing definition of corrective actions.
- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact.
- Provide security training and education.
- Draft security programmes, security plans and propose implementation actions.
- Design and setup of a secure development lifecycle
- Application penetration testing
- Participation in meetings with the project teams.
- Advice on design and development of secure web and multi- tier applications.
- Give advice on application security matters
- Contribute to the IT security risk management process
- Coach/ train the colleagues in the software factories on Secure development matters
In return, we offer a friendly, supportive and professional environment that respects your work/life balance and ultimately contributes to the delivery of public services in Belgium and around the world.
LEVEL OF EDUCATION
- Master’s level or 5 years of higher education.
KNOWLEDGE AND SKILLS
- Excellent knowledge of application security.
- Experience in the security aspect of software development (i.e.: authentication with open id connect SAML or CAS, secure rest or web services, encryption with PKI, authorisation, secrets management)
- Experience with secure IT development patterns.
- Understanding of risk assessments
- Experience in penetration testing and ethical hacking (i.e.: usage of tools like Metasploit, Burpsuite or equivalent).
- Experience with security test tools (i.e.: Fortify or equivalent) and web site vulnerability scans.
- Good understanding of the 3rd party dependency security (libraries, container and VM images)
- Good knowledge of secure development lifecycle
- Good knowledge of OWASP models, frameworks and guides
- Good Knowledge of Agile methodology
- Excellent interpersonal and communication skills.
- Good redaction skills, experience in preparation of written reports.
- Ability to animate a community of practice.
- Capability of integration in an international/multi-cultural environment
- Security certifications (e.g. CISSP, CISM, OCSP, CSSLP, GWAPT, GWEB) are an asset
Due to the particular nature of a large international organisation such as the European Commission, candidates should also have the following non-technical skills:
- Capability of integration in an international/multicultural environment, rapid self-starting capabilityand experience in working in team;
- Ability to make presentations to Member State Authorities, excellent communicator.
- Ability to participate in multilingual meetings;
- Ability to work in multi-cultural environment, on multiple large projects;
- Excellent Team Player
- Ability to understand, speak and write in English C1; French at level B1 or higher will be anadvantage;
- High degree of discretion and integrity is required as the applications managed and maintained inMOVE-ENER SRD.2 contain personal and confidential data
- at least 3 years of experience in ISO27000 (min. competence level 2)
- at least 3 years of experience in Application Security (min. competence level 2)
- at least 3 years of experience in security testing (min. competence level 2)
CERTIFICATIONS & STANDARDS
At least one of the following certifications is required for the performance of tasks:
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- Certified Ethical Hacker (CEH),
- Offensive Security Certified Professional (OSCP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- GIAC Certified Web Application Penetration Tester (GWAPT)
- GIAC Certified Web Application Defender (GWEB) or equivalent - to be approved by the Commission.
Applicable security procedures
- All non-EU external service providers, who may have access either to EC premises or to EC network, are subject of security screening by Commission’s security directorate (HR.DS) before specific contract signature to assess risks vis-à-vis Commission’s sensitive non-classified information.
- The selected candidate will work within a team dealing with sensitive security matters, therefore integrity and confidentiality are a must. The selected candidate might be required to apply for EU-27 Security Clearance. Should the security clearance be refused by the relevant National Security Authorities, the Specific Contract could be ended without further justification.
Any offer of employment is contingent upon you providing documents to verify your identity and employment eligibility, as required by law.
Applicants are reminded that they will be requested to produce such documentation during the recruitment process.
Please contact a member of the recruitment team if you require further details of acceptable types of documentation required for verification of identity and work authorization.
When creating a profile on the Serco Career Centre you agreed to the Data Protection policy, a copy is available upon request.
You may submit a written request revoking your consent to this agreement at any time.
Corporate Benefits Package
Support provided to EU Nationals requiring relocation – Information available upon request
And the chance to make a positive difference in a company passionate about diversity and inclusion.
Further information available from the Serco Europe Recruitment Team
About the Company
Why should you join Serco ?
At Serco not only is the nature of the work we do important, everyone has an important role to play.
Meaningful and vital work - You’ll contribute to methodologically intercepting challenges whilst achievements will also be recognised and celebrated.
A world of opportunity - You’ll be wholeheartedly supported with development and career progression
Great people - You’ll become an integral member of a well-defined and supportive team who believe passionately in the value of our work.
What we offer
- Chance to contribute to innovation in the public services sector
- A company passionate about diversity and inclusion
- Permanent employment with comprehensive Serco Benefits package.
At Serco, not only is the nature of the work we do important, everyone has an important role to play when managing complex public services.
We are a team of 60,000 people responsible for delivering essential public services around the world, we are innovators, committed to redesigning and improving public services for the benefit of everyone.
By joining Serco you will have unlimited access to our Global Employee Networks – SercoInspire (Gender), SercoEmbrace (Multicultural), SercoUnlimited (Disability) and In@Serco (LGBT & Networks). Serco Employee Networks, led by colleagues who are passionate about diversity, inclusion and belonging.
Please click on the apply button to be taken to our careers website
Serco is a Disability Confident Employer committed to employing and retaining people with disabilities. Disabled applicants who meet the minimum criteria for the job will be given the opportunity to demonstrate their abilities at an interview.
Serco European Agencies