IT Security Manager
- Full-time
Company Description
Arηs is a fully independent group of companies specialized in managing complex IT projects and systems for large organisations, focusing on state-of-the-art software development, business intelligence and infrastructure services.
We are composed of 13 entities across 6 countries that are unified by the Arηs Group, with more than 1800 consultants.
This corporate structure enables us to respond quickly to market changes and customer requests, and to communicate and make decisions without layers of bureaucracy.
Our success can be attributed to the synergy among our nine complementary entities, combined with our methodologies, which are based on the Rational Unified Process (RUP) and the Scrum agile software development framework.
Job Description
Designing Security Architecture of web or S2S applications.
Design and setup of a secure development lifecycle
Business Impact Assessments
IT Security assessments of information systems.
Elaboration of IT Security Plans following Commission Decision 2017/46 on the security of
communication and information systems in the European Commission
Development and implementing security components.
Management of security tests
Elaboration of security test programs.
Application penetration testing
Integration with other applications.
Writing of technical documentation.
Assistance with deployment and configuration of the system.
Participation in meetings with the project teams.
Design and development of secure web and multi - tier applications.
Provision of security studies associated with information system projects.
Evaluations of security products and tools for information systems.
Assistance in the implementation of IS security policies and Local Security Strategy.
Assistance in Business Continuity Management
Give advice on security matters
Perform IT Security Risk analysis and Security gap analysis
Qualifications
IT Security consultant with the following specific expertise:
Application security.
Very good knowledge of PKI, including the ability to coach and support colleagues on its
implementation and troubleshooting
Analysis and Design: gathering requirements, OO & data models, design patterns, UML, threat
analysis.
Web application penetration testing and strong ability to formulate non-functional security
requirements during software development.
Good knowledge of information system security concepts and their practical application,
understanding of current trends
Good knowledge of IT security standards
Knowledge of security management methodologies and tools
Good experience with quality procedures
Strong capacity in preparing and writing studies
Good verbal and written communication skills
Knowledge of Java & JEE technologies, application architecture is an asset
Experience with Burpsuite and Keepass is an asset.
Knowledge of risk management methodologies such as ISO 27005 and ITSRM² is an asset
Knowledge of OWASP models, frameworks and guides is an asset
Security certifications highly desired (e.g. CISSP, CISM, OCSP, CSSLP, GWAPT, GWEB)