IT Security Manager

  • Full-time

Company Description

Arηs is a fully independent group of companies specialized in managing complex IT projects and systems for large organisations, focusing on state-of-the-art software development, business intelligence and infrastructure services.

We are composed of 13 entities across 6 countries that are unified by the Arηs Group, with more than 1800 consultants.

This corporate structure enables us to respond quickly to market changes and customer requests, and to communicate and make decisions without layers of bureaucracy.

Our success can be attributed to the synergy among our nine complementary entities, combined with our methodologies, which are based on the Rational Unified Process (RUP) and the Scrum agile software development framework.

 

Job Description

Designing Security Architecture of web or S2S applications. 
 Design and setup of a secure development lifecycle 
 Business Impact Assessments 
 IT Security assessments of information systems. 
 Elaboration of IT Security Plans following Commission Decision 2017/46 on the security of 
communication and information systems in the European Commission  
 Development and implementing security components. 
 Management of security tests 
 Elaboration of security test programs. 
 Application penetration testing 
 Integration with other applications. 
 Writing of technical documentation. 
 Assistance with deployment and configuration of the system. 
 Participation in meetings with the project teams.

 Design and development of secure web and multi - tier applications. 
 Provision of security studies associated with information system projects. 
 Evaluations of security products and tools for information systems. 
 Assistance in the implementation of IS security policies and Local Security Strategy. 
 Assistance in Business Continuity Management 
 Give advice on security matters 
 Perform IT Security Risk analysis and Security gap analysis 

Qualifications

IT Security consultant with the following specific expertise: 

 Application security. 
 Very good knowledge of PKI, including the ability to coach and support colleagues on its 
implementation and troubleshooting 
 Analysis and Design: gathering requirements, OO & data models, design patterns, UML, threat 
analysis. 
 Web application penetration testing and strong ability to formulate non-functional security 
requirements during software development. 
 Good knowledge of information system security concepts and their practical application, 
understanding of current trends 
 Good knowledge of IT security standards 
 Knowledge of security management methodologies and tools 
 Good experience with quality procedures 
 Strong capacity in preparing and writing studies 
 Good verbal and written communication skills 
 Knowledge of Java & JEE technologies, application architecture is an asset 
 Experience with Burpsuite and Keepass is an asset. 
 Knowledge of risk management methodologies such as ISO 27005 and ITSRM² is an asset 
 Knowledge of OWASP models, frameworks and guides is an asset 
 Security certifications highly desired (e.g. CISSP, CISM, OCSP, CSSLP, GWAPT, GWEB) 

Privacy Policy