Application security expert

Division

SD Worx is processing personal data of millions of people and building innovative digital products and services for the payroll and HR services market requires SD Worx to only deploy secure applications. Within the Risk & Security team, we are expanding our capacity to support our Products division in doing just that through finding, fixing and preventing security weaknesses in close cooperation with our product teams.

Function

We are looking for an Application Security Specialist to support us in building a best in class application security program from our headquarters in Antwerp. The function is open for people from diverse professional background (e.g. development/test/consulting experience) and we are willing to adapt and further grow the function based on the experience and interests of the candidate.

You will be working on the following major activities:

• Assessment and improvement of the maturity of development teams in the use of pentesting, bug bounty, threat modeling architecture reviews, and optionally code review
• Guiding and assisting product development teams in building increasingly secure applications and in improving the security of current products
• Contributing to security by design & by default and converting this into a continuous improvement process by focusing on awareness
• Following up on secure product development practices and trends and provide suggestions to further improve our secure development processes
• Assisting in defining standards for security application development lifecycle
• Improving automated security testing through various methods and tools

Relevant topics: AppSec, IT Security, SDLC, Agile, DevOps, Penetration testing, Pentest, Security Breach, Ethical hacker, Threat Modeling, OWASP, Application Security, Web Application Testing, Security Testing Automation, TLS, Veracode, SAST, DAST, API, Bug bounty, vulnerability management

Profile

Technical Competencies:

• At least 1-2 years of experience in software engineering or application pentesting
• Some previous experience in application development
• Good understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• You are at least partially familiar with the foundations of secure development and application security (AppSec/DevSecOps) concepts and practices and you are curious to learn more in this fast changing field
• Penetration testing or bug bounty experience is beneficial but not required

Personal Competences:

• Fast learner that is not afraid to continuously learn new skills and adapt to a fast changing environment
• You are a team player that is interested in working with product developers or product owners to improve their application security skills
• You take initiative and like to get things done
• You are able to take a pragmatic approach in order to come up with solutions which are simple and feasible while keeping the end user in mind
• Good English and Dutch language skills

SD Worx offers you, besides a competitive salary and benefits package, the autonomy and flexibility to take ownership of your work. With the possibilities of flexible working hours, homework, working from other offices,… you can organize your own work.

For us, learning and innovating are like breathing, inspiring us to always go beyond. We offer multiple trainings, projects… where you will learn from experts or in practice. From the start you will be engaged in your team, where we share knowledge, talents and celebrate our differences.