Security Testing Specialist (onsite in Luxembourg) - EU Institution

Who are we?

Trasys International is a dynamic global organization that takes pride in being the trusted partner of EU Institutions. With strong commitment to excellence and a 30-years track record of delivering high-quality solutions, we are dedicated to supporting the growth and success of our clients. Our Mission is to help our clients keep up with the challenges of digital transformation by providing the right talent at the right time for the right job. To this end, we are constantly looking for talented professionals who are interested in working on challenging international projects and able to deliver high-quality results within multicultural environments. Our services include (but are not limited to) modernization of solutions, digital workspaces, cloud technologies and IT security. Our Headquarters are in Brussels and we have active accounts and offices across Europe (i.e. Luxembourg, Amsterdam, Athens, Stockholm, Geneva).

Is this YOU?

For one of our main clients based in Luxembourg - an European Institution, we are looking for a Senior Security Testing Specialist to join our team in the area of democracy, human rights and EU-level decision making. As a Security Testing Specialist, you will join the Quality Control and Accessibility (QCA) Service within the Directorate for Business Solutions (DESIQUAL) of the EU Institution. You will contribute to ensuring the quality, security, and compliance of software applications developed and used within the institution. You will be part of a multidisciplinary Security Testing team responsible for functional, integration, security, and automated testing of multi-tier and cloud-based applications. Your role will involve both hands-on testing and advisory responsibilities, supporting project managers and product owners throughout the software development lifecycle. You will play a crucial role in supporting the innovation policies and decisions, enabling the successful implementation of the client's digital transformation and EU policies.

For the needs of the client, you must be based in Luxembourg/Nearby and work on hybrid mode (office time 3 times per week) and have full rights to work in Luxembourg.

As Security Testing Specialist, you will perform the following tasks:

• Analysis of documentation (both from the project and generated internally) and code and other information, also but not only with tools, preparation and execution of penetration testing, and analysis and assessment of the results;

• Participate in meetings as required, at the start of, end of, and eventually during the security testing process;

• Depending on the processes and procedures of the Contracting Authority, coordinate inside the team and with project and application teams, organising technical meetings to elicit information, escalating to the responsible team leader and/or the statutory staff responsible if necessary;

• Assess the findings, also during the process, alerting immediately the responsible team leader and/or the statutory staff directly responsible, when that may be necessary following the processes and procedures of the Contracting Authority;

• Prepare reports on the results of the technical security analysis and assessment, and communicate them to statutory staff responsible according to the processes and procedures foreseen by the Contracting Authority;

• Should the processes and procedures of the Contracting Authority foresee the possibility of other type of exercises with more reduce scope and/or as follow-up, do them and provide the necessary reporting;

• Report to the specifically assigned Team Leader and the statutory staff responsible on possible technical challenges, actual and future, for the work of the team, and contribute as and if needed to their analysis, and to proposals to address them;

• Provide as needed, required and possible, following its processes and procedures, relevant technical security input, also based on specific experience in the environment of the Contracting Authority, to activities like e.g. technical evolution and maintenance in operations of platform used for the security checks, DevSecOps.

#LI-VB1

Are you the perfect match?

• University degree (BSc/MSc);

• Good knowledge of security and vulnerability management practices, preferably including relevant framework, best practices and standards (e.g. NIST SP800, ISO 27001, OWASP, hardening guidelines);

• Good general ICT knowledge, e.g. networking, operating system, firewalls, web applications servers, programming and code quality tools, virtualisation, runtimes (it is not required to have practical experience of all of these elements);

• Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus, Burp, Kali-Linux);

• Good knowledge of development practices and knowledge of secure coding;

• Understanding and at least basic knowledge of cloud services, and of the different types and configuration of “cloud” services and applications potentially involving or not “cloud”;

• Preferably understanding of good design principles for distributed architecture using services;

• Certification according to CEH, or equivalent certification;

• Advanced knowledge of English (Level C1) or very good knowledge of French (Level C1). Knowledge of both languages, one at C1 level and the other at B2 level in any configuration, is required.

It will be nice if you have…

• Experience in implementation of security measures and/or security auditing;

• Experience as developer and/or in roles with technical security responsibilities;

• Experience in activities and environments requiring to work with sensitive information, with different information labels and handling rules;

• Experience in analysis and in redaction of documents for, and contacts with, technical and non-technical people (advantageous if in a context of security);

• Preferably, experience in multicultural and multinational environments and organisations with distributed responsibility and complex structures, eventually even EU institutions and bodies.