Application Security Engineer DevSecOps OWASP
il y a 1 jour
<div><h3>About the job: Application Security Engineer DevSecOps OWASP (Employed or freelance)</h3>
<p>We are looking for a <b>hands‑on Application Security Engineer</b> to strengthen security across the software lifecycle of our client and integrate vulnerability mitigations into real‑life healthcare HA software environment.</p>
<h3>Tasks and responsibilities</h3>
<p>You will work closely with <b>IT Development and Applications Team</b> and also with the <b>Infrastructure Team</b> to integrate security into CI/CD pipelines, perform application security reviews, and remediate vulnerabilities directly at code or configuration level. You will receive priority list to work on from the Cybersecurity Team.</p>
<p>This is a <b>technical, practitioner role</b>: you will analyze vulnerabilities, fix issues in applications, and help development teams build secure software by design.</p>
<p>If you enjoy working at the intersection of <b>security, engineering, and DevOps</b>, this role is for you.</p>
<p>You will be in charge of taking action after triage to remediate application vulnerabilities (SAST/DAST/SCA findings – coming either from already existing tools or processes for the most part, or you will be in charge of implementing some of the tools to detect vulnerabilities).</p>
<p>You will also perform secure code reviews and architecture security assessments.</p>
<p>In order you will:</p>
<ul>
<li>Resolve vulnerability issues and conflicts related to application code, libraries and dependencies</li>
<li>Help reduce technical debt and improve overall application security maturity through contributions to decision making process on vulnerability remediation and clarify options</li>
<li>reduce technical debt and improve overall application security maturity</li>
<li>Integrate security tooling into CI/CD pipelines (DevSecOps)</li>
<li>Support development teams with secure coding practices</li>
<li>Participate in threat modeling and security design reviews</li>
</ul>
<p>You will focus on application security – however you will need to closely cooperate with your counterpart security engineers in charge of patch and vulnerability treatment at OS level.</p>
<h3>What You'll Work With</h3>
<ul>
<li>Modern CI/CD pipelines (GitLab, DevOps Kubernetes/Docker)</li>
<li>SAST / DAST / SCA tools (e.g. Qualys, Pentest reports, etc.)</li>
<li>Enterprise application stacks (Java, JavaScript/Node.js, TypeScript, Angular or similar et possible .NET, Python)</li>
<li>Local DC environment</li>
<li>OWASP Top 10 and secure coding frameworks</li>
</ul>
<h3>You need to have:</h3>
<ul>
<li>Strong software engineering background (you can read and modify production code)</li>
<li>Experience in application security or secure software development</li>
<li>Solid understanding of OWASP Top 10 and common application vulnerabilities</li>
<li>Hands‑on experience with vulnerability remediation at code land configuration level</li>
<li>Familiarity with CI/CD pipelines and DevSecOps practices</li>
<li>Ability to analyze scanner findings and distinguish real issues from false positives</li>
<li>Comfortable working with developers and security teams in a HA environment</li>
</ul>
<h3>Nice to have</h3>
<ul>
<li>Experience with threat modeling</li>
<li>Knowledge of cloud security</li>
<li>Exposure to vulnerability management processes
<h3>Working Schedule</h3>
<p>We are offering full‑time positions working on‑premise. Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.</p>
<h3>Your profile</h3>
<p>Experience as: Senior IT Security Specialist</p>
<h3>Skills</h3>
<ul>
<li>Angular</li>
<li>DevOps</li>
<li>Docker</li>
<li>GIT</li>
<li>Java</li>
<li>Kubernetes</li>
<li>Middleware</li>
<li>Spring Boot</li>
<li>Systems Development Lifecycle</li>
</ul>
<h3>Languages</h3>
<ul>
<li>English</li>
<li>French</li>
</ul>
<h3>Offer</h3>
<p>You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra education/certification. You can count on an attractive salary, supplemented with e
