- Company Name
- Wolters Kluwer
- Job Title
- Information Security Analyst
- Job Description
-
As an Application Security Engineer working in a dynamic international context, your role extends to collaborating with developers, product owners, engineering and IT staff across various countries, including European countries, the USA, and India. You will carry out and manage security controls withing the secure software development lifecycle of application, ensuring security practices are implemented globally, and providing transparent insights into measurable outcomes. This role is also pivotal in supporting diverse teams through the vulnerability management process, aligning security goals with international regulatory standards and fostering a culture of security awareness across borders.
Roles & Responsibilities
Support the evolution and implementation of the security policies, standards and guidelines, and provide further documented clarifications the corresponding rules, according to the applicable standards, industry good practices or reference documents (OWASP and NIST guidelines, SANS, ISO, CERT, ENISA, ANSSI, BSI…).
Improve the SSDLC practices across Wolters Kluwer’s software, especially to prevent the introduction of vulnerabilities or weaknesses
Roll out reproductible analysis plans or automated tests
Carry out regular operational security checks and reviews
Perform the initial triage and review of application security audits and reports
Support and monitor the secure deployment and hardening of applications and associated systems
Monitor the vulnerabilities in products, systems, and networks
Define repeatable means to detect security vulnerabilities, document mitigations, and assist the definition and implementation of appropriate solutions with required stakeholders
Support the security training and awareness actions
Drive the Threat Modeling practices in cooperation with application teams.
Knowledge/ Skills/ Abilities / Education
Master of Engineering/Computer science or cyber securit
Functional Skills
Application Security standards and industry good practices (OWASP Top10, ASVS, …)
ISO and NIST security standards
Industry good practices, evaluation protocols (MITRE, CIS Benchmarks, CSA Frameworks, etc.)
Software development lifecycles and DevSecOps processes
Threat models, associated reference systems and methodologies
International regulations relating to PII processing and data handling (GDPR, HIPAA, etc.)
Vulnerability analysis and triage.
Technical knowledge:
Azure or AWS cloud services
Operating systems: Windows Server, Linux or BSD
Containers, Docker/ Kubernetes
Network protocols, Network Firewalls and Web Application Firewalls
.NET framework, HTML, JavaScript, React and/or NodeJS
Database modeling, SQL, T-SQL, PL/SQL
Cryptography, key management and cryptographic protocols for both data in transit and at rest
Authentication mechanisms and protocols
Application Security Testing tools such as:
Dynamic Analysis: ZED, BURP, AppScan, WebInspect ...
Static analysis: Veracode, Coverity, SonarQube , Checkmarx, Mend, Blackduck…
Threat modeling tools
Version control systems, code and artifact repositories
Standard MS Office skills required in general with advanced Excel or PowerBI skills recommended
Languages
Fluent English, required to collaborate in our international work context.
Soft Skills
Motivated by teamwork and collaboration and able to adjust to different levels of the organization
Rigorous and accountable, outcome-oriented and mindful of added value
Strong analytical mind, and an ability to summarize efficiently
Good redacting and verbal communication skills.
Comfortable in a global and evolving work environment.
