Security Engineer Via Cyberus ad interim

Security Engineer

Via Cyberus ad interim / freelance

Via Cyberus

For one of our customers in Amsterdam, an airport, we are looking for a Security Engineer (freelance/ad interim) Via Cyberus Location: Amsterdam / RemoteType: Freelance/Ad interimRate: 100 in consultationStart: ZSMEEnd date: 30-06-2022Duration: 7 months, with a chance of extension Hours: 32 hours per week If you are interested, please contact us info@cyberus.nl or via the form Assignment description The Enabling Technology department Information technology (IT) is becoming increasingly important, driven by the ambition to become a leading digital airport that ensures a seamless passenger journey and smooth operational processes. The organization will have to innovate quickly to achieve and maintain that goal. The Enabling Technology (ET) department is one of the innovative IT departments. The department realizes building blocks with the aim of enabling product teams to develop products faster and maintain them cost-effectively. The department does this with various platform teams that organize themselves. The concept of 'platforms' is not new. In the digital economy, successful enterprises have organized their IT around a series of modular platforms managed 'as a service' by responsible platform teams. The increasing role of Platforms is a logical part of the IT strategy: 'IT made easy'. It is also not new to the organization; there are already successful Platforms (e.g. API platform, CI/CD platform, etc.) in use. The current Platforms within Enabling Technology are further developed, the organization and governance are strengthened and new Platforms are added. Information security is organized within the organization in accordance with the usual “three lines of defense” model, in which a distinction is made between: 1st line: responsible for the management of information security risks - The ET teams are responsible for taking adequate measures, both technically and process-wise for the building blocks that are implemented and managed by them. And therefore an integral part of the security engineer role (DEVSECOPS). 2nd line: controlling responsibility - In accordance with the risk management process of the Cyber Security Center (SCSC), the SCSC carries out a Business Impact Analysis (BIA) on a system or a risk analysis in the case of an infrastructure together with the ET department. Taking into account the BIA or the analysis outcome of a risk analysis, the context and the policies and standards applicable to each IT product/system, the SCSC draws up the cyber security requirements. SCSC then carries out compliance checks on the implemented measures. 3rd line: independent control - Independent internal or external audits of the policy and its implementation. Role description: As a security engineer you play a crucial role in the Enabling Technology journey to migrate to the DevSecOps process. Through your contribution, the ET teams will better understand the security aspects of the platforms and components they develop and thus contribute to security. You brainstorm, advise and work together with the ET teams to ensure information security (technology, people & processes) at the start of our platforms and components (security by design). It is always important to compare business continuity and impact against possible risks. You work a lot with the SCSC to maintain the cyber security of the ET platform. If information security is at stake, you will have to address ET teams and inform SCSC. The guidelines regarding information security are drawn up by SCSC

Type of person: Good energy, proactive, taking initiative and positive attitude; The will to be able to get up to speed quickly; Experience with enterprise organizations and complex transitions within enterprise environments; Hands-on mentality; Strong communication skills. Daily activities: Translating tactical security policy into operational detailed (product specific) security requirements; Providing evidence to SCSC regarding compliance with security requirements; Reviewing design documents and implementation of security measures, evaluating their effectiveness and making recommendations for improvements in collaboration with SCSC; Facilitating and supporting security and penetration testing by ET teams and validating security-related alerts, incident response and countermeasures. In short: Checking and periodically monitoring the operational cyber security alerts; Developing operational cyber security practices / processes / work instructions and coordinating these with the SCSC; Assessing reports from internal and external audit bodies for relevance to cybersecurity; Reporting on security policy deviations SCSC and ET management; Setting up SDLC processes within the ET department and implementing them, for example security incident process, access management process, etc.; Making the ET teams “cyber security” aware and knowledge transfer through knowledge sessions, training, etc; Collaborate with ET teams on the design and development of the platforms and test the ICT platform designs against architectural principles for cyber security, advises and helps with improvements; Assess internal developments within ICT with possible consequences for cyber security in the ICT; Supporting and optimizing “secure continuous delivery” within the DevOps pipeline through tooling and automated testing. You have at least 3 years of work experience in, among other things, the security aspects of DevSecOps automation and you have technical security knowledge and hands-on experience in the areas of: DEVSECOPS; Security scanning tool (e.g. qualys, aquasec); Code quality tools (e.g. sonarqube);IAM;Container platforms (Red Hat OpenShift or other enterprise Kubernetes variant);Public CSP (Azure, AWS or GCP), preferably Azure;CI/CD pipeline (e.g. Azure DEVOPS);Infrastructure (network techniques, operating systems, middleware, etc.) We see it as an advantage if you have experience with more of the security aspects of the following technologies and technical products: Application servers such as WebSphere, WebLogic or JBoss EAPJakarta (Java) EE knowledgeMessaging (e.g. kafka, AMQ)API gateways (e.g. Redhat 3scale)Databases (e.g. Marklogic, Elastic, Oracle, etc)Integration technology (ESB, MFT, RPA, CEP, Business rules) Additional information: In connection with the measures surrounding Corona, we emphasize that recruitment for an organization in principle does not take place. In exceptional cases, we will be recruiting for replacements in critical positions; This vacancy may not be shared on Social Media; Required language: Both Dutch and English (B2 level in speech and writing); CV & Motivation focused on the assignment, preferably in Dutch / Submit in English; CV size must be a maximum of 1500 KB;