For one of our clients at the European Commission, we are looking for an Application Security Engineer / DevSecOps Specialist to join their team.
This position requires relocation to Belgium, if you are living outside.
Following tasks will be performed the future candidate:
Application Security Design :
•Supports the design of secure IT architectures and ensures compliance with Commission security policies and standards.
•Collaborates with IT development, operations, and architecture teams to embed security throughout the application lifecycle.
Security Requirements & Technical Actions
•Assists in defining and implementing security requirements within IT projects.
•Supports security control integration in development and infrastructure.
Documentation & Compliance
• Helps maintain security documentation for audits and compliance.
• Assists in drafting security assessments, architecture security blueprints, and configurations.
Application Security Implementation
• Promotes secure development practices and ensures their adoption.
• Works with DevSecOps teams to strengthen security in software development.
Risk Analysis & Security Policy Compliance
• Conducts risk assessments and proposes mitigation actions.
• Supports alignment with Commission risk management methodologies.
Vulnerability Testing & Remediation
• Coordinates vulnerability assessments and penetration testing follow-ups.
• Assists in remediation planning and tracking corrective actions.
Incident & Threat Categorization
• Supports incident classification and response prioritization.
• Collaborates with IT operations to ensure proper handling of security events.
Security Training & Awareness
• Delivers training sessions on security best practices.
• Helps create awareness programs for secure development and risk management.
Security Strategy & Implementation
• Assists in defining security plans, access management strategies, and risk mitigation
frameworks.
• Supports long-term cybersecurity initiatives within the IT ecosystem.
Profile :
Following skills and knowledge are required for the performance of the above listed tasks:
•Main European regulations affecting information security: in-depth understanding and experience with the General Data Protection Regulation (GDPR) and the proposed ePrivacy Regulation (EDPR), etc.
•Security Best practice:
o In-depth understanding of OWASP’s top security risks and ability to apply these practices in software development,
o Good knowledge of secure coding frameworks and guidelines,
o Good knowledge of security practices for cloud environments.
• ISO Standards and Risk Management: Comprehensive knowledge of ISO 27001 (Information Security Management), ISO 27002 (Code of Practice for Information Security Controls), and ISO 27005 (Information Security Risk Management).
•Emerging European Regulations:
o Awareness of developments in the AI Act and its potential implications for IT security and data protection
o Knowledge of the NIS2 Directive for network and information systems security in the EU.
• European Commission Standards and Procedures: Knowledge of the European Commission’s internal guidelines and their impact on IT security would be an advantage.
• Experience in coaching and training.
• Good communication skills with technical and non-technical audiences :
o Ability to give business and technical presentations
o Ability to write clear and structured documents
• Ability to engage, to understand the constraints/objectives and positively influence a wide range of stakeholders