Application Security Expert
- Employer
- AXA Group
- Location
- Bruxelles, Belgium
- Salary
- Competitive
- Closing date
- 7 Sep 2024
View moreView less
- Sector
- Engineering, IT, Security
- Job Role
- Application Security
- Job Type
- Permanent
You need to sign in or create an account to save a job.
Mission:
• As a member of the 'Information Security' Team part of the 'AXA Belgium Security Office' department lead by the AXA CSO, your mission is to promote and ensure that AXA Belgium applications and platforms are adequately secured. You will work in collaboration mainly with security colleagues (with some having also Application Security as main mission), security and solution architects, IT product team and business teams.
Main tasks:
The key tasks of the "Application Security Expert" are as follows:
Security Oversight:
Conduct application and platforms technical design reviews.
Supervision of the source code review (static and dynamic/penetration testing) including the remediation actions.
Assess the security maturity of the Software Development Life Cycle (SDLC) within the organization.
Governance:
Awareness:
Inventory:
IMPORTANT:
- The execution of the activities like penetration testing, secure coding,... are performed by colleagues.
- Identity & Access Management is out of scope for the mission.
- AXA Belgium relies a lot on security solutions and processes defined at group level for all AXA entities.
Study/Experience/Knowledge
• Bachelor or Master in Computer Science / Information Systems / Information Security or other related field.
• Good Knowledge/experience (at least 3 years) with application security management (penetration testing, SAST, DAST , code review, vulnerability management,...).
• Good Knowledge/experience (at least 3 years) with industry application security framework and best practices such as OWASP Top 10 and ASVS, SANS, NIST,...
• Good knowledge of Secure Software Development Life Cycle (SDLC) principles.
• Experience in application secure development with different development languages/frameworks (.NET, Java, Python, Angular, etc.) is a strong added value.
• Practical experience with reviewing infrastructure as code for cloud environments (AWS CloudFormation, Azure Resource Manager, Docker containers) is a strong added value.
• Experience with ISO27K is a plus.
• An advanced knowledge and experience of PowerBI dashboard development is a plus.
Soft skills
• Strong teamwork despite able to work autonomously.
• Problem solver and have excellent analytical skills.
• Good communication skills towards IT/Technical teams and towards management.
• You communicate (written and verbal) fluently English.
• Knowledge of French and/or Flemish is a plus.
At AXA, we want to be more than the world leader in insurance and asset management.
Our purpose is 'Act for human progress by protecting what matters'. As an insurance company, we want to watch over every individual, society and the world while always keeping the future in mind.
As an insurer, AXA Belgium is also a key player in the field of prevention. Protection is in our DNA, as evidenced every day by the extensive investments in research and risk awareness.
At AXA, we reject unfair or unlawful discrimination in any form. More info in our Diversity & Inclusion Policy.
In Belgium, AXA is market leader in non-life insurance. We have more than 3,000 enthusiastic employees whose aim is to move from payer to partner for our 3 million clients.
Our employees are our greatest asset. Therefore, a pleasant and modern working atmosphere is crucial to us. Together we seek to foster a diverse and inclusive culture where thoughts and ideas are valued, respected and appreciated.
With every step we take, we keep our values in mind: Customer First, Integrity, Courage and One AXA.
• As a member of the 'Information Security' Team part of the 'AXA Belgium Security Office' department lead by the AXA CSO, your mission is to promote and ensure that AXA Belgium applications and platforms are adequately secured. You will work in collaboration mainly with security colleagues (with some having also Application Security as main mission), security and solution architects, IT product team and business teams.
Main tasks:
The key tasks of the "Application Security Expert" are as follows:
Security Oversight:
- Work with IT product and architecture teams to ensure platforms/applications including life cycle meet security best practices including amongst others:
Conduct application and platforms technical design reviews.
Supervision of the source code review (static and dynamic/penetration testing) including the remediation actions.
Assess the security maturity of the Software Development Life Cycle (SDLC) within the organization.
- Perform the supervision of cloud (Azure/AWS) security posture to ensure amongst others compliancy with security best practices and with AXA security instructions.
- Provide support to '3rd party security' team to ensure the compliancy of 3rd party solutions with AXA Belgium/AXA group security requirements.
- Provide when required security 'Go/No Go' with a risk-based approach.
- Perform the supervision of network and encryption controls protecting applications.
- Develop/Maintain application/platform security overview with their associated key risk indicators.
- Follow-up of the vulnerabilities and remediation plans.
- Gains and helps Security Office dpt, business lines and their corresponding IT teams to have an up to date application security vulnerabilities/risk overview including potential path forwards including with clear management-level presentations
Governance:
- Active participation to the definition, coordination, and implementation of AXA Belgium application security yearly roadmap with risk based and compliance approaches.
- Understand, translate if required or ensure the implementation and follow-up of AXA Group security requirements to protect AXA Belgium applicative landscape.
- Participate to the security intake (new projects,..) ensuring AXA Security requirements are defined, followed and implemented.
- Accountable for overseeing, measuring, and driving efforts to systematically increase, maturity and effectiveness of application security processes and ISO 27K controls for AXA Belgium.
Awareness:
- Promote security culture and define/participate to the education of AXA IT departments (e.g. engineering, operations) on security procedures and security risks.
- Development of security guidelines for technologies including (.NET, Java, Python, Angular etc.)
Inventory:
- Active participation to the alignment of the applicative, cloud and security inventories.
IMPORTANT:
- The execution of the activities like penetration testing, secure coding,... are performed by colleagues.
- Identity & Access Management is out of scope for the mission.
- AXA Belgium relies a lot on security solutions and processes defined at group level for all AXA entities.
Study/Experience/Knowledge
• Bachelor or Master in Computer Science / Information Systems / Information Security or other related field.
• Good Knowledge/experience (at least 3 years) with application security management (penetration testing, SAST, DAST , code review, vulnerability management,...).
• Good Knowledge/experience (at least 3 years) with industry application security framework and best practices such as OWASP Top 10 and ASVS, SANS, NIST,...
• Good knowledge of Secure Software Development Life Cycle (SDLC) principles.
• Experience in application secure development with different development languages/frameworks (.NET, Java, Python, Angular, etc.) is a strong added value.
• Practical experience with reviewing infrastructure as code for cloud environments (AWS CloudFormation, Azure Resource Manager, Docker containers) is a strong added value.
• Experience with ISO27K is a plus.
• An advanced knowledge and experience of PowerBI dashboard development is a plus.
Soft skills
• Strong teamwork despite able to work autonomously.
• Problem solver and have excellent analytical skills.
• Good communication skills towards IT/Technical teams and towards management.
• You communicate (written and verbal) fluently English.
• Knowledge of French and/or Flemish is a plus.
At AXA, we want to be more than the world leader in insurance and asset management.
Our purpose is 'Act for human progress by protecting what matters'. As an insurance company, we want to watch over every individual, society and the world while always keeping the future in mind.
As an insurer, AXA Belgium is also a key player in the field of prevention. Protection is in our DNA, as evidenced every day by the extensive investments in research and risk awareness.
At AXA, we reject unfair or unlawful discrimination in any form. More info in our Diversity & Inclusion Policy.
In Belgium, AXA is market leader in non-life insurance. We have more than 3,000 enthusiastic employees whose aim is to move from payer to partner for our 3 million clients.
Our employees are our greatest asset. Therefore, a pleasant and modern working atmosphere is crucial to us. Together we seek to foster a diverse and inclusive culture where thoughts and ideas are valued, respected and appreciated.
With every step we take, we keep our values in mind: Customer First, Integrity, Courage and One AXA.
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert