Penetration Tester (IT Security Analyst)

Our Client is seeking an experienced Penetration Tester (IT Security Analyst) to work on a contract for 1 year in Brussels.

You will join the Security Assurance & Testing team who manage and coordinate:

• Testing of critical security controls
• Relationship with regulators,
• Cyber dashboard & Reporting
• Security governance structures (Group Security Committee, Service Dialogues…)
• Penetration testing
• Red team Exercises
• Entity-based stakeholders (CTOs, BISO.)

The main responsibilities are:

• Plan & coordinate penetration tests with external provider
• Analyze penetration test reports and produce digests/ synopsis
• Present & discuss the outcome of the Pen Test results to all relevant stakeholders
• Ensure the timely and effective remediation of security weaknesses and defects revealed in penetration testing activities
• Maintain an operational dashboard of applications/ infrastructure/ other assets requiring the testing, based upon schedules/ frequencies
• Define, produce and publish compliance reporting

Skills and experience required:

• You will be a team player who communicate in an open, respectful and constructive way with her/ his customers and peers, both verbally and in writing. You will take ownership and ensure that organizational quality standards are met.
• Very good communicator in English, both verbal and written and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT experts.
• Proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design, architecture and project management is a strong advantage.
• Familiarity with industry best practices in key domains: penetration testing, application/ infra/ network security, identity and access management and secure development on all platforms.
• Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
• Application security knowledge with a good understanding of software development and OWASP guidelines
• Sufficient background knowledge with regard to network principles and protocols used in WAN and LAN’s, DMZ, Internet security and network segregation
• Experience with a subset of Unix, Windows System, tandem, mainframe security and assurance

Your Profile:
Preferred professional certifications are CISSP, GIAC, CISM, CISA, ISO 27001 LA/LI.

This job ad was posted by Salt. To find out more about Salt’s Privacy Policy and how your application is processed, please visit our website https://welovesalt.com/privacy-policy/.