Information Security Analyst

As an Application Security Engineer working in a dynamic international context, your role extends to collaborating with developers, product owners, engineering and IT staff across various countries, including European countries, the USA, and India. You will carry out and manage security controls withing the secure software development lifecycle of application, ensuring security practices are implemented globally, and providing transparent insights into measurable outcomes. This role is also pivotal in supporting diverse teams through the vulnerability management process, aligning security goals with international regulatory standards and fostering a culture of security awareness across borders.

ROLES & RESPONSIBILITIES

• Support the evolution and implementation of the security policies, standards and guidelines, and provide further documented clarifications the corresponding rules, according to the applicable standards, industry good practices or reference documents (OWASP and NIST guidelines, SANS, ISO, CERT, ENISA, ANSSI, BSI…).

• Improve the SSDLC practices across Wolters Kluwer’s software, especially to prevent the introduction of vulnerabilities or weaknesses

• Roll out reproductible analysis plans or automated tests

• Carry out regular operational security checks and reviews

• Perform the initial triage and review of application security audits and reports

• Support and monitor the secure deployment and hardening of applications and associated systems

• Monitor the vulnerabilities in products, systems, and networks

• Define repeatable means to detect security vulnerabilities, document mitigations, and assist the definition and implementation of appropriate solutions with required stakeholders

• Support the security training and awareness actions

• Drive the Threat Modeling practices in cooperation with application teams.

Knowledge/ Skills/ Abilities / Education

• Master of Engineering/Computer science or cyber securit

Functional skills

• Application Security standards and industry good practices (OWASP Top10, ASVS, …)

• ISO and NIST security standards

• Industry good practices, evaluation protocols (MITRE, CIS Benchmarks, CSA Frameworks, etc.)

• Software development lifecycles and DevSecOps processes

• Threat models, associated reference systems and methodologies

• International regulations relating to PII processing and data handling (GDPR, HIPAA, etc.)

• Vulnerability analysis and triage.

Technical knowledge:

• Azure or AWS cloud services

• Operating systems: Windows Server, Linux or BSD

• Containers, Docker/ Kubernetes

• Network protocols, Network Firewalls and Web Application Firewalls

• .NET framework, HTML, JavaScript, React and/or NodeJS

• Database modeling, SQL, T-SQL, PL/SQL

• Cryptography, key management and cryptographic protocols for both data in transit and at rest

• Authentication mechanisms and protocols

• Application Security Testing tools such as:

  • Dynamic Analysis: ZED, BURP, AppScan, WebInspect ...

  • Static analysis: Veracode, Coverity, SonarQube , Checkmarx, Mend, Blackduck…

• Threat modeling tools

• Version control systems, code and artifact repositories

• Standard MS Office skills required in general with advanced Excel or PowerBI skills recommended

Languages

Fluent English, required to collaborate in our international work context.

Soft skills

• Motivated by teamwork and collaboration and able to adjust to different levels of the organization

• Rigorous and accountable, outcome-oriented and mindful of added value

• Strong analytical mind, and an ability to summarize efficiently

• Good redacting and verbal communication skills.

• Comfortable in a global and evolving work environment.