[OWASP-Switzerland] Hays - Security Job Opportunity

Olivier Ouhioun olivier.ouhioun at hays.ch
Tue Jul 10 13:33:59 UTC 2012

Dear Owasp Member,

I am an IT recruitment consultant working for Hays in Geneva & I wanted to share with you a new open position that just arises at one of my best client.
This industrial international company based in Lausanne is looking for a Software Security Expert.
If you could be interested in, feel free to contact me back
Also, I would kindly ask you to send me your updated cv and as soon as I will receive it, I will call you to discuss this further

The Software Security Expert will help the organization define, adopt and implement key software security practices throughout the development lifecycle of the solution.
S/he will drive and support the implementation of these practices and will provide software security expertise in a variety of areas within the development lifecycle.
S/he will also help the organization raise security-related skills and awareness among staff.

Main responsibilities and activities:
Work with engineering management and teams to define, implement, support and measure software security best practices within the organization. Areas of activity include:
· Strategy & Metrics / Policy & Compliance / Training, Awareness & Guidance / Attack Models & Threat Assessment / Security Requirements / Secure Architecture / Security Standards / Architecture & Design Analysis / Code Review / Security Testing / Penetration Testing / Vulnerability Management / Environment Hardening and Operational Enablement.
2. Work together with software engineering and operations teams to define and manage the scope of security, which will include, at a minimum, software code, web applications, databases, network elements, hardware, application servers, web servers, routers, firewalls & proxies and any other components that make up the solution.
3. Work with various engineering teams to define the security policies, standards and guidelines that will be adopted and adhered to within the solution software development lifecycle.
4. Provide support and assistance to software engineering teams and project teams to implement the adopted security policies, standards and guidelines.
5. Perform security risk analysis (including attack modeling) to better understand the security posture of the solution.
6. Provide advice concerning security requirements and compliance that is required by customers and projects.
7. Perform design analysis to identify weaknesses or risk areas. Provide advice on system architecture & design to increase the overall level of security. Help to identify, evaluate and propose state of the art security technologies which can be used by or be incorporated into our security solutions.
8. Perform code review and static code analysis to uncover security vulnerabilities; follow their resolution by the project teams.
9. Test the management, operational, and technical security controls and identify vulnerabilities using established industry standards and practices (e.g. ISO security standards, NIST, etc)
10. Perform technical vulnerability assessments, network/hosts scans, and penetration tests in order to test the effectiveness of security controls of software, information systems, infrastructure, networks, hosts, practices, and operations
11. Work with operations team to assure they can deliver the solution with optimal security, by making sure they are provided with the necessary tools and documentation and that the operational constraints and specificities are taken into account while developing the solution.
12. Take part in vulnerability management, including assuring that all off-the-shelve software and libraries (e.g. Oracle, JBoss, Spring) are used within security compliance (e.g. ensuring critical security upgrades are provided to and managed by operations team)
13. Define a list of network and software security tools (e.g. automated sourced code scanner, network sniffers, network simulators, etc) that will be adopted and used for security assessment, validation and testing. Assist in the implementation of these tools and training of resources to operate these tools.

Desired Skills & Experience
· Preferably a Master degree in a technical field, or alternatively, a Bachelor's degree with extensive and relevant experience
· Extensive experience in information system security and software security practices, particularly working experience in a industry that adopts and uses comprehensive security requirements (e.g. banking industry, defence, etc)
· Extensive experience in software development, especially using Java
· Experience conducting software security audits would be a plus
· Desirable that the experience is gained in a medium size company (e.g. at least 50 software engineers and programmers)
· Possess some background on software development in a multi-disciplinary (Electronics, Mechanics) and real-time environment
· 10 or more years of industry experience; at least 5 years or more as an information or software security engineer
· Ability to work on, navigate and lead programs and initiatives within a matrix organization
· Ability to work in multi-national, distributed teams, and where partition of tasks may spread across several geographical entities
Very helpful if from a service and solutions industry, and where system engineering is required

Computer skills:
· The candidate is expected to have good practitioner knowledge of the J2EE platform including novelties from Java 5 such as Generics.
· The candidate is expected to have strong practitioner knowledge of software security assurance best practices, such as OpenSAMM and/or BSIMM.
· Practitioner knowledge of any of the following ISO27k security standards would be a plus.

Personal qualities required / abilities:
· Strong sense of fulfilling timelines, deliverables, quality of product and service.
· Strong analytical skills; very organized in thought and methodology.
· Good communication skills, both oral and written.
· Good political finesse in facing very demanding customers. Diplomatic when necessary.
· Can handle the responsibility and stress associated with large projects.
· Willing to travel
· Fluent in English

At a glance :
Position : Software Security Expert
Location: Lausanne, Switzerland
Contract type: Full time, permanent position
Salary: Following skills and experience + benefits / advantages / bonus (around 125 000 chf approximately for the fixe part)
Start date: Asap or to be discussed.

Many thanks for your answer,
Best regards

Olivier Ouhioun
Senior Consultant Permanent

HAYS Recruiting experts worldwide

Hays (Suisse) S.A.
Rue Kléberg 6
1201 Genève

T: + 41 22 901 62 12
F: + 41 22 901 62 99
E: olivier.ouhioun at hays.ch


Hays (Switzerland) Ltd
Directors: Dirk Hahn, Marc Lutz
Supervisory Board: Klaus Breitschopf
Registered Office: Zürich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-switzerland/attachments/20120710/2223bc68/attachment.html>

More information about the Owasp-Switzerland mailing list