Secrurity Testing Specialist

We are seeking a highly motivated and skilled Security Testing Specialist to join our dynamic team.

• Analysis of documentation (both from the project and generated internally) and code and other
  information, also but not only with tools, preparation and execution of penetration testing, and
  analysis and assessment of the results;
• Participate in meetings as required, at the start of, end of, and eventually during the security testing
  process;
• Depending on the processes and procedures of the Contracting Authority, coordinate inside the
  team and with project and application teams, organising technical meetings to elicit information,
  escalating to the responsible team leader and/or the statutory staff responsible if necessary;
• Assess the findings, also during the process, alerting immediately the responsible team leader
  and/or the statutory staff directly responsible, when that may be necessary following the processes
  and procedures of the Contracting Authority;
• Prepare reports on the results of the technical security analysis and assessment, and communicate
  them to statutory staff responsible according to the processes and procedures foreseen by the
  Contracting Authority;
• Should the processes and procedures of the Contracting Authority foresee the possibility of other
  type of exercises with more reduce scope and/or as follow-up, do them and provide the necessary
  reporting;
• Report to the specifically assigned Team Leader and the statutory staff responsible on possible
  technical challenges, actual and future, for the work of the team, and contribute as and if needed
  to their analysis, and to proposals to address them;
• Provide as needed, required and possible, following its processes and procedures, relevant
  technical security input, also based on specific experience in the environment of the Contracting
• Authority, to activities like e.g. technical evolution and maintenance in operations of platform
  used for the security checks, DevSecOps

• You hold a Bachelors degree and have at least 3 years of relevant experience
• You can speak and write fluently in English and French
• Good knowledge of security and vulnerability management practices, preferably including
  relevant framework, best practices and standards (e.g. NIST SP800, ISO 27001, OWASP,
  hardening guidelines);
• Good general ICT knowledge, e.g. networking, operating system, firewalls, web applications
  servers, programming and code quality tools, virtualisation, runtimes (it is not required to have
  practical experience of all of these elements);
• Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus, Burp,
  Kali-Linux);
• Good knowledge of development practices and knowledge of secure coding;
• Understanding and at least basic knowledge of cloud services, and of the different types and
  configuration of “cloud” services and applications potentially involving or not “cloud”;
• Preferably understanding of good design principles for distributed architecture using services;
• Certification according to CEH, or equivalent certification.

At CTG, we believe in rewarding our employees and providing an appealing work environment. When you join our team you can expect:

• Competitive salary package, with or without a company car.
• Personalized training programs and development plans to nurture your skills.
• 5 additional vacation days
• Regular team-building events, learning lunches, and fun activities.
• Extra-legal benefits (daily allowances, PC plan,...)

Please note that a criminal record check will be required for this position.

Discover the exciting opportunities that await you at CTG, where your IT expertise meets a world of possibilities!