30+ days ago - req20305
Research & development
Other job categories
In a nutshell
Research & development
Other job categories
ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is heavily R&D driven company and as such our IP is most important to ensure we properly safeguard this.
All R&D is performed to deliver products to our customers (whether in physical or software only form). Changing threat and risk horizons require us to further improve on product security focusing on cyber security and information security resilience in respectively products and product intellectual property.
This role is an operational position responsible for assuring the business develops their products within the ASML cyber and information security risk appetite. To ensure compliance with product security risk management framework and cross-product security reference architecture, this role will help the product development teams.- The role will focus on providing (technical) advice, design support, assurance, guidance, and subject matter expertise. A cutting edge position in a sense that it is a mix of security risk management and (software) architecture related responsibilities;
- Execute product security control and risk assessments, and vulnerability scans to drive mitigation in product development processes, by proactively advising on suitable (technical) solutions;
- Advise project teams on (technical) software security solutions
- Execution and coordination in product security incident, risk and exception management processes;
- Register and maintain product security risks and exceptions in respective R&D registers;
- Contribute to development, maintenance, and improvement product security policy framework, policies, and standards; and organizational embedding of these in business/ product development processes;
- Responsible for development, maintenance, and improvement of benchmarks, guidelines, security processes, and assessment tooling; and organizational embedding of these in business/ product development processes;
- Contribute to development, maintenance and improvement of cross-product security reference architecture and design patterns in close cooperation with colleague security architects;
- Capable to design and support in the design of solution architecture -including technical and operational aspects- for product security services;
- Support business line programs, product architects, and engineers in solution architecture, design and implementation of security requirements in products and services;
- Participate in and contribute to security awareness, training, and education activities for specialized topics such as secure software development, product security services, and product security way of working;
- Contribute to the maturity of the product security technical competence.
Bachelor/ master degree or equivalent combination of education and experience.
- Minimum of 5 years of relevant experience in IT security, OT security and information security risk management;
- Proven strong IT and software architecture knowledge and background;
- Proven experience with risk management frameworks such as ISO 27001;
- Vendor agnostic expertise of IT/ software architecture;
- Knowledge of open source software;
- Experience in Linux environments;
- Proven up-to-date experience with vulnerability scanning and/ or penetration testing;
- Pre: proven experience in secure software development and secure programming;
- Pre: Experience with certificates and encryption techniques;
- Pre: Knowledge of virtualization and containerization technologies such as VMware, Kubernetes and Docker.
- Generic security certifications like CISSP, and CISM;
- Specialized security certifications like CEH, SABSA, GDSA, and GCIH.
- Skill to lead, influence, and negotiate without authority;
- A business enabling security attitude in opposite to a business disabling one;
- Strong analytical skills in combination with common sense;
- Ability to translate risks, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
- Pro-active and self-motivated attitude;
- Political aware and sensitive;
- Fluent English (written and verbal);
- Team player;
- Strong communication and presentation skills;
- Drive to retrieve the root cause of the problem.
Context of the position
The junior security architect is positioned within the Information Management, R&D Security Risk Management department which is part of the Development & Engineering business function. The product security officer will functionally report to the product security focus group lead and hierarchically to the R&D sector security risk manager.
This position requires access to U.S. controlled technology, as defined in the United States Export Administration Regulations. Qualified candidates must be legally authorized to access such U.S. controlled technology prior to beginning work.
ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department.
ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.
If you are interested in this vacancy please apply.